VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu (malware symsrv.dll)

https://forum.viry.cz:443/viewtopic.php?t=159371

Stránka 1 z 1

Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 27 lis 2023 19:45
od FallenCZ
Ahoj, posledních pár dní mi začalo vyskakovat na pc upozornění win defender i mbam ohledně umístění souboru do karantény a je potřeba restart, po restartu to stejné, soubor v karanténě není.

Protože jsou logy moc dlouhé, přikládám je v přiloze.

Předem díky, Martin.

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 27 lis 2023 19:49
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 27 lis 2023 20:03
od FallenCZ
Přikládám log:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-27-2023
# Duration: 00:00:00
# OS: Windows 11 (Build 22635.2771)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[C02].txt - [1549 octets] - [27/11/2023 19:58:41]
AdwCleaner[S00].txt - [1481 octets] - [27/11/2023 20:00:11]
AdwCleaner[S01].txt - [1542 octets] - [27/11/2023 20:01:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 27 lis 2023 21:03
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001\...\Run: [Opera GX Stable] => C:\Users\sizeg\AppData\Local\Programs\Opera GX\launcher.exe (No File)
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\sizeg\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (No File)
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001\...\Policies\Explorer: []
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2023-11-26] (Microsoft Corporation) [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {89973DFD-1046-45C5-9AB9-F88FBDE4D5EF} - System32\Tasks\Opera GX scheduled Autoupdate 1695222260 => C:\Users\sizeg\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {B260F296-654C-4B29-933F-C78DEFD4177E} - System32\Tasks\VivaldiUpdateCheck-69c8ce12faf44ac1 => C:\Users\sizeg\AppData\Local\Vivaldi\Application\update_notifier.exe --from-scheduler (No File)
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD LT 2024\acadlt.exe => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{38A1D9A1-B9FB-4B8B-B89B-0688B10C31BF}\localserver32 -> "C:\Users\sizeg\AppData\Local\Vivaldi\Application\6.2.3105.58\notification_helper.exe" => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{6A58E66D-AE86-4BEF-9BF5-A375DF185CEC}\localserver32 -> C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pcad.exe => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD LT 2024\cs-CZ\acadltficn.dll => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File
AlternateDataStreams: C:\ProgramData\d6f0e771-e0c6-4f44-a374-5951eff3c73eAMDAutoUpdate.log:7275D4C3F9 [10]
AlternateDataStreams: C:\ProgramData\d6f0e771-e0c6-4f44-a374-5951eff3c73eAMDAutoUpdate.log:8EC0397E57 [10]
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk:AC763E6E62 [10]
AlternateDataStreams: C:\Users\sizeg\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\sizeg\Downloads\ProjectD2Installer(1).exe:MBAM.Zone.Identifier [176]
HKLM\...\.scr: => <==== ATTENTION
FirewallRules: [UDP Query User{981E393F-A6BB-40FF-90A6-8836345E6560}C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe] => (Allow) C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe => No File
FirewallRules: [TCP Query User{C055417A-9F70-4BBD-9559-41C7A4AEDDC8}C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe] => (Allow) C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe => No File
FirewallRules: [{9315A59B-F01F-467E-AF12-1E67EF7DEE01}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{3135C57C-6F10-4033-9812-8AE965820395}C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Block) C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{BB96C054-0F66-4034-8BC0-6F56C429C332}C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Block) C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [TCP Query User{5B88CD8B-2AD6-4A4B-B071-72884AE7BD3B}C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Block) C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{A6B0E256-EAC1-4477-B63C-9318C53C908F}C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Block) C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [TCP Query User{8A292EDA-C7C1-47AF-884E-106313535CAB}C:\picovinka\515645564-server.exe] => (Allow) C:\picovinka\515645564-server.exe => No File
FirewallRules: [UDP Query User{2C7A53B9-82D0-4232-90FA-06C31F00E40F}C:\picovinka\515645564-server.exe] => (Allow) C:\picovinka\515645564-server.exe => No File
FirewallRules: [TCP Query User{FE0EFD86-2C89-46D7-ABD6-3EC694DF08B8}C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{55461095-7CAE-4133-A7F1-6E14690B44D6}C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [TCP Query User{374DE3AD-3B06-458B-85E8-65FFB8A2BD36}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe => No File
FirewallRules: [UDP Query User{D7056975-E881-4D50-A717-60361121E22A}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe => No File
FirewallRules: [TCP Query User{58F30122-D91C-4972-8847-B58D3CB08D8F}D:\diablo iv - beta\diablo iv.exe] => (Allow) D:\diablo iv - beta\diablo iv.exe => No File
FirewallRules: [UDP Query User{2BE27B0C-B47D-41AA-877E-15D3B05F2F59}D:\diablo iv - beta\diablo iv.exe] => (Allow) D:\diablo iv - beta\diablo iv.exe => No File
FirewallRules: [TCP Query User{8DE89E6A-D428-4B53-8768-F4D085E970B9}D:\d2-mapserver.exe] => (Allow) D:\d2-mapserver.exe => No File
FirewallRules: [UDP Query User{D6487895-B1D5-48BB-B4A2-F8E62C4865CB}D:\d2-mapserver.exe] => (Allow) D:\d2-mapserver.exe => No File
FirewallRules: [TCP Query User{4BC925A6-D9F2-4C8A-AC90-B2C3EA2558ED}C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{91133B78-7D8D-4E5F-8F41-CC43C60DDC74}C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [{4873040C-ED9A-4A97-8D93-A713F2C95D03}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\assistant.exe => No File
FirewallRules: [{A478355F-7BC1-4649-B05A-20FCA8DBC740}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\assistant.exe => No File
FirewallRules: [{93AB5BE3-1CAA-46F2-A054-1C28CEC321E6}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\center.exe => No File
FirewallRules: [{C16EF756-44A5-452B-8B6A-EA4023D8F09C}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\center.exe => No File
FirewallRules: [{890F32A4-DB60-4C7D-9AB8-BDF5E2608752}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Convert.exe => No File
FirewallRules: [{D2418BC7-92D7-4847-96AF-136AA4963AFC}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Convert.exe => No File
FirewallRules: [{A3EC0342-4667-4886-BF5D-B5CD57C65DF0}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\DisplayMessage.exe => No File
FirewallRules: [{2DA169E6-8832-4BBC-ACD9-7DF263DE8447}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\DisplayMessage.exe => No File
FirewallRules: [{4979B003-7A9A-4BA4-A347-5C16EED1A0FA}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\downloader_advancedrender_progeCAD_2019.exe => No File
FirewallRules: [{887E89D4-A937-4B9F-B9C4-384207096C5A}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\downloader_advancedrender_progeCAD_2019.exe => No File
FirewallRules: [{BD03533A-8C9A-4E2D-9ED4-2334585C45A9}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Dumper.exe => No File
FirewallRules: [{24DD7A3D-2C28-4A5B-8C28-E083CAFE0F4B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Dumper.exe => No File
FirewallRules: [{10819577-26A6-4CC3-9FD6-27BE3B4AD5FF}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\iCADLib.exe => No File
FirewallRules: [{9617F98B-63DB-4EC6-B86C-A58839224CBB}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\iCADLib.exe => No File
FirewallRules: [{F9CB0C7D-7D3C-4DF9-B7EB-062C7D7F8B18}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\igesstepconverter.exe => No File
FirewallRules: [{59521C39-272B-4F4F-83CC-9C8FAA30031B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\igesstepconverter.exe => No File
FirewallRules: [{3A676DF7-6711-485B-A98A-88C613B52084}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\LispDefender.exe => No File
FirewallRules: [{95893ED8-047C-4CEA-A25F-B275E233C729}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\LispDefender.exe => No File
FirewallRules: [{7CC706FC-B83B-4422-A464-74449E920F1D}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NetworkRenderMonitor.exe => No File
FirewallRules: [{54596C62-ABE0-4DC3-BDDB-0FCED9A63E2B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NetworkRenderMonitor.exe => No File
FirewallRules: [{9523CF6B-EF1F-4117-BD32-AC86AD7D8FA7}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NLMTakeAwayManager.exe => No File
FirewallRules: [{9569879C-B74A-4701-9A6B-0F915A07772E}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NLMTakeAwayManager.exe => No File
FirewallRules: [{52882249-46E7-4C86-B9A0-B2EBE9C7EBD9}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NVIDIACrashHandler.exe => No File
FirewallRules: [{20CE6D11-C832-4EF9-AB36-C0F71CAE5E73}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NVIDIACrashHandler.exe => No File
FirewallRules: [{8485953A-E9D0-44AB-BF53-3E162481937D}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\patch.exe => No File
FirewallRules: [{DB86D9C8-D171-4754-A457-6ED0705653ED}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\patch.exe => No File
FirewallRules: [{E2A3A22C-31A6-4001-AB43-ECB0034BF922}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pcad.exe => No File
FirewallRules: [{CBD05BA5-5646-46ED-9254-F9C395B449F0}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pcad.exe => No File
FirewallRules: [{00FFEA6D-9662-4764-96B0-454BB08EA314}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pdftk.exe => No File
FirewallRules: [{BF9015F8-B2AA-464A-905C-2523619B92BC}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pdftk.exe => No File
FirewallRules: [{B437F60B-6B38-44A8-995C-97E38CBCFC7F}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\PrinterSetup.exe => No File
FirewallRules: [{31EF53E9-89A3-491F-B065-5CBB3D14889D}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\PrinterSetup.exe => No File
FirewallRules: [{2EDF813B-7886-428E-9592-44246927210C}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\ProfilesEditor.exe => No File
FirewallRules: [{E954EC01-85C8-4A2A-AFBE-571DDC26E14E}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\ProfilesEditor.exe => No File
FirewallRules: [{D6CD1BBE-F19A-476B-BE7B-F96A9DBA01D6}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\progeCAD_USB_Drivers_12.0.exe => No File
FirewallRules: [{520908A0-0CBD-425D-A66A-EEEFBA3EA943}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\progeCAD_USB_Drivers_12.0.exe => No File
FirewallRules: [{CC3B8F85-6304-4C63-B396-B34D12117277}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\ProgeUpd.exe => No File
FirewallRules: [{BC37DD34-7ADC-45B6-B6BA-3C92B6E36F5B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\ProgeUpd.exe => No File
FirewallRules: [{CD1117EF-5A1E-4CA1-B19F-94ACB85F84F6}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\PStyleApp.exe => No File
FirewallRules: [{24C0B1A5-A20B-4B12-A1C0-A19EE39FC4C9}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\PStyleApp.exe => No File
FirewallRules: [{4644451D-EB52-41F1-9768-7B856AD0BFFD}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\RegCAD.exe => No File
FirewallRules: [{00ECEA80-4F7D-4885-B82C-67F2EE3A08A3}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\RegCAD.exe => No File
FirewallRules: [{00D8FA38-CDEB-4722-872D-D489AADEC0DC}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Registration.exe => No File
FirewallRules: [{264230C2-E54B-4BC4-AD9A-74E410F1B4A8}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Registration.exe => No File
FirewallRules: [{C09B700F-33B7-4F4C-99DE-92166BA0DF0F}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\SetNvidiaProfile.exe => No File
FirewallRules: [{A858133D-9F9B-4BDB-8CBE-34DD4668703C}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\SetNvidiaProfile.exe => No File
FirewallRules: [{9AB360E3-1BFF-4CBB-9702-CAD69B560A1B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\StartupDialog.exe => No File
FirewallRules: [{A6045E07-EC1C-48E4-891E-A247B5821D4E}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\StartupDialog.exe => No File
FirewallRules: [{50362636-6EA9-49BD-86C6-6BA9F3E4FAD8}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\TeamViewerQS.exe => No File
FirewallRules: [{7F922EF1-9B5D-4A38-8806-EB79AC283A22}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\TeamViewerQS.exe => No File
FirewallRules: [{CFD7F9D8-8F2D-4D7C-A024-4D67C4C979C6}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Troubleshooter.exe => No File
FirewallRules: [{B8C0738E-A3FE-40D5-AEF8-D5ED632ABA23}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Troubleshooter.exe => No File
FirewallRules: [{721DB7E6-8C5D-4AC2-9BF5-236C033801A0}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\unins000.exe => No File
FirewallRules: [{63E60DBB-301C-427C-BC9A-4C3423DFF888}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\unins000.exe => No File
FirewallRules: [{9B809E7B-E3E5-4E0B-A3ED-F1D8499FF665}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\XCrashReport.exe => No File
FirewallRules: [{E83B5960-7AF4-42B8-82AD-D8B731C45B87}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\XCrashReport.exe => No File
FirewallRules: [TCP Query User{B9FBF310-26B1-4837-8385-222DBC9FB452}C:\users\sizeg\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\sizeg\appdata\local\programs\opera gx\opera.exe => No File
FirewallRules: [UDP Query User{8652B8C2-6C06-4710-AA0B-CAB1C67F5386}C:\users\sizeg\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\sizeg\appdata\local\programs\opera gx\opera.exe => No File
FirewallRules: [TCP Query User{0DB71E3B-F9BE-47A4-B278-D324E18C7407}C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe => No File
FirewallRules: [UDP Query User{49EB0D8D-6FCF-413E-9B3F-40671969B1AC}C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe => No File
FirewallRules: [TCP Query User{74D04870-85B7-4186-8056-FD10A9BD22E9}C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{7A145ABF-8FB3-41B8-B616-286A76C2F955}C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [{6BECB437-0BDB-442B-9885-0854AD895718}] => (Allow) C:\Program Files (x86)\Overwolf\0.236.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{8B7A9ACF-5AED-4D6A-9165-E84C2C4F5710}] => (Allow) C:\Program Files (x86)\Overwolf\0.236.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{9589409E-62F1-4D42-94B7-053D3B28218B}] => (Block) C:\Program Files (x86)\Overwolf\0.236.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{DA0A8C33-53C7-4184-931E-EB733D290F89}] => (Block) C:\Program Files (x86)\Overwolf\0.236.0.11\OverwolfBrowser.exe => No File

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 27 lis 2023 21:54
od FallenCZ
Přikládám fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by sizeg (27-11-2023 21:20:46) Run:1
Running from C:\Users\sizeg\Desktop
Loaded Profiles: sizeg & gameski & SQLTELEMETRY$CV & SQLTELEMETRY$TEW_SQLEXPRESS
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001\...\Run: [Opera GX Stable] => C:\Users\sizeg\AppData\Local\Programs\Opera GX\launcher.exe (No File)
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\sizeg\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (No File)
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001\...\Policies\Explorer: []
AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2023-11-26] (Microsoft Corporation) [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {89973DFD-1046-45C5-9AB9-F88FBDE4D5EF} - System32\Tasks\Opera GX scheduled Autoupdate 1695222260 => C:\Users\sizeg\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {B260F296-654C-4B29-933F-C78DEFD4177E} - System32\Tasks\VivaldiUpdateCheck-69c8ce12faf44ac1 => C:\Users\sizeg\AppData\Local\Vivaldi\Application\update_notifier.exe --from-scheduler (No File)
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD LT 2024\acadlt.exe => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{38A1D9A1-B9FB-4B8B-B89B-0688B10C31BF}\localserver32 -> "C:\Users\sizeg\AppData\Local\Vivaldi\Application\6.2.3105.58\notification_helper.exe" => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{6A58E66D-AE86-4BEF-9BF5-A375DF185CEC}\localserver32 -> C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pcad.exe => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD LT 2024\cs-CZ\acadltficn.dll => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File
AlternateDataStreams: C:\ProgramData\d6f0e771-e0c6-4f44-a374-5951eff3c73eAMDAutoUpdate.log:7275D4C3F9 [10]
AlternateDataStreams: C:\ProgramData\d6f0e771-e0c6-4f44-a374-5951eff3c73eAMDAutoUpdate.log:8EC0397E57 [10]
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk:AC763E6E62 [10]
AlternateDataStreams: C:\Users\sizeg\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\sizeg\Downloads\ProjectD2Installer(1).exe:MBAM.Zone.Identifier [176]
HKLM\...\.scr: => <==== ATTENTION
FirewallRules: [UDP Query User{981E393F-A6BB-40FF-90A6-8836345E6560}C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe] => (Allow) C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe => No File
FirewallRules: [TCP Query User{C055417A-9F70-4BBD-9559-41C7A4AEDDC8}C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe] => (Allow) C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe => No File
FirewallRules: [{9315A59B-F01F-467E-AF12-1E67EF7DEE01}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{3135C57C-6F10-4033-9812-8AE965820395}C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Block) C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{BB96C054-0F66-4034-8BC0-6F56C429C332}C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Block) C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [TCP Query User{5B88CD8B-2AD6-4A4B-B071-72884AE7BD3B}C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Block) C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{A6B0E256-EAC1-4477-B63C-9318C53C908F}C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Block) C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [TCP Query User{8A292EDA-C7C1-47AF-884E-106313535CAB}C:\picovinka\515645564-server.exe] => (Allow) C:\picovinka\515645564-server.exe => No File
FirewallRules: [UDP Query User{2C7A53B9-82D0-4232-90FA-06C31F00E40F}C:\picovinka\515645564-server.exe] => (Allow) C:\picovinka\515645564-server.exe => No File
FirewallRules: [TCP Query User{FE0EFD86-2C89-46D7-ABD6-3EC694DF08B8}C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{55461095-7CAE-4133-A7F1-6E14690B44D6}C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [TCP Query User{374DE3AD-3B06-458B-85E8-65FFB8A2BD36}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe => No File
FirewallRules: [UDP Query User{D7056975-E881-4D50-A717-60361121E22A}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe => No File
FirewallRules: [TCP Query User{58F30122-D91C-4972-8847-B58D3CB08D8F}D:\diablo iv - beta\diablo iv.exe] => (Allow) D:\diablo iv - beta\diablo iv.exe => No File
FirewallRules: [UDP Query User{2BE27B0C-B47D-41AA-877E-15D3B05F2F59}D:\diablo iv - beta\diablo iv.exe] => (Allow) D:\diablo iv - beta\diablo iv.exe => No File
FirewallRules: [TCP Query User{8DE89E6A-D428-4B53-8768-F4D085E970B9}D:\d2-mapserver.exe] => (Allow) D:\d2-mapserver.exe => No File
FirewallRules: [UDP Query User{D6487895-B1D5-48BB-B4A2-F8E62C4865CB}D:\d2-mapserver.exe] => (Allow) D:\d2-mapserver.exe => No File
FirewallRules: [TCP Query User{4BC925A6-D9F2-4C8A-AC90-B2C3EA2558ED}C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{91133B78-7D8D-4E5F-8F41-CC43C60DDC74}C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [{4873040C-ED9A-4A97-8D93-A713F2C95D03}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\assistant.exe => No File
FirewallRules: [{A478355F-7BC1-4649-B05A-20FCA8DBC740}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\assistant.exe => No File
FirewallRules: [{93AB5BE3-1CAA-46F2-A054-1C28CEC321E6}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\center.exe => No File
FirewallRules: [{C16EF756-44A5-452B-8B6A-EA4023D8F09C}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\center.exe => No File
FirewallRules: [{890F32A4-DB60-4C7D-9AB8-BDF5E2608752}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Convert.exe => No File
FirewallRules: [{D2418BC7-92D7-4847-96AF-136AA4963AFC}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Convert.exe => No File
FirewallRules: [{A3EC0342-4667-4886-BF5D-B5CD57C65DF0}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\DisplayMessage.exe => No File
FirewallRules: [{2DA169E6-8832-4BBC-ACD9-7DF263DE8447}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\DisplayMessage.exe => No File
FirewallRules: [{4979B003-7A9A-4BA4-A347-5C16EED1A0FA}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\downloader_advancedrender_progeCAD_2019.exe => No File
FirewallRules: [{887E89D4-A937-4B9F-B9C4-384207096C5A}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\downloader_advancedrender_progeCAD_2019.exe => No File
FirewallRules: [{BD03533A-8C9A-4E2D-9ED4-2334585C45A9}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Dumper.exe => No File
FirewallRules: [{24DD7A3D-2C28-4A5B-8C28-E083CAFE0F4B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Dumper.exe => No File
FirewallRules: [{10819577-26A6-4CC3-9FD6-27BE3B4AD5FF}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\iCADLib.exe => No File
FirewallRules: [{9617F98B-63DB-4EC6-B86C-A58839224CBB}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\iCADLib.exe => No File
FirewallRules: [{F9CB0C7D-7D3C-4DF9-B7EB-062C7D7F8B18}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\igesstepconverter.exe => No File
FirewallRules: [{59521C39-272B-4F4F-83CC-9C8FAA30031B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\igesstepconverter.exe => No File
FirewallRules: [{3A676DF7-6711-485B-A98A-88C613B52084}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\LispDefender.exe => No File
FirewallRules: [{95893ED8-047C-4CEA-A25F-B275E233C729}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\LispDefender.exe => No File
FirewallRules: [{7CC706FC-B83B-4422-A464-74449E920F1D}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NetworkRenderMonitor.exe => No File
FirewallRules: [{54596C62-ABE0-4DC3-BDDB-0FCED9A63E2B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NetworkRenderMonitor.exe => No File
FirewallRules: [{9523CF6B-EF1F-4117-BD32-AC86AD7D8FA7}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NLMTakeAwayManager.exe => No File
FirewallRules: [{9569879C-B74A-4701-9A6B-0F915A07772E}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NLMTakeAwayManager.exe => No File
FirewallRules: [{52882249-46E7-4C86-B9A0-B2EBE9C7EBD9}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NVIDIACrashHandler.exe => No File
FirewallRules: [{20CE6D11-C832-4EF9-AB36-C0F71CAE5E73}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\NVIDIACrashHandler.exe => No File
FirewallRules: [{8485953A-E9D0-44AB-BF53-3E162481937D}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\patch.exe => No File
FirewallRules: [{DB86D9C8-D171-4754-A457-6ED0705653ED}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\patch.exe => No File
FirewallRules: [{E2A3A22C-31A6-4001-AB43-ECB0034BF922}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pcad.exe => No File
FirewallRules: [{CBD05BA5-5646-46ED-9254-F9C395B449F0}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pcad.exe => No File
FirewallRules: [{00FFEA6D-9662-4764-96B0-454BB08EA314}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pdftk.exe => No File
FirewallRules: [{BF9015F8-B2AA-464A-905C-2523619B92BC}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pdftk.exe => No File
FirewallRules: [{B437F60B-6B38-44A8-995C-97E38CBCFC7F}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\PrinterSetup.exe => No File
FirewallRules: [{31EF53E9-89A3-491F-B065-5CBB3D14889D}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\PrinterSetup.exe => No File
FirewallRules: [{2EDF813B-7886-428E-9592-44246927210C}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\ProfilesEditor.exe => No File
FirewallRules: [{E954EC01-85C8-4A2A-AFBE-571DDC26E14E}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\ProfilesEditor.exe => No File
FirewallRules: [{D6CD1BBE-F19A-476B-BE7B-F96A9DBA01D6}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\progeCAD_USB_Drivers_12.0.exe => No File
FirewallRules: [{520908A0-0CBD-425D-A66A-EEEFBA3EA943}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\progeCAD_USB_Drivers_12.0.exe => No File
FirewallRules: [{CC3B8F85-6304-4C63-B396-B34D12117277}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\ProgeUpd.exe => No File
FirewallRules: [{BC37DD34-7ADC-45B6-B6BA-3C92B6E36F5B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\ProgeUpd.exe => No File
FirewallRules: [{CD1117EF-5A1E-4CA1-B19F-94ACB85F84F6}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\PStyleApp.exe => No File
FirewallRules: [{24C0B1A5-A20B-4B12-A1C0-A19EE39FC4C9}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\PStyleApp.exe => No File
FirewallRules: [{4644451D-EB52-41F1-9768-7B856AD0BFFD}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\RegCAD.exe => No File
FirewallRules: [{00ECEA80-4F7D-4885-B82C-67F2EE3A08A3}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\RegCAD.exe => No File
FirewallRules: [{00D8FA38-CDEB-4722-872D-D489AADEC0DC}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Registration.exe => No File
FirewallRules: [{264230C2-E54B-4BC4-AD9A-74E410F1B4A8}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Registration.exe => No File
FirewallRules: [{C09B700F-33B7-4F4C-99DE-92166BA0DF0F}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\SetNvidiaProfile.exe => No File
FirewallRules: [{A858133D-9F9B-4BDB-8CBE-34DD4668703C}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\SetNvidiaProfile.exe => No File
FirewallRules: [{9AB360E3-1BFF-4CBB-9702-CAD69B560A1B}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\StartupDialog.exe => No File
FirewallRules: [{A6045E07-EC1C-48E4-891E-A247B5821D4E}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\StartupDialog.exe => No File
FirewallRules: [{50362636-6EA9-49BD-86C6-6BA9F3E4FAD8}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\TeamViewerQS.exe => No File
FirewallRules: [{7F922EF1-9B5D-4A38-8806-EB79AC283A22}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\TeamViewerQS.exe => No File
FirewallRules: [{CFD7F9D8-8F2D-4D7C-A024-4D67C4C979C6}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Troubleshooter.exe => No File
FirewallRules: [{B8C0738E-A3FE-40D5-AEF8-D5ED632ABA23}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\Troubleshooter.exe => No File
FirewallRules: [{721DB7E6-8C5D-4AC2-9BF5-236C033801A0}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\unins000.exe => No File
FirewallRules: [{63E60DBB-301C-427C-BC9A-4C3423DFF888}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\unins000.exe => No File
FirewallRules: [{9B809E7B-E3E5-4E0B-A3ED-F1D8499FF665}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\XCrashReport.exe => No File
FirewallRules: [{E83B5960-7AF4-42B8-82AD-D8B731C45B87}] => (Block) C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\XCrashReport.exe => No File
FirewallRules: [TCP Query User{B9FBF310-26B1-4837-8385-222DBC9FB452}C:\users\sizeg\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\sizeg\appdata\local\programs\opera gx\opera.exe => No File
FirewallRules: [UDP Query User{8652B8C2-6C06-4710-AA0B-CAB1C67F5386}C:\users\sizeg\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\sizeg\appdata\local\programs\opera gx\opera.exe => No File
FirewallRules: [TCP Query User{0DB71E3B-F9BE-47A4-B278-D324E18C7407}C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe => No File
FirewallRules: [UDP Query User{49EB0D8D-6FCF-413E-9B3F-40671969B1AC}C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe => No File
FirewallRules: [TCP Query User{74D04870-85B7-4186-8056-FD10A9BD22E9}C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [UDP Query User{7A145ABF-8FB3-41B8-B616-286A76C2F955}C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe] => (Allow) C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe => No File
FirewallRules: [{6BECB437-0BDB-442B-9885-0854AD895718}] => (Allow) C:\Program Files (x86)\Overwolf\0.236.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{8B7A9ACF-5AED-4D6A-9165-E84C2C4F5710}] => (Allow) C:\Program Files (x86)\Overwolf\0.236.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{9589409E-62F1-4D42-94B7-053D3B28218B}] => (Block) C:\Program Files (x86)\Overwolf\0.236.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{DA0A8C33-53C7-4184-931E-EB733D290F89}] => (Block) C:\Program Files (x86)\Overwolf\0.236.0.11\OverwolfBrowser.exe => No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
"HKU\S-1-5-21-3719303412-1536690661-2595606811-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Opera GX Stable" => removed successfully
"HKU\S-1-5-21-3719303412-1536690661-2595606811-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Opera GX Browser Assistant" => removed successfully
"HKU\S-1-5-21-3719303412-1536690661-2595606811-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
"C:\PROGRA~1\COMMON~1\System\symsrv.dll" => Value data removed successfully

"C:\WINDOWS\system32\GroupPolicy\Machine" folder move:

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89973DFD-1046-45C5-9AB9-F88FBDE4D5EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89973DFD-1046-45C5-9AB9-F88FBDE4D5EF}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera GX scheduled Autoupdate 1695222260 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera GX scheduled Autoupdate 1695222260" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B260F296-654C-4B29-933F-C78DEFD4177E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B260F296-654C-4B29-933F-C78DEFD4177E}" => removed successfully
C:\WINDOWS\System32\Tasks\VivaldiUpdateCheck-69c8ce12faf44ac1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VivaldiUpdateCheck-69c8ce12faf44ac1" => removed successfully
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741} => removed successfully
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED} => removed successfully
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8} => removed successfully
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{38A1D9A1-B9FB-4B8B-B89B-0688B10C31BF} => removed successfully
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{6A58E66D-AE86-4BEF-9BF5-A375DF185CEC} => removed successfully
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000} => removed successfully
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b} => removed successfully
HKU\S-1-5-21-3719303412-1536690661-2595606811-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3} => removed successfully
C:\ProgramData\d6f0e771-e0c6-4f44-a374-5951eff3c73eAMDAutoUpdate.log => ":7275D4C3F9" ADS removed successfully
C:\ProgramData\d6f0e771-e0c6-4f44-a374-5951eff3c73eAMDAutoUpdate.log => ":8EC0397E57" ADS removed successfully
C:\ProgramData\DP45977C.lfl => ":677104FCAA" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk => ":AC763E6E62" ADS removed successfully
C:\Users\sizeg\Desktop\FRST64.exe => ":MBAM.Zone.Identifier" ADS removed successfully
C:\Users\sizeg\Downloads\ProjectD2Installer(1).exe => ":MBAM.Zone.Identifier" ADS removed successfully
HKLM\Software\Classes\.scr\\"Default"="scrfile" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{981E393F-A6BB-40FF-90A6-8836345E6560}C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C055417A-9F70-4BBD-9559-41C7A4AEDDC8}C:\users\sizeg\appdata\local\temp\7zo4815c4f9\pimpmystremio.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9315A59B-F01F-467E-AF12-1E67EF7DEE01}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3135C57C-6F10-4033-9812-8AE965820395}C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BB96C054-0F66-4034-8BC0-6F56C429C332}C:\program files\windowsapps\mozilla.firefox_104.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5B88CD8B-2AD6-4A4B-B071-72884AE7BD3B}C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A6B0E256-EAC1-4477-B63C-9318C53C908F}C:\program files\windowsapps\mozilla.firefox_107.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8A292EDA-C7C1-47AF-884E-106313535CAB}C:\picovinka\515645564-server.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2C7A53B9-82D0-4232-90FA-06C31F00E40F}C:\picovinka\515645564-server.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FE0EFD86-2C89-46D7-ABD6-3EC694DF08B8}C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{55461095-7CAE-4133-A7F1-6E14690B44D6}C:\program files\windowsapps\mozilla.firefox_109.0.1.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{374DE3AD-3B06-458B-85E8-65FFB8A2BD36}C:\program files\transmission\transmission-qt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D7056975-E881-4D50-A717-60361121E22A}C:\program files\transmission\transmission-qt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{58F30122-D91C-4972-8847-B58D3CB08D8F}D:\diablo iv - beta\diablo iv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2BE27B0C-B47D-41AA-877E-15D3B05F2F59}D:\diablo iv - beta\diablo iv.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8DE89E6A-D428-4B53-8768-F4D085E970B9}D:\d2-mapserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D6487895-B1D5-48BB-B4A2-F8E62C4865CB}D:\d2-mapserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4BC925A6-D9F2-4C8A-AC90-B2C3EA2558ED}C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{91133B78-7D8D-4E5F-8F41-CC43C60DDC74}C:\program files\windowsapps\mozilla.firefox_115.0.2.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4873040C-ED9A-4A97-8D93-A713F2C95D03}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A478355F-7BC1-4649-B05A-20FCA8DBC740}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93AB5BE3-1CAA-46F2-A054-1C28CEC321E6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C16EF756-44A5-452B-8B6A-EA4023D8F09C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{890F32A4-DB60-4C7D-9AB8-BDF5E2608752}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D2418BC7-92D7-4847-96AF-136AA4963AFC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3EC0342-4667-4886-BF5D-B5CD57C65DF0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DA169E6-8832-4BBC-ACD9-7DF263DE8447}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4979B003-7A9A-4BA4-A347-5C16EED1A0FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{887E89D4-A937-4B9F-B9C4-384207096C5A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD03533A-8C9A-4E2D-9ED4-2334585C45A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24DD7A3D-2C28-4A5B-8C28-E083CAFE0F4B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10819577-26A6-4CC3-9FD6-27BE3B4AD5FF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9617F98B-63DB-4EC6-B86C-A58839224CBB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9CB0C7D-7D3C-4DF9-B7EB-062C7D7F8B18}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59521C39-272B-4F4F-83CC-9C8FAA30031B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A676DF7-6711-485B-A98A-88C613B52084}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95893ED8-047C-4CEA-A25F-B275E233C729}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CC706FC-B83B-4422-A464-74449E920F1D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54596C62-ABE0-4DC3-BDDB-0FCED9A63E2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9523CF6B-EF1F-4117-BD32-AC86AD7D8FA7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9569879C-B74A-4701-9A6B-0F915A07772E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52882249-46E7-4C86-B9A0-B2EBE9C7EBD9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20CE6D11-C832-4EF9-AB36-C0F71CAE5E73}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8485953A-E9D0-44AB-BF53-3E162481937D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB86D9C8-D171-4754-A457-6ED0705653ED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E2A3A22C-31A6-4001-AB43-ECB0034BF922}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBD05BA5-5646-46ED-9254-F9C395B449F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00FFEA6D-9662-4764-96B0-454BB08EA314}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF9015F8-B2AA-464A-905C-2523619B92BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B437F60B-6B38-44A8-995C-97E38CBCFC7F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31EF53E9-89A3-491F-B065-5CBB3D14889D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EDF813B-7886-428E-9592-44246927210C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E954EC01-85C8-4A2A-AFBE-571DDC26E14E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6CD1BBE-F19A-476B-BE7B-F96A9DBA01D6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{520908A0-0CBD-425D-A66A-EEEFBA3EA943}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC3B8F85-6304-4C63-B396-B34D12117277}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC37DD34-7ADC-45B6-B6BA-3C92B6E36F5B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD1117EF-5A1E-4CA1-B19F-94ACB85F84F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24C0B1A5-A20B-4B12-A1C0-A19EE39FC4C9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4644451D-EB52-41F1-9768-7B856AD0BFFD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00ECEA80-4F7D-4885-B82C-67F2EE3A08A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00D8FA38-CDEB-4722-872D-D489AADEC0DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{264230C2-E54B-4BC4-AD9A-74E410F1B4A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C09B700F-33B7-4F4C-99DE-92166BA0DF0F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A858133D-9F9B-4BDB-8CBE-34DD4668703C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AB360E3-1BFF-4CBB-9702-CAD69B560A1B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6045E07-EC1C-48E4-891E-A247B5821D4E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50362636-6EA9-49BD-86C6-6BA9F3E4FAD8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F922EF1-9B5D-4A38-8806-EB79AC283A22}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFD7F9D8-8F2D-4D7C-A024-4D67C4C979C6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8C0738E-A3FE-40D5-AEF8-D5ED632ABA23}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{721DB7E6-8C5D-4AC2-9BF5-236C033801A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63E60DBB-301C-427C-BC9A-4C3423DFF888}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B809E7B-E3E5-4E0B-A3ED-F1D8499FF665}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E83B5960-7AF4-42B8-82AD-D8B731C45B87}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B9FBF310-26B1-4837-8385-222DBC9FB452}C:\users\sizeg\appdata\local\programs\opera gx\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8652B8C2-6C06-4710-AA0B-CAB1C67F5386}C:\users\sizeg\appdata\local\programs\opera gx\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0DB71E3B-F9BE-47A4-B278-D324E18C7407}C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{49EB0D8D-6FCF-413E-9B3F-40671969B1AC}C:\users\sizeg\appdata\local\vivaldi\application\vivaldi.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{74D04870-85B7-4186-8056-FD10A9BD22E9}C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7A145ABF-8FB3-41B8-B616-286A76C2F955}C:\program files\windowsapps\mozilla.firefox_119.0.0.0_x64__n80bbvh6b1yt2\vfs\programfiles\firefox package root\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6BECB437-0BDB-442B-9885-0854AD895718}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B7A9ACF-5AED-4D6A-9165-E84C2C4F5710}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9589409E-62F1-4D42-94B7-053D3B28218B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA0A8C33-53C7-4184-931E-EB733D290F89}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64626368 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 263258379 B
Windows/system/drivers => 16326051 B
Edge => 0 B
Firefox => 1398335707 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7168 B
ProgramData => 7168 B
Public => 7168 B
systemprofile => 7168 B
systemprofile32 => 7168 B
LocalService => 114118 B
NetworkService => 140146 B
sizeg => 1774650742 B
gameski => 1774657910 B
SQLTELEMETRY$CV => 1774665078 B
SQLTELEMETRY$TEW_SQLEXPRESS => 1774672246 B

RecycleBin => 4122955647 B
EmptyTemp: => 12.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:51:14 ====

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 28 lis 2023 09:11
od Rudy
Bylo smazáno. Nastala nějaká změna? Mmch. symsrv.dll není malware, nýbrž dynamická knihovna symbol server. Viz: https://www-dll--files-com.translate.go ... _tr_pto=sc .

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 28 lis 2023 20:41
od FallenCZ
Ke zlepšení určitě došlo, nicméně to není všecko, win defender neustále vyhazuje upozornění že byla nalezena hrozba a MBAM že je potřeba restart k dokončení procesu karantény.

Stále vyhazuje jako infikovaný soubor symsrv.dll a vyhazuje i conserv.dll

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 28 lis 2023 20:45
od Rudy
OK. Ty soubory otrstujte online na www.virustotal.com . Výdledek oznamte.

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 28 lis 2023 22:04
od FallenCZ
Při pokusu o upload na virustotal, vyskočilo okýnko:

Operace nebyla úspěšně dokončena protože soubor obsahuje virus nebo jiný potenciálně škodlivý software.

Stejný případ taky u jiných souborů (přidám celou cestu)

C:\WINDOWS\system32\dlcoer.dll
C:\Program Files (x86)\MSI\Gaming APP\Lib\MBAPI_x86.dll
C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
C:\Program Files (x86)\D-Link\DWA-172\RtlLib.dll
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\ActiveX_Resource_Monitor.dll
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\NDA.dll
C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 29 lis 2023 07:18
od JaRon
doplnim:
pouzi niektory "jednorazovy scanner" >> https://forum.viry.cz/viewtopic.php?t=152926

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 30 lis 2023 13:55
od FallenCZ
Použil sem jednorazovy scanner, něco bylo odstraněno ale symsrv.dll mi v mbam stale vyskakuje

Re: Prosím o kontrolu logu (malware symsrv.dll)

Napsal: 30 lis 2023 14:13
od JaRon
skus este MBAR https://www.bleepingcomputer.com/downlo ... i-rootkit/
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz