Virus problem

[vehabija]

Pozdrav

Evo ga. Već nekoliko sedmica imam problem, mislim sa nekom vrstom virusa. Primetio sam da sam kompjuter uzima dozvole za sistemske fajlove, instalirao sam 3 vrste antivirusa, ali ga nijedan ne prepoznaje. Podigao sam sistem nekoliko puta, ali svaki put kada se desi ista stvar, kada pratim preglednik događaja vidim gomilu čudnih stvari i ponovo se uzimaju dozvole. Ono što sam primetio je da je promenjena verzija BIOS-a, tačnije datum izlaska nije isti kao original, i nisam ga menjao. Laptop je Lenovo Legion 7 sa AMD Ryzen 7 procesorom, star nekoliko mjeseci. Možete li mi pomoći, jer servis ne vrši popravke.  Hvala  _

FRST.txt Addition.txt

[Porthos]

@vehabija

Molimo vas da uradite sledeće kako bismo pobliže pogledali vaš sistem u potrazi za eventualnim infekcijama.
Ponovo pokrenite računar i uradite sledeće.
UPOZORENJE: Nemojte kliknuti na opciju Popravak pod Napredno osim ako to ne zatraži Malwarebytes agent za podršku ili ovlašteni pomagač
NAPOMENA: Alati i dobijene informacije su bezbedni i nisu štetni za vašu privatnost ili računar, dozvolite da se programi pokreću ako ih vaš sistem blokira.
• Preuzmite Malwarebytes alat za podršku

• U fascikli Preuzimanja otvorite datoteku mb-support-x.x.x.xxx.exe
• U iskačućem prozoru Kontrola korisničkog naloga kliknite na Da da biste nastavili instalaciju
• Pokrenite MBST Support Tool
• U levom oknu za navigaciju Malwarebytes alata za podršku, kliknite na Napredno
• U naprednim opcijama kliknite na Sakupi evidenciju. Dijagram statusa prikazuje da alat preuzima evidenciju sa vašeg stroja
• Zip datoteka pod nazivom mbst-grab-results.zip će biti sačuvana na javnoj radnoj površini, molimo vas da tu datoteku otpremite prilikom sljedećeg odgovora

 
Hvala ti

Translation of the First post.

Here it is. I've been having a problem for a few weeks now, I think with some kind of virus. I noticed that the computer itself takes permissions for system files, I installed 3 types of antivirus, but none of them recognize it. I've booted the system several times but every time the same thing happens, when I follow the event viewer I see a bunch of weird stuff and the permissions are being taken again. What I noticed is that the BIOS version was changed, more precisely the release date is not the same as the original, and I did not change it. The laptop is a Lenovo Legion 7 with an AMD Ryzen 7 processor, a few months old. Can you help me, because the service does not do repairs. Thank you _

 

Edited August 9, 2023 by Porthos

[vehabija]

zavrseno,u privitku vam zaljem zip file. 

mbst-grab-results.zip

[AdvancedSetup]

Zapisi pokazuju da koristite Kaspersky antivirus i nema očitih znakova infekcije

Zbog čega mislite da imate infekciju?

Jeste li ponovno pokrenuli računalo i neka Kaspersky izvrši potpuno skeniranje?

Hvala

 

 

The logs show that you're running Kaspersky antivirus and there are no obvious signs of infection

What specifically makes you believe you have an infection?

Have you restarted the computer and have Kaspersky do a full scan?

Thanks

 

 

[vehabija]

because of this (see the picture), the above picture is the first scan, after that everything continued to happen, I could not log in to your forum with the correct username and password from the laptop, but I could from the mobile phone, after I fixed that detail (bottom picture) I don't have any more problems for now, I will monitor the situation further.

[AdvancedSetup]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

[AdvancedSetup]

The Restrictions could very well be due to you running Kaspersky antivirus

 

 

Also, please run the following @vehabija

 

Please download the following tool

Farbar Service Scanner and run it on the computer with the issue
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

 

Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center/Action Center
• Windows Update
• Windows Defender

Click "Scan"

It will create a log (FSS.txt) in the same directory the tool is run.
Please attach the log to your next reply.

 

[AdvancedSetup]

@vehabija

Please run the following

 

Start in Safe mode:

• Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
• Choose Update and Security.
• From the menu at the left, choose Recovery.
• Under the title Advanced startup at the right, choose Restart now.
• From the window that will appear choose Troubleshoot and then Advanced options.
• Choose Startup Settings and then Restart.
• Press number 5, for choosing Safe mode with networking.
• You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

After that:

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

 

Start::
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction
End::

 

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

 

Edited August 9, 2023 by AdvancedSetup
Updated information

[vehabija]

I can't access safe mode with the network, when I start, none of the connection methods work for me. 

[AdvancedSetup]

Please temporarily uninstall Kaspersky Antivirus and restart the computer.

Then try again and let me know the results

 

[vehabija]

I'm sorry, I wasn't able to answer you until today. the situation is like this, I had to install the new system again, with all updates. And everything looked perfectly clean for 3 days, only to experience a new attack last night in addition to the antivirus. so I'm asking you if it's possible to start from the beginning to try to diagnose and eliminate this s*it. 

[AdvancedSetup]

The best thing to do is perform a CLEAN install which includes removing ALL partitions from the drive. @vehabija

 

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

Also, please review the following topic

Bypass Microsoft Online Account Creation during installation of Windows 11
https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

Recovery options in Windows
https://support.microsoft.com/en-us/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5#WindowsVersion=Windows_11

 

Once the new CLEAN installation is complete

DO NOT install any 3rd party software. Come back here and get me a new set of logs and we'll see how things are working

 

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

[vehabija]

Evo nove instalacije i dnevnika.

mbst-grab-results.zip

[vehabija]

In the meantime, I've done a mrt scan, I'm sending you a log

mrt.log NetSetup.LOG

[vehabija]

and CBS also 

CBS.zip

[AdvancedSetup]

Please check for Windows Updates and install any updates found

Then run an elevated admin command prompt and run the following and post back the results

SFC.EXE  /SCANNOW 

 

Thank you @vehabija

[vehabija]

done

CBS.log

[AdvancedSetup]

Do you own a Paid version of Malwarebytes or any other Security / Antivirus product?

 

[vehabija]

yes, I have Kaspersky premium, but currently it is not installed, because I did not add anything except Microsoft products.

[AdvancedSetup]

Okay, please run the following @vehabija

 

 

Please download the following tool

Farbar Service Scanner and run it on the computer with the issue
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

 

Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center/Action Center
• Windows Update
• Windows Defender

Click "Scan"

It will create a log (FSS.txt) in the same directory the tool is run.
Please attach the log to your next reply.

 

[vehabija]

done ,

FSS.txt

[AdvancedSetup]

Great, that looks good.

Let me get a new, fresh set of Farbar scan logs

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

[vehabija]

still works smoothly, for now

Addition.txt FRST.txt

[AdvancedSetup]

I see you have installed multiple Gmail, Chrome products. Nothing wrong with that, only that Google makes $85 billion dollars marketing Ads and User meta-data. YOU are part of that meta-data they sell to others by gathering data metrics about you. Just keep that in mind.

 

Please consider making the following changes

 

[ 1 ]

Your current DNS Servers:  192.168.1.1

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

• Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
• Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
• OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
• DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

[ 2 ]

I would recommend you switch to Firefox as your default browser or at least lock down MS Edge and Google Chrome so that they're not so free with your information and data.

Stop Microsoft Edge from starting automatically
https://support.microsoft.com/en-us/microsoft-edge/stop-microsoft-edge-from-starting-automatically-c341c879-799a-dccd-d6be-bc51ecdd5804

How to make Microsoft Edge as private and secure as possible
https://www.onmsft.com/how-to/how-to-make-microsoft-edge-private/

How To Increase Privacy & Security In Microsoft Edge
https://www.youtube.com/watch?v=E5zyo5sBoT0

 

[ 3 ]

Regardless of which browser you decide to use, please install a Content Blocker

 

Malwarebytes Browser Guard

•   Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
•   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
•   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

uBlock Origin

• Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm 
• Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak 
• Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

 

[ 4 ]

Why did you have a system crash?

Error: (08/25/2023 03:51:58 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Make sure you have a Content Blocker enabled before visiting websites

How to Solve Event ID 46 Crash Dump Initialization Failed
https://www.minitool.com/news/crash-dump-initialization-failed.html

 

[ 5 ]

Please check and make sure your Killer Network card is functioning correctly

System errors:
=============
Error: (08/25/2023 04:24:18 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9S37ILP)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (08/25/2023 03:51:58 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (08/25/2023 03:52:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:18:34 on ‎24.‎8.‎2023. was unexpected.

Error: (08/24/2023 07:34:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9S37ILP)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (08/24/2023 04:36:32 PM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File user.xml

Error: (08/24/2023 04:36:32 PM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File from Disk for C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles\user.xml

Error: (08/24/2023 04:36:32 PM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File oem.xml

Error: (08/24/2023 04:36:32 PM) (Source: Killer Network Service) (EventID: 16) (User: )
Description: Error Loading Configuration File from Disk for C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles\oem.xml

Windows Defender:
================
Date: 2023-08-25 18:00:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-24 16:23:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2023-08-25 16:15:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.395.1289.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23070.1005
Error code: 0x80240438
Error description: Prilikom traženja ažuriranja došlo je do neočekivanog problema. Informacije o instaliranju ažuriranja i otklanjanju poteškoća s njima potražite u odjeljku Pomoć i podrška.

 

[ 6 ]

Not sure if this is a good, valid extension or not. The string for it on search brings up many potential threats, but those could simply be bots or people that don't understand the binary file naming used

CHR Extension: (Plaćanja u web-trgovini Chrome) - C:\Users\as\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-24]

 

[ 7 ]

You could add the following via a command prompt with Admin rights and it would tighten up the Windows firewall a little bit more

 

Block all inbound ports 135-139 and 445

netsh advfirewall firewall add rule name="1Custom Block Ports 135-139 and 445" dir=in action=block protocol=TCP localport=135-139,445 enable=yes
netsh advfirewall firewall add rule name="1Custom Block Ports 135-139 and 445" dir=out action=block protocol=TCP localport=135-139,445 enable=yes

 

Block all Outbound access for WScript and CScript Executables

netsh advfirewall firewall add rule name="1Custom Block WScript and CScript Executables" dir=out action=block program="%windir%\system32\wscript.exe,%windir%\system32\cscript.exe,%windir%\SysWOW64\wscript.exe,%windir%\SysWOW64\cscript.exe" enable=yes

 

Block all inbound ICMP traffic for Echo request

netsh advfirewall firewall add rule name="1Custom Block ICMP Echo Request and Echo Reply" dir=in protocol=icmpv4:8,0 action=block
netsh advfirewall firewall add rule name="1Custom Block ICMPv6 Echo Request and Echo Reply" dir=in protocol=icmpv6:128,129 action=block

Blocking inbound traffic on ports 135-139 and 445 can help prevent attacks targeting SMB services, which are known to have many security vulnerabilities.
However, this rule may interfere with legitimate file sharing and printer sharing services and may need to be adjusted depending on the specific network environment.

Blocking outbound access for WScript and CScript executables can help prevent malicious scripts from running on your system and can help protect against attacks that use these executable programs.
However, this rule may interfere with legitimate scripts and may need to be adjusted depending on the specific network environment.

Blocking inbound ICMP traffic for Echo request can help prevent ping flooding attacks and can help protect against certain types of network reconnaissance attacks.
However, this rule may interfere with network diagnostic tools that use ping to test network connectivity and may need to be adjusted depending on the specific network environment.

 

[ 8 ]

If you own your own router and are not renting it from your Internet Service Provider

Please ensure that you have the user manual for your router. Then perform a factory reset.

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

Depending on one's preferences and the Router's capabilities please consider the following.

• Disable acceptance of ICMP Pings
• Change the Default Router password using a Strong Password
• Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
• Disable Remote Management
• Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network.
  Example: Keep IoT devices on one network and mobile devices on another.
• Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
• Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
• Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
• Document passwords created and store them in a safe but accessible location.

 

 

[vehabija]

Thank you very much,for the detailed description of my problem. I did not understand this about Chrome and Edge very well, whether the problem is the use of the browser, or in general that I have accounts with them. Because I use their browsers on Android as well. One more piece of advice, please. As for antivirus, is it better to use kaspersky or windows defender? And do these add-ons that I need to install create a conflict with kaspersky.

As for these changes, I would be foolish not to listen to the expert I turned to, for help

 

 

40 minutes ago, AdvancedSetup said:

[ 1 ]

Vaši trenutni DNS serveri:  192.168.1.1

Razmislite o promjeni  zadanih postavki DNS servera. Molimo odaberite samo jednog provajdera

DNS je ono što korisnicima omogućava povezivanje na web stranice koristeći nazive domena umjesto IP adresa

Odaberite samo jednog od ova 4 provajdera. I imajte na umu da trebate promijeniti 1 put za  IPv4 i 2. prolaz za IPv6

• Google javni DNS :  IPv4    8.8.8.8  i  8.8.4.4    IPv6    2001:4860:4860::8888  i  2001:4860:4860::8844
• Cloudflare :  IPv4    1.1.1.1  i  1.0.0.1    IPv6    2606:4700:4700::1111  i  2606:4700:4700::1001
• OpenDNS :  IPv4    208.67.222.222  i  208.67.220.220   IPv6   2620:119:35::35  i  2620:119:53::53
• DNSWATCH :  IPv4    84.200.69.80  i  84.200.70.40    IPv6   2001:1608:10  :  25::1c04:b12f i 2001:1608:10:25::9249:d69b

Ultimativni vodič za promjenu vašeg DNS servera
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Evo  YouTube  videa o promjeni DNS postavki ako je potrebno

 

[ 2 ]

Preporučio bih vam da se prebacite na Firefox kao zadani pretraživač ili barem zaključate MS Edge i Google Chrome kako ne bi bili tako slobodni s vašim informacijama i podacima.

Zaustavite Microsoft Edge da se automatski pokreće
https://support.microsoft.com/en-us/microsoft-edge/stop-microsoft-edge-from-starting-automatically-c341c879-799a-dccd-d6be-bc51ecdd5804

Kako učiniti Microsoft Edge što privatnijim i sigurnijim
https://www.onmsft.com/how-to/how-to-make-microsoft-edge-private/

Kako povećati privatnost i sigurnost u Microsoft Edgeu
https://www.youtube.com/watch?v=E5zyo5sBoT0

 

 

[ 3 ]

Bez obzira koji pretraživač odlučite da koristite, instalirajte Content Blocker

 

Malwarebytes Browser Guard

•   Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
•   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
•   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

uBlock Origin

• Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm 
• Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak 
• Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

 

I have already solved the Content Blocker, DNS and Firefox and everything else goes during the night.

 

 

 

 

 

43 minutes ago, AdvancedSetup said:

[ 4 ]

Zašto vam se sistem srušio?

Greška: (25.08.2023 15:51:58) (Izvor: volmgr) (ID događaja: 46) (Korisnik: )
Opis: Inicijalizacija rušenja nije uspjela!

Provjerite jeste li omogućili Content Blocker prije nego posjetite web stranice

Kako

riješiti ID događaja 46. Inicijalizacija rušenja nije uspjela
https://www.minitool.com/news/crash-dump-initialization-failed.html

I don't know if it's possible because I turned it off suddenly, I needed to enter the BIOS to activate the wireless card.

 

 

 

 

58 minutes ago, AdvancedSetup said:

[ 5 ]

Molimo provjerite i uvjerite se da vaša Killer Network kartica ispravno funkcionira

Sistemske greške:
=============
Greška: (25.08.2023. 16:24:18) (Izvor: DCOM) (ID događaja: 10010) (Korisnik: DESKTOP-9S37ILP)
Opis: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se nije registrovao kod DCOM-a unutar potrebnog vremenskog ograničenja.

Greška: (25.08.2023 15:51:58) (Izvor: volmgr) (ID događaja: 46) (Korisnik: )
Opis: Inicijalizacija rušenja nije uspjela!

Greška: (25.08.2023. 15:52:10) (Izvor: EventLog) (ID događaja: 6008) (Korisnik: )
Opis: Prethodno gašenje sistema u 18:18:34 ‎24.‎8. ‎2023. bilo neočekivano.

Greška: (24.08.2023 07:34:03) (Izvor: DCOM) (ID događaja: 10010) (Korisnik: DESKTOP-9S37ILP)
Opis: Server {8CFC164F-4BE5-4FDD-94E9-E2AF93ED4A nije registrovan sa DCOM-om unutar potrebnog vremenskog ograničenja.

Greška: (08/24/2023 04:36:32 PM) (Izvor: Killer Network Service) (ID događaja: 16) (Korisnik: )
Opis: Greška pri učitavanju konfiguracijske datoteke user.xml

Greška: (08/24/2023 04:36:32 PM) (Izvor: Killer Network Service) (ID događaja: 16) (Korisnik: )
Opis: Greška pri učitavanju konfiguracijske datoteke s diska za C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles \user.xml

Greška: (08/24/2023 04:36:32 PM) (Izvor: Killer Network Service) (ID događaja: 16) (Korisnik: )
Opis: Greška pri učitavanju konfiguracijske datoteke oem.xml

Greška: (08/24/2023 04:36:32 PM) (Izvor: Killer Network Service) (ID događaja: 16) (Korisnik: )
Opis: Greška pri učitavanju konfiguracijske datoteke s diska za C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles \oem.xml

Windows Defender:
================
Datum: 2023-08-25 18:00:49
Opis:
Microsoft Defender Antivirus skeniranje je zaustavljeno prije završetka.
Vrsta skeniranja:
Parametri skeniranja protiv malvera: Brzo skeniranje

Datum: 2023-08-24 16:23:11
Opis:
Microsoft Defender Antivirus skeniranje je zaustavljeno prije završetka.
Vrsta skeniranja:
Parametri skeniranja protiv malvera: Brzo skeniranje
Događaj[0]

Datum: 2023-08-25 16:15:36
Opis:
Microsoft Defender Antivirus je naišao na grešku pri pokušaju ažuriranja sigurnosne inteligencije.
Nova verzija sigurnosne inteligencije:
Prethodna verzija sigurnosne inteligencije: 1.395.1289.0
Izvor ažuriranja: Microsoft Update Server
Tip sigurnosne inteligencije: AntiVirus
Tip ažuriranja: Puna
trenutna
verzija motora: Prethodna verzija motora: 1.1.23070.1005
Kôd greške: 0x8023070.1005 Kôd greške: 0x8023070.1005
. ¡lo je do neocekivanog problema. Informacije o instaliranju ažuriranja i otklanjanja poteškoća njima potražite u odjeljak Pomoć i podrška.

How do I check that?

 

 

 

 

1 hour ago, AdvancedSetup said:

[ 6 ]

Nisam siguran da li je ovo dobro, važeće proširenje ili ne. Niz za to u pretraživanju donosi mnoge potencijalne prijetnje, ali to jednostavno mogu biti botovi ili ljudi koji ne razumiju korišteno imenovanje binarnih datoteka

CHR ekstenzija: (Plaćanja u web-trgovini Chrome) - C:\Users\as\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-24]

I have no idea what it is, this is what I get when I open the folder  (chr.png) 

 

 

 

1 hour ago, AdvancedSetup said:

[ 7 ]

Možete dodati sljedeće putem komandne linije s administratorskim pravima i to bi još malo pooštrilo Windows firewall

 

Blokirajte sve ulazne portove 135-139 i 445

 

Blokirajte sav izlazni pristup za WScript i CScript izvršne datoteke

 

Blokirajte sav dolazni ICMP promet za Echo zahtjev

Blokiranje dolaznog saobraćaja na portovima 135-139 i 445 može pomoći u sprečavanju napada usmjerenih na SMB usluge, za koje se zna da imaju mnoge sigurnosne propuste.
Međutim, ovo pravilo može ometati legitimno dijeljenje datoteka i usluge dijeljenja pisača i možda će se morati prilagoditi ovisno o specifičnom mrežnom okruženju.

Blokiranje izlaznog pristupa za izvršne datoteke WScript i CScript može spriječiti pokretanje zlonamjernih skripti na vašem sistemu i može pomoći u zaštiti od napada koji koriste ove izvršne programe.
Međutim, ovo pravilo može ometati legitimne skripte i možda će se morati prilagoditi ovisno o specifičnom mrežnom okruženju.

Blokiranje dolaznog ICMP saobraćaja za Echo zahtjev može pomoći u sprječavanju napada ping floodinga i može pomoći u zaštiti od određenih vrsta napada izviđanja mreže.
Međutim, ovo pravilo može ometati mrežne dijagnostičke alate koji koriste ping za testiranje mrežne povezanosti i možda će ga trebati prilagoditi ovisno o specifičnom mrežnom okruženju.

 

Done. (cmd.png)

 

 

 

 

1 hour ago, AdvancedSetup said:

[ 8 ]

Ako posjedujete vlastiti ruter i ne iznajmljujete ga od svog Internet provajdera

Uvjerite se da imate korisnički priručnik za vaš ruter. Zatim izvršite vraćanje na tvorničke postavke.

Kako resetirati vaš ruter
https://setuprouter.com/networking/how-to-reset-your-router/

U zavisnosti od nečijih preferencija i mogućnosti rutera, razmotrite sledeće.

• Onemogućite prihvatanje ICMP pingova
• Promenite podrazumevanu lozinku rutera koristeći jaku lozinku
• Koristite jaku WiFi lozinku na WPA2 koristeći AES enkripciju ili Omogućite WPA3 ako je to opcija.
• Onemogućite daljinsko upravljanje
• Kreirajte zasebne WiFi mreže za grupe uređaja sa sličnim namjenama kako biste spriječili kompromitaciju cijele mreže uređaja ako zlonamjerni akter može dobiti neovlašteni pristup jednom uređaju ili mreži.
  Primjer: Držite IoT uređaje na jednoj mreži, a mobilne uređaje na drugoj.
• Promijenite naziv mreže ( SSID ). Nemojte koristiti svoje; Ime, poštanska adresa ili drugi lični podaci. Neka bude jedinstven ili ćudljiv i poznat vašoj porodici/grupi.
• Da li je firmver rutera ažuran? Ažuriranje firmvera ublažava ranjivosti koje je moguće iskoristiti.
• Posebno postavite pravila zaštitnog zida na BLOK; TCP i UDP portovi 135 ~ 139, 445, 1234, 3389, 5555 i 9034
• Dokumentirajte kreirane lozinke i pohranite ih na sigurnoj, ali dostupnoj lokaciji.

The router is owned by the provider, I will do as much as I am allowed.
And in the meantime, I will definitely buy my own router, if that is the solution..

 

 

 

Thanks again. I'll send the new logs as soon as I've solved all the items on the list.