vehabija Posted August 9, 2023 ID:1582008 Share Posted August 9, 2023 Pozdrav Evo ga. Već nekoliko sedmica imam problem, mislim sa nekom vrstom virusa. Primetio sam da sam kompjuter uzima dozvole za sistemske fajlove, instalirao sam 3 vrste antivirusa, ali ga nijedan ne prepoznaje. Podigao sam sistem nekoliko puta, ali svaki put kada se desi ista stvar, kada pratim preglednik događaja vidim gomilu čudnih stvari i ponovo se uzimaju dozvole. Ono što sam primetio je da je promenjena verzija BIOS-a, tačnije datum izlaska nije isti kao original, i nisam ga menjao. Laptop je Lenovo Legion 7 sa AMD Ryzen 7 procesorom, star nekoliko mjeseci. Možete li mi pomoći, jer servis ne vrši popravke. Hvala _ FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Porthos Posted August 9, 2023 ID:1582035 Share Posted August 9, 2023 (edited) @vehabija Molimo vas da uradite sledeće kako bismo pobliže pogledali vaš sistem u potrazi za eventualnim infekcijama. Ponovo pokrenite računar i uradite sledeće. UPOZORENJE: Nemojte kliknuti na opciju Popravak pod Napredno osim ako to ne zatraži Malwarebytes agent za podršku ili ovlašteni pomagač NAPOMENA: Alati i dobijene informacije su bezbedni i nisu štetni za vašu privatnost ili računar, dozvolite da se programi pokreću ako ih vaš sistem blokira. • Preuzmite Malwarebytes alat za podršku • U fascikli Preuzimanja otvorite datoteku mb-support-x.x.x.xxx.exe • U iskačućem prozoru Kontrola korisničkog naloga kliknite na Da da biste nastavili instalaciju • Pokrenite MBST Support Tool • U levom oknu za navigaciju Malwarebytes alata za podršku, kliknite na Napredno • U naprednim opcijama kliknite na Sakupi evidenciju. Dijagram statusa prikazuje da alat preuzima evidenciju sa vašeg stroja • Zip datoteka pod nazivom mbst-grab-results.zip će biti sačuvana na javnoj radnoj površini, molimo vas da tu datoteku otpremite prilikom sljedećeg odgovora Hvala ti Translation of the First post. Here it is. I've been having a problem for a few weeks now, I think with some kind of virus. I noticed that the computer itself takes permissions for system files, I installed 3 types of antivirus, but none of them recognize it. I've booted the system several times but every time the same thing happens, when I follow the event viewer I see a bunch of weird stuff and the permissions are being taken again. What I noticed is that the BIOS version was changed, more precisely the release date is not the same as the original, and I did not change it. The laptop is a Lenovo Legion 7 with an AMD Ryzen 7 processor, a few months old. Can you help me, because the service does not do repairs. Thank you _ Edited August 9, 2023 by Porthos 1 Link to post Share on other sites More sharing options...
vehabija Posted August 9, 2023 Author ID:1582115 Share Posted August 9, 2023 zavrseno,u privitku vam zaljem zip file. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 9, 2023 Root Admin ID:1582211 Share Posted August 9, 2023 Zapisi pokazuju da koristite Kaspersky antivirus i nema očitih znakova infekcije Zbog čega mislite da imate infekciju? Jeste li ponovno pokrenuli računalo i neka Kaspersky izvrši potpuno skeniranje? Hvala The logs show that you're running Kaspersky antivirus and there are no obvious signs of infection What specifically makes you believe you have an infection? Have you restarted the computer and have Kaspersky do a full scan? Thanks Link to post Share on other sites More sharing options...
vehabija Posted August 9, 2023 Author ID:1582218 Share Posted August 9, 2023 because of this (see the picture), the above picture is the first scan, after that everything continued to happen, I could not log in to your forum with the correct username and password from the laptop, but I could from the mobile phone, after I fixed that detail (bottom picture) I don't have any more problems for now, I will monitor the situation further. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 9, 2023 Root Admin ID:1582232 Share Posted August 9, 2023 Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 9, 2023 Root Admin ID:1582233 Share Posted August 9, 2023 The Restrictions could very well be due to you running Kaspersky antivirus Also, please run the following @vehabija Please download the following tool Farbar Service Scanner and run it on the computer with the issuehttp://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Click "Scan" It will create a log (FSS.txt) in the same directory the tool is run. Please attach the log to your next reply. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 9, 2023 Root Admin ID:1582244 Share Posted August 9, 2023 (edited) @vehabija Please run the following Start in Safe mode: Press the Windows icon on the keyboard together with the letter I, to get into the Settings. Choose Update and Security. From the menu at the left, choose Recovery. Under the title Advanced startup at the right, choose Restart now. From the window that will appear choose Troubleshoot and then Advanced options. Choose Startup Settings and then Restart. Press number 5, for choosing Safe mode with networking. You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen. After that: Please do the following to run a FRST fix.NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply. Edited August 9, 2023 by AdvancedSetup Updated information Link to post Share on other sites More sharing options...
vehabija Posted August 10, 2023 Author ID:1582279 Share Posted August 10, 2023 I can't access safe mode with the network, when I start, none of the connection methods work for me. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 10, 2023 Root Admin ID:1582286 Share Posted August 10, 2023 Please temporarily uninstall Kaspersky Antivirus and restart the computer. Then try again and let me know the results Link to post Share on other sites More sharing options...
vehabija Posted August 24, 2023 Author ID:1584593 Share Posted August 24, 2023 I'm sorry, I wasn't able to answer you until today. the situation is like this, I had to install the new system again, with all updates. And everything looked perfectly clean for 3 days, only to experience a new attack last night in addition to the antivirus. so I'm asking you if it's possible to start from the beginning to try to diagnose and eliminate this s*it. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 24, 2023 Root Admin ID:1584614 Share Posted August 24, 2023 The best thing to do is perform a CLEAN install which includes removing ALL partitions from the drive. @vehabija Clean Install Windows 10 & 11 (2023)https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587 Also, please review the following topic Bypass Microsoft Online Account Creation during installation of Windows 11https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/ Recovery options in Windowshttps://support.microsoft.com/en-us/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5#WindowsVersion=Windows_11 Once the new CLEAN installation is complete DO NOT install any 3rd party software. Come back here and get me a new set of logs and we'll see how things are working NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply Thank you Link to post Share on other sites More sharing options...
vehabija Posted August 24, 2023 Author ID:1584651 Share Posted August 24, 2023 Evo nove instalacije i dnevnika. mbst-grab-results.zip Link to post Share on other sites More sharing options...
vehabija Posted August 24, 2023 Author ID:1584668 Share Posted August 24, 2023 In the meantime, I've done a mrt scan, I'm sending you a log mrt.log NetSetup.LOG Link to post Share on other sites More sharing options...
vehabija Posted August 24, 2023 Author ID:1584673 Share Posted August 24, 2023 and CBS also CBS.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 24, 2023 Root Admin ID:1584687 Share Posted August 24, 2023 Please check for Windows Updates and install any updates found Then run an elevated admin command prompt and run the following and post back the results SFC.EXE /SCANNOW Thank you @vehabija Link to post Share on other sites More sharing options...
vehabija Posted August 24, 2023 Author ID:1584688 Share Posted August 24, 2023 done CBS.log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 24, 2023 Root Admin ID:1584710 Share Posted August 24, 2023 Do you own a Paid version of Malwarebytes or any other Security / Antivirus product? Link to post Share on other sites More sharing options...
vehabija Posted August 25, 2023 Author ID:1584796 Share Posted August 25, 2023 yes, I have Kaspersky premium, but currently it is not installed, because I did not add anything except Microsoft products. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 25, 2023 Root Admin ID:1584855 Share Posted August 25, 2023 Okay, please run the following @vehabija Please download the following tool Farbar Service Scanner and run it on the computer with the issuehttp://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Click "Scan" It will create a log (FSS.txt) in the same directory the tool is run. Please attach the log to your next reply. Link to post Share on other sites More sharing options...
vehabija Posted August 25, 2023 Author ID:1584856 Share Posted August 25, 2023 done , FSS.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 25, 2023 Root Admin ID:1584880 Share Posted August 25, 2023 Great, that looks good. Let me get a new, fresh set of Farbar scan logs Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Link to post Share on other sites More sharing options...
vehabija Posted August 25, 2023 Author ID:1584885 Share Posted August 25, 2023 still works smoothly, for now Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 25, 2023 Root Admin ID:1584894 Share Posted August 25, 2023 I see you have installed multiple Gmail, Chrome products. Nothing wrong with that, only that Google makes $85 billion dollars marketing Ads and User meta-data. YOU are part of that meta-data they sell to others by gathering data metrics about you. Just keep that in mind. Please consider making the following changes [ 1 ] Your current DNS Servers: 192.168.1.1 Please consider changing your default DNS server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6 Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b The Ultimate Guide to Changing Your DNS Serverhttps://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Here is a YouTube video on Changing DNS settings if needed [ 2 ] I would recommend you switch to Firefox as your default browser or at least lock down MS Edge and Google Chrome so that they're not so free with your information and data. Stop Microsoft Edge from starting automaticallyhttps://support.microsoft.com/en-us/microsoft-edge/stop-microsoft-edge-from-starting-automatically-c341c879-799a-dccd-d6be-bc51ecdd5804 How to make Microsoft Edge as private and secure as possiblehttps://www.onmsft.com/how-to/how-to-make-microsoft-edge-private/ How To Increase Privacy & Security In Microsoft Edgehttps://www.youtube.com/watch?v=E5zyo5sBoT0 [ 3 ] Regardless of which browser you decide to use, please install a Content Blocker Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin [ 4 ] Why did you have a system crash? Error: (08/25/2023 03:51:58 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Crash dump initialization failed! Make sure you have a Content Blocker enabled before visiting websites How to Solve Event ID 46 Crash Dump Initialization Failedhttps://www.minitool.com/news/crash-dump-initialization-failed.html [ 5 ] Please check and make sure your Killer Network card is functioning correctly System errors: ============= Error: (08/25/2023 04:24:18 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9S37ILP) Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout. Error: (08/25/2023 03:51:58 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Crash dump initialization failed! Error: (08/25/2023 03:52:10 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 18:18:34 on ‎24.‎8.‎2023. was unexpected. Error: (08/24/2023 07:34:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9S37ILP) Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout. Error: (08/24/2023 04:36:32 PM) (Source: Killer Network Service) (EventID: 16) (User: ) Description: Error Loading Configuration File user.xml Error: (08/24/2023 04:36:32 PM) (Source: Killer Network Service) (EventID: 16) (User: ) Description: Error Loading Configuration File from Disk for C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles\user.xml Error: (08/24/2023 04:36:32 PM) (Source: Killer Network Service) (EventID: 16) (User: ) Description: Error Loading Configuration File oem.xml Error: (08/24/2023 04:36:32 PM) (Source: Killer Network Service) (EventID: 16) (User: ) Description: Error Loading Configuration File from Disk for C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles\oem.xml Windows Defender: ================ Date: 2023-08-25 18:00:49 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-08-24 16:23:11 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0] Date: 2023-08-25 16:15:36 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.395.1289.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23070.1005 Error code: 0x80240438 Error description: Prilikom traženja ažuriranja doÅ¡lo je do neoÄekivanog problema. Informacije o instaliranju ažuriranja i otklanjanju poteÅ¡koća s njima potražite u odjeljku Pomoć i podrÅ¡ka. [ 6 ] Not sure if this is a good, valid extension or not. The string for it on search brings up many potential threats, but those could simply be bots or people that don't understand the binary file naming used CHR Extension: (Plaćanja u web-trgovini Chrome) - C:\Users\as\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-24] [ 7 ] You could add the following via a command prompt with Admin rights and it would tighten up the Windows firewall a little bit more Block all inbound ports 135-139 and 445 netsh advfirewall firewall add rule name="1Custom Block Ports 135-139 and 445" dir=in action=block protocol=TCP localport=135-139,445 enable=yes netsh advfirewall firewall add rule name="1Custom Block Ports 135-139 and 445" dir=out action=block protocol=TCP localport=135-139,445 enable=yes Block all Outbound access for WScript and CScript Executables netsh advfirewall firewall add rule name="1Custom Block WScript and CScript Executables" dir=out action=block program="%windir%\system32\wscript.exe,%windir%\system32\cscript.exe,%windir%\SysWOW64\wscript.exe,%windir%\SysWOW64\cscript.exe" enable=yes Block all inbound ICMP traffic for Echo request netsh advfirewall firewall add rule name="1Custom Block ICMP Echo Request and Echo Reply" dir=in protocol=icmpv4:8,0 action=block netsh advfirewall firewall add rule name="1Custom Block ICMPv6 Echo Request and Echo Reply" dir=in protocol=icmpv6:128,129 action=block Blocking inbound traffic on ports 135-139 and 445 can help prevent attacks targeting SMB services, which are known to have many security vulnerabilities. However, this rule may interfere with legitimate file sharing and printer sharing services and may need to be adjusted depending on the specific network environment. Blocking outbound access for WScript and CScript executables can help prevent malicious scripts from running on your system and can help protect against attacks that use these executable programs. However, this rule may interfere with legitimate scripts and may need to be adjusted depending on the specific network environment. Blocking inbound ICMP traffic for Echo request can help prevent ping flooding attacks and can help protect against certain types of network reconnaissance attacks. However, this rule may interfere with network diagnostic tools that use ping to test network connectivity and may need to be adjusted depending on the specific network environment. [ 8 ] If you own your own router and are not renting it from your Internet Service Provider Please ensure that you have the user manual for your router. Then perform a factory reset. How To Reset Your Routerhttps://setuprouter.com/networking/how-to-reset-your-router/ Depending on one's preferences and the Router's capabilities please consider the following. Disable acceptance of ICMP Pings Change the Default Router password using a Strong Password Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option. Disable Remote Management Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network.Example: Keep IoT devices on one network and mobile devices on another. Change the network name (SSID). Do not use your; Name, Postal address or other personal information. Make it unique or whimsical and known to your family/group. Is the Router Firmware up-to-date ? Updating the firmware mitigates exploitable vulnerabilities. Specifically set Firewall rules to BLOCK; TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034 Document passwords created and store them in a safe but accessible location. Link to post Share on other sites More sharing options...
vehabija Posted August 25, 2023 Author ID:1584907 Share Posted August 25, 2023 Thank you very much,for the detailed description of my problem. I did not understand this about Chrome and Edge very well, whether the problem is the use of the browser, or in general that I have accounts with them. Because I use their browsers on Android as well. One more piece of advice, please. As for antivirus, is it better to use kaspersky or windows defender? And do these add-ons that I need to install create a conflict with kaspersky. As for these changes, I would be foolish not to listen to the expert I turned to, for help 40 minutes ago, AdvancedSetup said: [ 1 ] Vaši trenutni DNS serveri: 192.168.1.1 Razmislite o promjeni zadanih postavki DNS servera. Molimo odaberite samo jednog provajdera DNS je ono što korisnicima omogućava povezivanje na web stranice koristeći nazive domena umjesto IP adresa Odaberite samo jednog od ova 4 provajdera. I imajte na umu da trebate promijeniti 1 put za IPv4 i 2. prolaz za IPv6 Google javni DNS : IPv4 8.8.8.8 i 8.8.4.4 IPv6 2001:4860:4860::8888 i 2001:4860:4860::8844 Cloudflare : IPv4 1.1.1.1 i 1.0.0.1 IPv6 2606:4700:4700::1111 i 2606:4700:4700::1001 OpenDNS : IPv4 208.67.222.222 i 208.67.220.220 IPv6 2620:119:35::35 i 2620:119:53::53 DNSWATCH : IPv4 84.200.69.80 i 84.200.70.40 IPv6 2001:1608:10 : 25::1c04:b12f i 2001:1608:10:25::9249:d69b Ultimativni vodič za promjenu vašeg DNS servera https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Evo YouTube videa o promjeni DNS postavki ako je potrebno [ 2 ] Preporučio bih vam da se prebacite na Firefox kao zadani pretraživač ili barem zaključate MS Edge i Google Chrome kako ne bi bili tako slobodni s vašim informacijama i podacima. Zaustavite Microsoft Edge da se automatski pokreće https://support.microsoft.com/en-us/microsoft-edge/stop-microsoft-edge-from-starting-automatically-c341c879-799a-dccd-d6be-bc51ecdd5804 Kako učiniti Microsoft Edge što privatnijim i sigurnijim https://www.onmsft.com/how-to/how-to-make-microsoft-edge-private/ Kako povećati privatnost i sigurnost u Microsoft Edgeu https://www.youtube.com/watch?v=E5zyo5sBoT0 [ 3 ] Bez obzira koji pretraživač odlučite da koristite, instalirajte Content Blocker Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin I have already solved the Content Blocker, DNS and Firefox and everything else goes during the night. 43 minutes ago, AdvancedSetup said: [ 4 ] Zašto vam se sistem srušio? Greška: (25.08.2023 15:51:58) (Izvor: volmgr) (ID događaja: 46) (Korisnik: ) Opis: Inicijalizacija rušenja nije uspjela! Provjerite jeste li omogućili Content Blocker prije nego posjetite web stranice Kako riješiti ID događaja 46. Inicijalizacija rušenja nije uspjela https://www.minitool.com/news/crash-dump-initialization-failed.html I don't know if it's possible because I turned it off suddenly, I needed to enter the BIOS to activate the wireless card. 58 minutes ago, AdvancedSetup said: [ 5 ] Molimo provjerite i uvjerite se da vaša Killer Network kartica ispravno funkcionira Sistemske greške:============= Greška: (25.08.2023. 16:24:18) (Izvor: DCOM) (ID događaja: 10010) (Korisnik: DESKTOP-9S37ILP) Opis: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se nije registrovao kod DCOM-a unutar potrebnog vremenskog ograničenja. Greška: (25.08.2023 15:51:58) (Izvor: volmgr) (ID događaja: 46) (Korisnik: ) Opis: Inicijalizacija rušenja nije uspjela! Greška: (25.08.2023. 15:52:10) (Izvor: EventLog) (ID događaja: 6008) (Korisnik: ) Opis: Prethodno gašenje sistema u 18:18:34 ‎24.‎8. ‎2023. bilo neočekivano. Greška: (24.08.2023 07:34:03) (Izvor: DCOM) (ID događaja: 10010) (Korisnik: DESKTOP-9S37ILP) Opis: Server {8CFC164F-4BE5-4FDD-94E9-E2AF93ED4A nije registrovan sa DCOM-om unutar potrebnog vremenskog ograničenja. Greška: (08/24/2023 04:36:32 PM) (Izvor: Killer Network Service) (ID događaja: 16) (Korisnik: ) Opis: Greška pri učitavanju konfiguracijske datoteke user.xml Greška: (08/24/2023 04:36:32 PM) (Izvor: Killer Network Service) (ID događaja: 16) (Korisnik: ) Opis: Greška pri učitavanju konfiguracijske datoteke s diska za C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles \user.xml Greška: (08/24/2023 04:36:32 PM) (Izvor: Killer Network Service) (ID događaja: 16) (Korisnik: ) Opis: Greška pri učitavanju konfiguracijske datoteke oem.xml Greška: (08/24/2023 04:36:32 PM) (Izvor: Killer Network Service) (ID događaja: 16) (Korisnik: ) Opis: Greška pri učitavanju konfiguracijske datoteke s diska za C:\ProgramData\RivetNetworks\Killer\ConfigurationFiles \oem.xml Windows Defender:================ Datum: 2023-08-25 18:00:49 Opis: Microsoft Defender Antivirus skeniranje je zaustavljeno prije završetka. Vrsta skeniranja: Parametri skeniranja protiv malvera: Brzo skeniranje Datum: 2023-08-24 16:23:11 Opis: Microsoft Defender Antivirus skeniranje je zaustavljeno prije završetka. Vrsta skeniranja: Parametri skeniranja protiv malvera: Brzo skeniranje Događaj[0] Datum: 2023-08-25 16:15:36 Opis: Microsoft Defender Antivirus je naišao na grešku pri pokušaju ažuriranja sigurnosne inteligencije. Nova verzija sigurnosne inteligencije: Prethodna verzija sigurnosne inteligencije: 1.395.1289.0 Izvor ažuriranja: Microsoft Update Server Tip sigurnosne inteligencije: AntiVirus Tip ažuriranja: Puna trenutna verzija motora: Prethodna verzija motora: 1.1.23070.1005 Kôd greške: 0x8023070.1005 Kôd greške: 0x8023070.1005 . ¡lo je do neocekivanog problema. Informacije o instaliranju ažuriranja i otklanjanja poteškoća njima potražite u odjeljak Pomoć i podrška. How do I check that? 1 hour ago, AdvancedSetup said: [ 6 ] Nisam siguran da li je ovo dobro, važeće proširenje ili ne. Niz za to u pretraživanju donosi mnoge potencijalne prijetnje, ali to jednostavno mogu biti botovi ili ljudi koji ne razumiju korišteno imenovanje binarnih datoteka CHR ekstenzija: (Plaćanja u web-trgovini Chrome) - C:\Users\as\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-24] I have no idea what it is, this is what I get when I open the folder (chr.png) 1 hour ago, AdvancedSetup said: [ 7 ] Možete dodati sljedeće putem komandne linije s administratorskim pravima i to bi još malo pooštrilo Windows firewall Blokirajte sve ulazne portove 135-139 i 445 Blokirajte sav izlazni pristup za WScript i CScript izvršne datoteke Blokirajte sav dolazni ICMP promet za Echo zahtjev Blokiranje dolaznog saobraćaja na portovima 135-139 i 445 može pomoći u sprečavanju napada usmjerenih na SMB usluge, za koje se zna da imaju mnoge sigurnosne propuste. Međutim, ovo pravilo može ometati legitimno dijeljenje datoteka i usluge dijeljenja pisača i možda će se morati prilagoditi ovisno o specifičnom mrežnom okruženju. Blokiranje izlaznog pristupa za izvršne datoteke WScript i CScript može spriječiti pokretanje zlonamjernih skripti na vašem sistemu i može pomoći u zaštiti od napada koji koriste ove izvršne programe. Međutim, ovo pravilo može ometati legitimne skripte i možda će se morati prilagoditi ovisno o specifičnom mrežnom okruženju. Blokiranje dolaznog ICMP saobraćaja za Echo zahtjev može pomoći u sprječavanju napada ping floodinga i može pomoći u zaštiti od određenih vrsta napada izviđanja mreže. Međutim, ovo pravilo može ometati mrežne dijagnostičke alate koji koriste ping za testiranje mrežne povezanosti i možda će ga trebati prilagoditi ovisno o specifičnom mrežnom okruženju. Done. (cmd.png) 1 hour ago, AdvancedSetup said: [ 8 ] Ako posjedujete vlastiti ruter i ne iznajmljujete ga od svog Internet provajdera Uvjerite se da imate korisnički priručnik za vaš ruter. Zatim izvršite vraćanje na tvorničke postavke. Kako resetirati vaš ruter https://setuprouter.com/networking/how-to-reset-your-router/ U zavisnosti od nečijih preferencija i mogućnosti rutera, razmotrite sledeće. Onemogućite prihvatanje ICMP pingova Promenite podrazumevanu lozinku rutera koristeći jaku lozinku Koristite jaku WiFi lozinku na WPA2 koristeći AES enkripciju ili Omogućite WPA3 ako je to opcija. Onemogućite daljinsko upravljanje Kreirajte zasebne WiFi mreže za grupe uređaja sa sličnim namjenama kako biste spriječili kompromitaciju cijele mreže uređaja ako zlonamjerni akter može dobiti neovlašteni pristup jednom uređaju ili mreži. Primjer: Držite IoT uređaje na jednoj mreži, a mobilne uređaje na drugoj. Promijenite naziv mreže ( SSID ). Nemojte koristiti svoje; Ime, poštanska adresa ili drugi lični podaci. Neka bude jedinstven ili ćudljiv i poznat vašoj porodici/grupi. Da li je firmver rutera ažuran? Ažuriranje firmvera ublažava ranjivosti koje je moguće iskoristiti. Posebno postavite pravila zaštitnog zida na BLOK; TCP i UDP portovi 135 ~ 139, 445, 1234, 3389, 5555 i 9034 Dokumentirajte kreirane lozinke i pohranite ih na sigurnoj, ali dostupnoj lokaciji. The router is owned by the provider, I will do as much as I am allowed. And in the meantime, I will definitely buy my own router, if that is the solution.. Thanks again. I'll send the new logs as soon as I've solved all the items on the list. Link to post Share on other sites More sharing options...
Recommended Posts