MyCity » Ambulanta -> Arhiva Ambulante » BSOD problem i Firefox zauzme za pola sata toliko memorije da se sve zakoci

BSOD problem i Firefox zauzme za pola sata toliko memorije da se sve zakoci

Napisano na dan: 22.12.2017
1

BSOD problem i Firefox zauzme za pola sata toliko memorije da se sve zakoci

Idi na vrh

Poslao: 22 Dec 2017 21:53
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Par puta u poslednjih nekoliko dana mi se pojavi BSOD a Firefox neprestano zauzima toliko memorije da se sve uslogira. Koristim od zastite Avast free i MBAM. Imam internet ADSL 50
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Sale (administrator) on SALE-PC (22-12-2017 21:47:16)
Running from C:\Users\Sale\Desktop
Loaded Profiles: Sale (Available Profiles: Sale)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-22] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2623900519-3301226672-1341085607-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0424FF70-120F-4C97-8D19-C3954930CE44}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBDD4AC8-341F-4337-A7AB-5E484CFF931E}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2623900519-3301226672-1341085607-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-10] (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-01-12] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-10] (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-01-12] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-01-12] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-01-12] (LastPass)
Toolbar: HKU\S-1-5-21-2623900519-3301226672-1341085607-1000 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
Toolbar: HKU\S-1-5-21-2623900519-3301226672-1341085607-1000 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227 [2017-12-22]
FF Homepage: Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227 -> hxxps://www.google.rs/?gws_rd=ssl
FF Extension: (Pinterest Save Button) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2017-12-21]
FF Extension: (NoiaButtons) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\NoiaButtons@ArisT2_Noia4dev.xpi [2017-09-13] [Legacy]
FF Extension: (AntiGameOrigin v6) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\shole@ogame.us.xpi [2017-12-19]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\support@lastpass.com.xpi [2017-12-06]
FF Extension: (Avast Online Security) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\wrc@avast.com.xpi [2017-10-24]
FF Extension: (Adblock Plus) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-01-12] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-01-12] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-22] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-22] (AVAST Software)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2017-01-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-22] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-22] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-22] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-22] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-22] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-22] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146664 2017-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-22] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457400 2017-12-22] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-22] (AVAST Software)
R1 cryptfd; C:\Windows\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-11] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [188992 2016-02-10] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1087616 2014-09-19] (Vimicro Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-22 21:47 - 2017-12-22 21:47 - 000012650 _____ C:\Users\Sale\Desktop\FRST.txt
2017-12-22 21:45 - 2017-12-22 21:46 - 002392064 _____ (Farbar) C:\Users\Sale\Desktop\FRST64.exe
2017-12-22 10:20 - 2017-12-22 10:20 - 000232128 _____ C:\Users\Sale\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-22 10:16 - 2017-12-22 10:16 - 000790816 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-22 10:14 - 2017-12-22 10:13 - 000365680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-12-22 10:13 - 2017-12-22 10:13 - 000149344 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-12-21 19:36 - 2017-12-21 19:36 - 001587867 _____ C:\Users\Sale\Desktop\pexels-photo-164250.jpeg
2017-12-19 12:21 - 2017-12-19 12:22 - 000000000 ____D C:\Users\Public\File Viewer Plus
2017-12-19 12:21 - 2017-12-19 12:21 - 000000000 ____D C:\Users\Sale\AppData\Local\File Viewer Plus
2017-12-19 12:21 - 2017-12-19 12:21 - 000000000 ____D C:\Program Files (x86)\File Identifier
2017-12-19 12:17 - 2017-12-19 12:19 - 051823232 _____ (Sharpened Productions ) C:\Users\Sale\Desktop\fvp_setup_2.2.1.262fi.exe
2017-12-19 09:14 - 2017-12-19 09:14 - 017687135 _____ C:\Users\Sale\Desktop\ccf44748b0391e59040e125edd7da5.mp4
2017-12-17 14:50 - 2017-12-17 14:53 - 000000000 ____D C:\Users\Sale\Desktop\Pčelar 2006
2017-12-13 18:28 - 2017-12-13 18:28 - 000000000 ____D C:\Users\Sale\Desktop\lang
2017-12-13 18:26 - 2017-12-13 18:26 - 000059477 _____ C:\Users\Sale\Desktop\lang.zip
2017-12-13 18:18 - 2017-12-13 18:18 - 011090411 _____ C:\Users\Sale\Desktop\b63ebf467dab97edd6aac4ce80893d.mp4
2017-12-13 17:55 - 2017-12-13 17:56 - 000000000 ____D C:\Users\Sale\AppData\Roaming\SpeedSim
2017-12-13 17:53 - 2017-12-13 17:53 - 000485218 _____ C:\Users\Sale\Desktop\SpeedSim_0.9.8.1b_unicode.exe
2017-12-13 04:21 - 2017-11-17 05:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-13 04:21 - 2017-11-07 17:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 04:21 - 2017-11-04 16:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-13 04:21 - 2017-11-04 16:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 04:21 - 2017-11-04 16:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-13 04:21 - 2017-11-04 16:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-13 04:21 - 2017-11-02 17:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 04:21 - 2017-11-02 17:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-13 04:21 - 2017-11-02 17:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-13 04:21 - 2017-11-02 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-13 04:21 - 2017-11-02 16:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-13 04:21 - 2017-11-02 16:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-13 04:21 - 2017-11-02 16:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-13 04:21 - 2017-11-02 15:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-13 04:21 - 2017-10-17 00:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-13 04:21 - 2017-10-16 23:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-13 04:21 - 2017-10-12 01:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-13 04:20 - 2017-11-07 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-12 21:15 - 2017-12-12 21:15 - 033189875 _____ C:\Users\Sale\Desktop\sng 2018.gbl
2017-12-12 12:06 - 2017-12-12 12:06 - 001528119 _____ C:\Users\Sale\Desktop\41479-Honey-Bee-in-flight-white-background.ai
2017-12-11 14:53 - 2017-12-11 14:53 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-11 14:53 - 2017-12-11 14:53 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-11 11:45 - 2017-12-11 11:45 - 000000916 _____ C:\Users\Public\Desktop\LandscapePro Trial.lnk
2017-12-11 11:44 - 2017-12-11 11:45 - 000000000 ____D C:\Program Files\LandscapePro 2 Trial
2017-12-11 11:43 - 2017-12-11 11:43 - 000000000 ____D C:\Users\Sale\Desktop\Landscape_pro_studio_Free_Download_With_(zabranjeno)
2017-12-06 19:41 - 2017-12-06 19:41 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2017-12-06 19:41 - 2017-12-06 19:41 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-05 19:34 - 2017-12-05 19:34 - 008187336 _____ (Malwarebytes) C:\Users\Sale\Desktop\adwcleaner_7.0.5.0(1).exe
2017-12-01 14:36 - 2017-12-01 14:36 - 000000000 ____D C:\Users\Sale\Desktop\V vojvođanska
2017-12-01 12:47 - 2017-12-01 12:47 - 032273076 _____ C:\Users\Sale\Desktop\zrtve-bih.pdf
2017-11-25 18:37 - 2017-11-25 18:37 - 000000000 ____D C:\Users\Sale\AppData\Roaming\simplitec
2017-11-22 19:12 - 2017-11-22 19:12 - 000000000 ____D C:\Users\Sale\Documents\Video Pro X5
2017-11-22 19:12 - 2017-11-22 19:12 - 000000000 ____D C:\Users\Sale\Documents\MAGIX downloads
2017-11-22 19:12 - 2017-11-22 19:12 - 000000000 ____D C:\Users\Sale\Documents\MAGIX
2017-11-22 19:12 - 2017-11-22 19:12 - 000000000 ____D C:\Users\Sale\AppData\Roaming\MAGIX
2017-11-22 19:08 - 2017-11-22 19:08 - 000000000 ____D C:\Users\Sale\Documents\MAGIX_MusicEditor
2017-11-22 19:08 - 2017-11-22 19:08 - 000000000 ____D C:\Users\Sale\AppData\Local\Xara
2017-11-22 19:08 - 2017-11-22 19:08 - 000000000 ____D C:\Users\Sale\AppData\Local\Magix
2017-11-22 18:52 - 2017-11-22 18:52 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0
2017-11-22 18:29 - 2017-11-22 18:29 - 000003584 _____ C:\Users\Sale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-22 18:27 - 2017-11-22 18:27 - 000000000 ____D C:\Users\Sale\.fontconfig
2017-11-22 18:26 - 2017-11-22 18:26 - 000000000 ____D C:\Users\Sale\AppData\Local\Movavi
2017-11-22 18:26 - 2017-11-22 18:26 - 000000000 ____D C:\Users\Sale\AppData\Local\_VideoConverter

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-22 21:47 - 2017-01-16 22:51 - 000000000 ____D C:\FRST
2017-12-22 21:36 - 2017-01-11 22:13 - 000000000 ____D C:\Users\Sale\AppData\LocalLow\Mozilla
2017-12-22 21:35 - 2017-01-11 22:31 - 000007667 _____ C:\Users\Sale\AppData\Local\Resmon.ResmonCfg
2017-12-22 21:32 - 2017-01-15 02:34 - 000000000 ____D C:\Windows\pss
2017-12-22 14:22 - 2017-01-12 21:30 - 000000000 ____D C:\Users\Sale\Documents\Outlook Files
2017-12-22 10:38 - 2009-07-14 05:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-22 10:38 - 2009-07-14 05:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-22 10:17 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-22 10:16 - 2017-01-12 19:18 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2017-12-22 10:16 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-22 10:14 - 2017-10-29 06:49 - 000000000 ____D C:\Windows\Minidump
2017-12-22 10:14 - 2017-10-23 16:39 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-12-22 10:13 - 2017-11-10 07:41 - 000185096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 001025176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000457400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000358672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000343768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000321512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000204456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000199448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000110336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000084384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000057696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2017-12-22 10:13 - 2017-10-23 16:39 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-12-22 10:05 - 2017-01-11 21:58 - 000000000 ____D C:\Users\Sale
2017-12-21 14:57 - 2017-01-14 22:11 - 000000000 ___RD C:\Users\Sale\Desktop\Internet programi
2017-12-19 10:25 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-16 11:33 - 2017-01-25 10:15 - 000000000 ____D C:\Users\Sale\Desktop\Slike za logo i projekti
2017-12-16 01:28 - 2017-09-14 18:58 - 000000000 ____D C:\Users\Sale\Desktop\predavanja
2017-12-14 10:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-12-14 07:27 - 2017-05-06 12:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-14 07:27 - 2017-01-11 22:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-14 07:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-14 07:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-14 07:09 - 2017-01-12 00:11 - 000000000 ____D C:\Windows\system32\MRT
2017-12-14 07:04 - 2017-10-12 11:39 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-14 07:04 - 2017-01-12 00:10 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-13 14:53 - 2009-07-14 06:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-12 19:07 - 2017-01-13 14:11 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-12 19:07 - 2017-01-13 14:11 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-12 19:07 - 2017-01-13 14:11 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-12 19:07 - 2017-01-13 13:33 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 19:07 - 2017-01-13 13:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-08 08:32 - 2017-09-14 10:43 - 000000000 ____D C:\Users\Sale\Documents\LogoDesignStudio Pro
2017-12-05 20:31 - 2017-01-15 02:23 - 000000000 ____D C:\AdwCleaner
2017-11-29 09:11 - 2017-04-10 08:13 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-26 20:36 - 2017-11-06 17:18 - 000000000 ____D C:\Users\Sale\Desktop\spov slike
2017-11-22 19:08 - 2007-04-27 09:43 - 000120200 _____ () C:\Windows\SysWOW64\DLLDEV32i.dll
2017-11-22 18:57 - 2017-01-16 09:40 - 000000000 ____D C:\Users\Sale\AppData\Roaming\DVDVideoSoft

==================== Files in the root of some directories =======

2017-01-12 23:04 - 2017-01-12 23:13 - 022803992 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-02-27 22:15 - 2017-03-01 08:24 - 000889271 _____ () C:\Users\Sale\AppData\Local\ars.cache
2017-02-27 22:16 - 2017-03-01 12:51 - 013099399 _____ () C:\Users\Sale\AppData\Local\census.cache
2017-11-22 18:29 - 2017-11-22 18:29 - 000003584 _____ () C:\Users\Sale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-27 15:34 - 2017-02-27 15:34 - 000000036 _____ () C:\Users\Sale\AppData\Local\housecall.guid.cache
2017-01-11 22:31 - 2017-12-22 21:35 - 000007667 _____ () C:\Users\Sale\AppData\Local\Resmon.ResmonCfg
2017-02-27 17:25 - 2017-02-27 23:07 - 000000010 _____ () C:\Users\Sale\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-19 02:08

==================== End of FRST.txt ============================


https://www.mycity.rs/must-login.png

Poslao: 23 Dec 2017 13:57
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

Task: {11C6A9DB-EE8D-47E3-BF17-1EFC006F7ABF} - System32\Tasks\7a4y1r1 => C:\Windows\system32\rundll32.exe "C:\ProgramData\7a4y1r1\7a4y1r1.dll",ayreb <==== ATTENTION
Task: {C59E69BA-7DE3-4B25-97AA-30DAA483328D} - System32\Tasks\Stergesterpeck Host => C:\Program Files (x86)\Dresle\woneward.exe
C:\ProgramData\7a4y1r1
C:\Program Files (x86)\Dresle


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Poslao: 24 Dec 2017 08:46
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Sale (24-12-2017 08:45:24) Run:1
Running from C:\Users\Sale\Desktop
Loaded Profiles: Sale (Available Profiles: Sale)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {11C6A9DB-EE8D-47E3-BF17-1EFC006F7ABF} - System32\Tasks\7a4y1r1 => C:\Windows\system32\rundll32.exe "C:\ProgramData\7a4y1r1\7a4y1r1.dll",ayreb <==== ATTENTION
Task: {C59E69BA-7DE3-4B25-97AA-30DAA483328D} - System32\Tasks\Stergesterpeck Host => C:\Program Files (x86)\Dresle\woneward.exe
C:\ProgramData\7a4y1r1
C:\Program Files (x86)\Dresle
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{11C6A9DB-EE8D-47E3-BF17-1EFC006F7ABF} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11C6A9DB-EE8D-47E3-BF17-1EFC006F7ABF}" => removed successfully
C:\Windows\System32\Tasks\7a4y1r1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7a4y1r1" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C59E69BA-7DE3-4B25-97AA-30DAA483328D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C59E69BA-7DE3-4B25-97AA-30DAA483328D}" => removed successfully
C:\Windows\System32\Tasks\Stergesterpeck Host => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Stergesterpeck Host" => removed successfully
"C:\ProgramData\7a4y1r1" => not found.
"C:\Program Files (x86)\Dresle" => not found.

==== End of Fixlog 08:45:26 ====

Poslao: 24 Dec 2017 12:23
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

Poslao: 24 Dec 2017 17:39
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

https://www.mycity.rs/must-login.png

Poslao: 24 Dec 2017 18:19
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sad stanje sistema?

Poslao: 24 Dec 2017 18:52
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Na zalost, isto koci i isto puni memoriju Sad

Poslao: 24 Dec 2017 19:26
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U logovima ne vidim više tragove malwarea. Kakvo je stanje kad disejbluješ ekstenzije?

Poslao: 25 Dec 2017 08:25
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Napisano: 24 Dec 2017 19:50

Sad cu da probam da to uradim. Ranije su mi se u Task Manageru u procesima svi plugini pojavljivali na jednom mestu kao plugin container a sad u rifuzu Very Happy po 5-6-7 komada

Dopuna: 25 Dec 2017 8:25

Mislim da si bio u pravu. Pobrisao sam sve. Posle sinocnjeg brisanja extenzija ni jednom do sad mi se nije zakocio.

Poslao: 25 Dec 2017 10:30
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Vjerovatno jedna ekstenzija pravi problem. Moraćeš ssitemom eliminacije utvrditit koja. U svakom slučaju ostaje ti još ovo da uradiš.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

MyCity » Ambulanta -> Arhiva Ambulante » BSOD problem i Firefox zauzme za pola sata toliko memorije da se sve zakoci

Ko je trenutno na forumu
 

Ukupno su 507 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 503 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Penzula, sasa76, Shilok, zlaya011