Restartujący się komputer przy pobieraniu plików + powolny system

Dla specjalistów Bezpieczeństwo
#1

Witam, od jakiegoś czasu mój komputer coraz wolniej chodzi, a dzisiaj na dodatek przy pobieraniu programu z allegro zaczął się restartować.

#2

http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/

#3

FRST: http://wklej.org/id/1740497/

Addition: http://wklej.org/id/1740498/

Shortcut: http://wklej.org/id/1740500/

#4

Odinstaluj VshareComplete.Otwórz notatnik systemowy i wklej:

CloseProcesses:
Hosts:
Task: {04640F91-FB09-4224-AAAF-FF1A968C2BB7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-584173389-824814413-2963537879-1000Core => C:\Users\EPCS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-23] (Facebook Inc.)
Task: {29DA53E6-6647-4126-BE74-37524F636AC5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-584173389-824814413-2963537879-1000UA => C:\Users\EPCS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-23] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-584173389-824814413-2963537879-1000Core.job => C:\Users\EPCS\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-584173389-824814413-2963537879-1000UA.job => C:\Users\EPCS\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-x32\...\Run: [Bron-Spizaetus] => C:\Windows\ShellNew\RakyatKelaparan.exe [43403 2015-06-15] ()
HKLM-x32\...\Winlogon: [Shell] Explorer.exe "C:\Windows\KesenjanganSosial.exe" [43403] () <=== ATTENTION
HKU\S-1-5-21-584173389-824814413-2963537879-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-584173389-824814413-2963537879-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-584173389-824814413-2963537879-1000\...\Run: [Facebook Update] => C:\Users\EPCS\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-23] (Facebook Inc.)
HKU\S-1-5-21-584173389-824814413-2963537879-1000\...\Run: [Tok-Cirrhatus] => [X]
HKU\S-1-5-21-584173389-824814413-2963537879-1000\...\Run: [] => [X]
HKU\S-1-5-21-584173389-824814413-2963537879-1000\...\Run: [Tok-Cirrhatus-2025] => C:\Users\EPCS\AppData\Local\smss.exe [43403 2015-06-15] ()
HKU\S-1-5-21-584173389-824814413-2963537879-1000\...\Policies\system: [DisableRegistryTools] 1
Startup: C:\Users\EPCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif [2014-06-03] ()
AlternateShell: cmd-brontok.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-584173389-824814413-2963537879-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Roll Around - C:\Users\EPCS\AppData\Roaming\Mozilla\Firefox\Profiles\kt57x1xn.default\Extensions\{bec0d06e-c92d-48a7-bc8b-4f7ee342b2ad}.xpi [2015-02-23]
FF Extension: No Name - C:\Users\EPCS\AppData\Roaming\Mozilla\Firefox\Profiles\qpjtmyr9.Wojtek\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
CHR Extension: (gbiacbhfnlfebjddbeigkkajdpeichne) - C:\Users\EPCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiacbhfnlfebjddbeigkkajdpeichne [2014-12-30]
U3 azeoocw3; C:\Windows\System32\Drivers\azeoocw3.sys [0] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
2015-06-17 15:31 - 2015-06-17 15:31 - 00033061 _____ C:\Users\EPCS\AppData\Local\Update.15.Bron.Tok.bin
2015-06-17 14:03 - 2015-06-17 14:06 - 00000000 ____ D C:\AdwCleaner
2015-06-17 13:13 - 2015-06-17 13:13 - 00000000 ____ D C:\Users\EPCS\AppData\Local\Bron.tok-15-17
2015-06-16 00:00 - 2015-06-16 00:00 - 00000000 ____ D C:\Users\EPCS\AppData\Local\Bron.tok-15-16
2015-06-15 00:44 - 2015-06-15 00:44 - 00000000 ____ D C:\Users\EPCS\AppData\Local\Bron.tok-15-15
2015-06-14 12:59 - 2015-06-14 12:59 - 00000000 ____ D C:\Users\EPCS\AppData\Local\Bron.tok-15-14
2015-06-13 00:45 - 2015-06-13 00:45 - 00000000 ____ D C:\Users\EPCS\AppData\Local\Bron.tok-15-13
2015-06-12 16:34 - 2015-06-12 16:34 - 00000000 ____ D C:\Users\EPCS\AppData\Local\Bron.tok-15-12
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 ____ N C:\Users\EPCS\AppData\Local\winlogon.exe
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 ____ H C:\Windows\KesenjanganSosial.exe
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 _____ C:\Windows\SysWOW64\EPCS's Setting.scr
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 _____ C:\Windows\SysWOW64\cmd-brontok.exe
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 _____ C:\Users\EPCS\Documents\Documents.exe
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 _____ C:\Users\EPCS\AppData\Local\smss.exe
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 _____ C:\Users\EPCS\AppData\Local\services.exe
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 _____ C:\Users\EPCS\AppData\Local\lsass.exe
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 _____ C:\Users\EPCS\AppData\Local\inetinfo.exe
2015-06-15 12:09 - 2014-06-03 18:30 - 00043403 _____ C:\Users\EPCS\AppData\Local\csrss.exe
C:\Users\EPCS\AppData\Roaming\skype.ini
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/

#5

Fixlog utworzony po ‘Fix’ w programie FRST: http://wklej.org/id/1740573/

#6

Wykonaj resztę poleceń.