загрузка CPU на 100%

Karak · Отправлено: **18:29, 07-10-2012** | #5

лог

Код:

ComboFix 12-10-04.02 - Sergej 07.10.2012  15:55:40.3.2 - x86 MINIMAL
Microsoft Windows 7 Максимальная   6.1.7601.1.1251.7.1049.18.2047.1220 [GMT 2:00]
Running from: c:\users\Sergej\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe 
.
Infected copy of c:\windows\System32\slui.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\slui.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2012-09-07 to 2012-10-07  )))))))))))))))))))))))))))))))
.
.
2012-10-07 11:15 . 2012-10-07 11:16	--------	d-----w-	c:\program files\K-Lite Codec Pack
2012-10-07 11:11 . 2012-10-07 11:11	--------	d-----w-	c:\program files\Google
2012-10-07 11:10 . 2012-10-07 11:11	--------	d-----w-	c:\users\Sergej\AppData\Local\Deployment
2012-10-07 09:31 . 2012-10-07 11:20	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AC23D35-63EB-42A0-BA9C-3B749AA466E2}\offreg.dll
2012-10-07 09:24 . 2012-10-07 09:49	--------	d-----w-	c:\program files\trend micro
2012-10-07 09:24 . 2012-10-07 09:24	--------	d-----w-	C:\rsit
2012-10-07 00:21 . 2012-10-07 00:21	--------	d-----w-	c:\users\Sergej\AppData\Roaming\Malwarebytes
2012-10-07 00:21 . 2012-10-07 00:21	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-06 20:50 . 2012-08-21 09:13	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-06 20:50 . 2012-08-21 09:13	355632	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-06 20:50 . 2012-08-21 09:13	44784	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-06 20:50 . 2012-08-21 09:13	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-06 20:50 . 2012-08-21 09:13	729752	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-06 20:50 . 2012-08-21 09:13	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-06 20:49 . 2012-08-21 09:12	41224	----a-w-	c:\windows\avastSS.scr
2012-10-06 20:48 . 2012-08-21 09:12	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-06 20:48 . 2012-10-06 20:48	--------	d-----w-	c:\programdata\AVAST Software
2012-10-06 20:48 . 2012-10-06 20:48	--------	d-----w-	c:\program files\AVAST Software
2012-10-05 21:57 . 2012-08-21 20:12	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-10-05 21:53 . 2012-09-18 22:59	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AC23D35-63EB-42A0-BA9C-3B749AA466E2}\mpengine.dll
2012-10-05 20:52 . 2012-10-05 21:46	--------	d-----w-	c:\program files\Ask.com
2012-10-05 20:04 . 2012-10-05 20:38	--------	d-----w-	c:\program files\Mail.Ru
2012-10-05 20:04 . 2012-10-05 20:40	--------	d-----w-	c:\users\Sergej\AppData\Local\Mail.Ru
2012-10-03 15:31 . 2012-10-03 15:31	--------	d-----w-	c:\users\Sergej\AppData\Local\Macromedia
2012-10-03 14:50 . 2012-10-03 14:50	--------	d-----w-	c:\users\Sergej\AppData\Roaming\Yandex
2012-10-03 14:49 . 2012-10-03 14:49	--------	d-----w-	c:\users\Sergej\AppData\Local\Mozilla
2012-09-25 11:58 . 2012-09-25 11:58	--------	d-----w-	c:\users\Sergej\AppData\Local\Apps
2012-09-19 16:17 . 2012-09-19 18:28	--------	d-----w-	c:\program files\VideoLAN
2012-09-15 16:04 . 2012-09-15 16:04	2295408	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-15 16:03 . 2012-09-15 16:03	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-15 16:00 . 2012-09-15 16:01	--------	d-----w-	c:\users\Sergej\AppData\Local\CRE
2012-09-13 06:34 . 2012-08-22 17:16	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-13 06:34 . 2012-07-04 19:45	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 06:33 . 2012-08-22 17:16	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-13 06:33 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-13 06:33 . 2012-08-22 17:16	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 06:32 . 2012-08-02 16:57	490496	----a-w-	c:\windows\system32\d3d10level9.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 21:53 . 2012-08-05 21:51	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-05 21:53 . 2012-01-13 14:51	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 06:51 . 2012-10-05 22:04	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 06:47 . 2012-10-05 22:04	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-07-18 17:47 . 2012-08-16 07:06	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-03-03 13:32	2169856	--sha-w-	c:\windows\System32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[-] 2009-07-14 . 85AEB26057AAC125EEC1425305F86960 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCallDirect"="c:\program files\WebCallDirect.com\WebCallDirect\webcalldirect.exe" [2012-09-06 23174568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-16 8120864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-12-18 2396160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Chew7Hale"="c:\windows\System32\hale.exe" [2012-03-03 2169856]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 SiSGbeLH;Драйвер NDIS 6.0 для устройства SiS191/SiS190 Ethernet;c:\windows\system32\DRIVERS\SiSGB6.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 21:53]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 11:11]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 11:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20121007&user_guid=BC2F3915D9AC4C3482E8D1EC3505AB96&machine_id=ffce1a5a0fd42673766e0167a569a8c5&browser=IE&os=win&os_version=6.1-x86-SP1
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
HKU-Default-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
HKU-Default-Run-MaxiDisk - c:\program files\Uniblue\MaxiDisk\launcher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:44,4c,ff,c7,a0,73,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,7c,67,cc,20,ac,69,45,b0,92,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,7c,67,cc,20,ac,69,45,b0,92,b0,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\sppsvc.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\windows\servicing\TrustedInstaller.exe
c:\users\Sergej\AppData\Local\Temp\B97E.tmp\bump.exe
.
**************************************************************************
.
Completion time: 2012-10-07  16:10:17 - machine was rebooted
ComboFix-quarantined-files.txt  2012-10-07 14:10
.
Pre-Run: 291.430.866.944 байт свободно
Post-Run: 291.489.337.344 байт свободно
.
- - End Of File - - C4A5F148AD5BCD30AA79C387D5269266