Re: Re: Тормозит компьютер, барахлит звук

[Venerus]

Установка Windows была произведена во втором случае.

ComboFix 09-05-02.4 — Rozochka 03.05.2009 17:35.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1049.18.2047.1663 [GMT 4:00]
Running from: c:documents and settingsRozochkaРабочий столComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Outpost Firewall Pro *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32_000006_.tmp.dll
c:windowssystem32_000007_.tmp.dll
c:windowssystem32_000008_.tmp.dll
c:windowssystem32_000020_.tmp.dll
c:windowssystem32_000021_.tmp.dll
c:windowssystem32_000022_.tmp.dll
c:windowssystem32_000023_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.

2009-05-02 10:45 . 2008-06-14 17:59 272512 -c—-w c:windowssystem32dllcachebthport.sys
2009-05-02 10:45 . 2008-06-14 17:59 272512

---

w c:windowssystem32driversbthport.sys
2009-05-02 10:28 . 2009-05-02 10:36

---

d

---

w c:windowssystem32CatRoot_bak
2009-05-01 10:14 . 2009-05-01 10:14

---

d

---

w C:rsit
2009-05-01 10:13 . 2009-02-09 11:52 2059520 -c—-w c:windowssystem32dllcachentkrnlpa.exe
2009-05-01 10:13 . 2009-02-09 11:52 2017792 -c—-w c:windowssystem32dllcachentkrpamp.exe
2009-05-01 10:13 . 2009-02-09 11:52 2182272 -c—-w c:windowssystem32dllcachentoskrnl.exe
2009-05-01 10:13 . 2009-02-09 11:52 2138112 -c—-w c:windowssystem32dllcachentkrnlmp.exe
2009-05-01 09:50 . 2008-10-24 11:10 453632 -c—-w c:windowssystem32dllcachemrxsmb.sys
2009-04-30 15:06 . 2009-04-30 15:06

---

d

---

w c:documents and settingsRozochkaApplication DataMalwarebytes
2009-04-30 15:06 . 2009-04-06 11:32 15504 —-a-w c:windowssystem32driversmbam.sys
2009-04-30 15:06 . 2009-04-06 11:32 38496 —-a-w c:windowssystem32driversmbamswissarmy.sys
2009-04-30 15:06 . 2009-04-30 15:06

---

d

---

w c:documents and settingsAll Users.WINDOWSApplication DataMalwarebytes
2009-04-30 15:06 . 2009-04-30 15:06

---

d

---

w c:program filesMalwarebytes’ Anti-Malware
2009-04-30 15:03 . 2009-04-30 15:03

---

d

---

w c:documents and settingsRozochkaDoctorWeb
2009-04-30 13:50 . 2006-10-31 07:10 35840 —-a-w c:windowssystem32driversatl01_xp.sys
2009-04-30 11:13 . 2009-04-30 11:13

---

d

---

w c:program filesAvira
2009-04-30 11:13 . 2009-04-30 11:13

---

d

---

w c:documents and settingsAll Users.WINDOWSApplication DataAvira
2009-04-30 11:07 . 2009-04-30 11:07

---

d

---

w c:program filesAIMP2
2009-04-30 10:59 . 2004-08-03 19:15 145792 -c—a-w c:windowssystem32dllcacheportcls.sys
2009-04-30 10:59 . 2004-08-03 19:15 145792 —-a-w c:windowssystem32driversportcls.sys
2009-04-30 10:59 . 2004-08-17 12:04 4096 -c—a-w c:windowssystem32dllcacheksuser.dll
2009-04-30 10:59 . 2004-08-17 12:04 4096 —-a-w c:windowssystem32ksuser.dll
2009-04-30 10:59 . 2004-08-03 19:08 60288 -c—a-w c:windowssystem32dllcachedrmk.sys
2009-04-30 10:59 . 2004-08-03 19:08 60288 —-a-w c:windowssystem32driversdrmk.sys
2009-04-30 10:59 . 2005-05-04 05:20 53248 —-a-w c:windowssystem32wdmioctl.dll
2009-04-30 10:59 . 2001-09-11 11:20 1285632 —-a-w c:windowssystem32SMMedia.dll
2009-04-30 10:59 . 2006-07-10 11:42 49152 —-a-w c:windowssystem32DSndUp.exe
2009-04-30 10:59 . 2002-04-17 11:05 45056 —-a-w c:windowssystem32CleanUp.exe
2009-04-30 10:59 . 2008-07-09 07:58 26488 —-a-w c:windowssystem32spupdsvc.exe
2009-04-30 10:57 . 2006-03-17 14:18 392960 —-a-w c:windowssystem32driverssenfilt.sys
2009-04-30 10:57 . 2007-03-27 06:36 28160 —-a-w c:windowssystem32PostProc.dll
2009-04-30 10:57 . 2001-09-19 09:47 765952 —-a-w c:windowssystemcrlds3d.dll
2009-04-30 10:57 . 2007-05-18 05:20 94848 —-a-w c:windowssystem32driversaeaudio.sys
2009-04-30 10:57 . 2003-08-19 15:36 65536 -c—a-w c:windowssystem32dllcachea3d.dll
2009-04-30 10:57 . 2007-05-18 07:01 304640 —-a-w c:windowssystem32driversADIHdAud.sys
2009-04-30 10:57 . 2003-08-19 15:36 65536 —-a-w c:windowssystem32a3d.dll
2009-04-30 10:53 . 2009-04-30 10:53

---

dc—-w c:windowssystem32DRVSTORE
2009-04-30 10:53 . 2009-04-30 10:53

---

d

---

w C:Intel
2009-04-29 19:36 . 2009-04-30 12:53

---

d

---

w c:program filesSIW
2009-04-29 15:31 . 2008-10-16 10:09 43544 —-a-w c:windowssystem32wups2.dll
2009-04-29 15:26 . 2009-04-29 15:26

---

d-s—w c:documents and settingsRozochkaUserData
2009-04-26 18:18 . 1998-10-07 13:14 327168 —-a-w c:windowsIsUn0419.exe
2009-04-26 18:17 . 2009-04-30 11:06

---

d

---

w c:documents and settingsRozochkaApplication DataAIMP
2009-04-26 17:16 . 2009-04-26 17:16

---

d

---

w c:documents and settingsRozochkaApplication DataDAEMON Tools
2009-04-26 17:16 . 2009-04-26 17:17

---

d

---

w c:documents and settingsRozochkaApplication DataDAEMON Tools Pro
2009-04-26 17:15 . 2009-04-26 17:15

---

d

---

w c:documents and settingsAll Users.WINDOWSApplication DataDAEMON Tools Lite
2009-04-26 16:39 . 2009-04-26 16:39 717296 —-a-w c:windowssystem32driverssptd.sys
2009-04-26 16:39 . 2009-04-26 16:39

---

d

---

w c:documents and settingsRozochkaApplication DataDAEMON Tools Lite
2009-04-26 10:02 . 2003-06-18 19:31 17920 —-a-w c:windowssystem32mdimon.dll
2009-04-26 09:56 . 2009-04-29 17:25

---

d

---

w c:documents and settingsRozochkaLocal SettingsApplication DataAdobe
2009-04-26 09:53 . 2009-04-26 16:34

---

d

---

w c:documents and settingsRozochkaApplication DataImgBurn
2009-04-26 09:53 . 2009-04-26 09:53

---

d

---

w c:program filesImgBurn
2009-04-25 20:01 . 2001-08-17 21:59 3072 —-a-w c:windowssystem32driversaudstub.sys
2009-04-25 20:01 . 2004-08-17 15:49 58112 —-a-w c:windowssystem32driversredbook.sys
2009-04-25 20:00 . 2001-08-17 21:46 6400 —-a-w c:windowssystem32driversenum1394.sys
2009-04-25 20:00 . 2004-08-17 12:04 76800 -c—a-w c:windowssystem32dllcacheusbui.dll
2009-04-25 20:00 . 2004-08-17 12:04 76800 —-a-w c:windowssystem32usbui.dll
2009-04-25 19:56 . 2009-04-25 16:19

---

d

---

w c:documents and settingsAll Users.WINDOWS
2009-04-25 19:56 . 2009-05-03 13:35

---

d—h—w c:documents and settingsDefault User.WINDOWS
2009-04-25 16:51 . 2009-04-25 16:51 0 —-a-w c:windowsnsreg.dat
2009-04-25 16:51 . 2009-04-25 16:51

---

d

---

w c:documents and settingsRozochkaLocal SettingsApplication DataMozilla
2009-04-25 16:50 . 2009-02-26 06:27 704384 —-a-w c:windowssystem32driversSandBox.sys
2009-04-25 16:50 . 2009-02-10 12:15 257432 —-a-w c:windowssystem32driversafwcore.sys
2009-04-25 16:50 . 2008-06-20 05:45 30864 —-a-w c:windowssystem32driversafw.sys
2009-04-25 16:50 . 2009-04-25 16:50

---

d

---

w c:documents and settingsAll Users.WINDOWSApplication DataAgnitum
2009-04-25 16:45 . 2004-08-03 19:08 26496 -c—a-w c:windowssystem32dllcacheusbstor.sys
2009-04-25 16:30 . 2008-12-25 18:08 453152 —-a-w c:windowssystem32nvudisp.exe
2009-04-25 16:30 . 2008-12-23 17:58 453152 —-a-w c:windowssystem32NVUNINST.EXE
2009-04-25 16:25 . 2009-04-25 16:25

---

d

---

w c:documents and settingsLocalService.NT AUTHORITYLocal SettingsApplication DataMicrosoft
2009-04-25 16:25 . 2009-04-25 16:25

---

d-sh—w c:documents and settingsLocalService.NT AUTHORITY
2009-04-25 16:24 . 2009-04-25 16:24

---

d

---

w c:documents and settingsNetworkService.NT AUTHORITYLocal SettingsApplication DataMicrosoft
2009-04-25 16:24 . 2009-04-25 16:24

---

d-sh—w c:documents and settingsNetworkService.NT AUTHORITY
2009-04-25 16:21 . 2004-08-18 12:00 10129408 -c—a-w c:windowssystem32dllcachehwxkor.dll
2009-04-25 16:20 . 2009-04-25 16:20

---

d

---

w c:documents and settingsDefault User.WINDOWSLocal SettingsApplication DataMicrosoft
2009-04-25 16:19 . 2009-04-25 16:19

---

d-sh—w c:documents and settingsAll Users.WINDOWSDRM
2009-04-25 16:17 . 2004-08-18 12:00 240640 -c—a-w c:windowssystem32dllcachesrrstr.dll
2009-04-25 16:16 . 2004-08-18 12:00 5632 -c—a-w c:windowssystem32dllcachewrite.exe
2009-04-25 16:15 . 2004-08-18 12:00 11776 -c—a-w c:windowssystem32dllcachexolehlp.dll
2009-04-25 08:47 . 2009-04-25 08:47

---

d

---

w c:documents and settingsAdministratorApplication DataImgBurn
2009-04-23 09:18 . 2009-04-23 09:18

---

d-sh—w C:found.000
2009-04-18 15:59 . 2009-04-25 06:08

---

d

---

w c:program filesSpybot — Search & Destroy
2009-04-16 13:26 . 2009-04-16 13:27

---

d

---

w c:documents and settingsAdministratorApplication DataMedia Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 13:38 . 2009-04-25 16:25 6 —ha-w c:windowsTasksSA.DAT
2009-04-30 11:00 . 2004-08-18 12:00 49552 —-a-w c:windowssystem32perfc019.dat
2009-04-30 11:00 . 2004-08-18 12:00 346452 —-a-w c:windowssystem32perfh019.dat
2009-04-27 18:06 . 2009-04-25 16:19 86327 —-a-w c:windowspchealthhelpctrOfflineCacheindex.dat
2009-04-26 10:02 . 2009-04-25 16:26 42168 —-a-w c:documents and settingsRozochkaLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-04-26 09:49 . 2009-01-16 15:17

---

d

---

w c:program filesThe KMPlayer
2009-04-25 16:20 . 2004-08-18 12:00 67 —sha-w c:windowsFontsdesktop.ini
2009-04-25 16:17 . 2009-04-25 16:17 22564 —-a-w c:windowssystem32emptyregdb.dat
2009-04-25 06:18 . 2009-02-28 12:19

---

d

---

w c:program filesCommon FilesAdobe
2009-04-25 06:06 . 2009-01-05 14:39

---

d—h—w c:program filesInstallShield Installation Information
2009-04-05 12:58 . 2009-01-05 12:38 48632 —-a-w c:documents and settingsAdministratorLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-03-24 15:03 . 2009-03-24 15:03

---

d

---

w c:program filesInterpretatio
2009-03-14 09:05 . 2009-03-14 09:05

---

d

---

w c:program filesAgnitum
2009-03-06 14:47 . 2004-08-18 12:00 284160 —-a-w c:windowssystem32pdh.dll
2009-02-20 08:32 . 2004-08-18 12:00 659968 —-a-w c:windowssystem32wininet.dll
2009-02-20 08:32 . 2004-08-18 12:00 81920 —-a-w c:windowssystem32ieencode.dll
2009-02-09 14:18 . 2004-08-18 12:00 1846400 —-a-w c:windowssystem32win32k.sys
2009-02-09 11:52 . 2004-08-17 15:58 2017792 —-a-w c:windowssystem32ntkrnlpa.exe
2009-02-09 11:52 . 2004-08-18 12:00 2138112 —-a-w c:windowssystem32ntoskrnl.exe
2009-02-09 10:21 . 2004-08-18 12:00 725504 —-a-w c:windowssystem32lsasrv.dll
2009-02-09 10:21 . 2004-08-18 12:00 687104 —-a-w c:windowssystem32advapi32.dll
2009-02-09 10:21 . 2004-08-18 12:00 399360 —-a-w c:windowssystem32rpcss.dll
2009-02-09 10:21 . 2004-08-18 12:00 718848 —-a-w c:windowssystem32ntdll.dll
2009-02-09 10:10 . 2004-08-18 12:00 111104 —-a-w c:windowssystem32services.exe
2009-02-06 16:54 . 2004-08-18 12:00 35328 —-a-w c:windowssystem32sc.exe
2009-02-03 20:11 . 2004-08-18 12:00 55808 —-a-w c:windowssystem32secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-12-25 13680640]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-12-25 86016]
«OutpostFeedBack»=»c:program filesAgnitumOutpost Firewall Profeedback.exe» [2009-03-02 433480]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2007-03-16 868352]
«avgnt»=»c:program filesAviraAntiVir PersonalEdition Classicavgnt.exe» [2008-06-12 266497]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2008-12-25 1657376]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=

S1 SandBox;SandBox;c:windowssystem32driversSandBox.sys [2009-02-26 704384]
S3 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe [2009-03-02 1267016]
S3 afw;Agnitum firewall driver;c:windowssystem32DRIVERSafw.sys [2008-06-20 30864]
S3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2009-02-10 257432]
S3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt.dll [2009-02-26 33888]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:windowssystem32DRIVERSatl01_xp.sys [2006-10-31 35840]

.
.

---

Supplementary Scan

---

.
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsRozochkaApplication DataMozillaFirefoxProfilesq3i1x0zg.default
FF — prefs.js: browser.search.selectedEngine — Яндекс
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 17:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

Other Running Processes

---

.
c:program filesAviraAntiVir PersonalEdition Classicsched.exe
c:program filesAviraAntiVir PersonalEdition Classicavguard.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32wscntfy.exe
c:windowssystem32rundll32.exe
.
**************************************************************************
.
Completion time: 2009-05-03 17:41 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-03 13:41

Pre-Run: 34 383 249 408 байт свободно
Post-Run: 34 417 557 504 байт свободно

191 — E O F — 2009-05-03 12:25