"ЛЕНТА НОВОСТЕЙ"!!!! ПОМОГИТЕ!!!!!!!

[Denchik]

Добрый день!
Замучила «ЛЕНТА НОВОСТЕЙ»….. HELP!!!!!
Прочитал ваши рекомендации по этому поводу, скачал RSIT ….., но программа через несколько минут пишет Autolt Error: Line-1: Variable used without being declaired.
Потом просканировала и выдала:

Logfile of random’s system information tool 1.05 (written by random/random)
Run by Администратор at 2009-01-22 13:13:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 70 GB (91%) free of 76 GB
Total RAM: 895 MB (60% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-07-13 623304]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master — C:PROGRA~1DOWNLO~1dmiehlp.dll [2007-07-20 152064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE5662D2-8EBF-4A77-B9E5-AC525EA75188}]
AAC-SLS Data Helper — C:Documents and SettingsAll UsersApplication Dataqlulib.dll [2009-01-17 321536]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{09900DE8-1DCA-443F-9243-26FF581438AF} — Спутник@Mail.Ru — C:Program FilesMail.RuSputnikMailRuSputnik.dll [2008-07-13 623304]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3C} — DM Bar — C:Program FilesDownload Masterdmbar.dll [2007-11-26 180224]
{91397D20-1446-11D4-8AF4-0040CA1127B6} — Яндекс.Бар — C:Program FilesYandexYandexBarIEyndbar.dll [2009-01-13 3112736]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«HControl»=C:WINDOWSATK0100HControl.exe [2006-10-14 110592]
«RTHDCPL»=C:WINDOWSRTHDCPL.EXE [2006-10-30 16269312]
«SkyTel»=C:WINDOWSSkyTel.EXE [2006-05-16 2879488]
«SMSERIAL»=C:Program FilesMotorolaSMSERIALsm56hlpr.exe [2006-08-07 573440]
«SynTPEnh»=C:Program FilesSynapticsSynTPSynTPEnh.exe [2006-05-25 786521]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
«StartCCC»=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2006-11-10 90112]
«OM2_Monitor»=C:Program FilesOLYMPUSOLYMPUS Master 2MMonitor.exe [2008-11-07 95536]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
C:Program FilesDownload Masterdmaster.exe [2008-07-01 3282432]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
C:Documents and SettingsАдминистраторApplication DataMail.RuAgentMAgent.exe [2008-10-24 4412920]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNokia.PCSync]
C:Program FilesNokiaNokia PC Suite 7PCSync2.exe [2008-06-17 1249280]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe [2008-06-18 1122816]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2003-10-31 32768]

C:Documents and SettingsAll UsersГлавное менюПрограммыАвтозагрузка
Microsoft Office.lnk — C:Program FilesMicrosoft OfficeOffice10OSA.EXE
Ускоренный запуск Adobe Reader.lnk — C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

C:Documents and SettingsАдминистраторГлавное менюПрограммыАвтозагрузка
CCC.lnk — C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«Start_NotifyNewApps»=0
«NoDriveAutoRun»=67108863
«NoDrives»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-01-22 13:13:29 —-D—- C:Program Filestrend micro
2009-01-22 12:44:21 —-D—- C:WINDOWStemp
2009-01-22 12:44:20 —-A—- C:ComboFix.txt
2009-01-22 12:38:55 —-A—- C:Boot.bak
2009-01-22 12:38:49 —-RASHD—- C:cmdcons
2009-01-22 12:23:39 —-D—- C:rsit
2009-01-22 12:21:57 —-A—- C:WINDOWSzip.exe
2009-01-22 12:21:57 —-A—- C:WINDOWSVFIND.exe
2009-01-22 12:21:57 —-A—- C:WINDOWSSWXCACLS.exe
2009-01-22 12:21:57 —-A—- C:WINDOWSSWSC.exe
2009-01-22 12:21:57 —-A—- C:WINDOWSSWREG.exe
2009-01-22 12:21:57 —-A—- C:WINDOWSsed.exe
2009-01-22 12:21:57 —-A—- C:WINDOWSNIRCMD.exe
2009-01-22 12:21:57 —-A—- C:WINDOWSgrep.exe
2009-01-22 12:21:57 —-A—- C:WINDOWSfdsv.exe
2009-01-22 12:21:55 —-D—- C:WINDOWSERDNT
2009-01-22 12:21:55 —-D—- C:Qoobox
2009-01-21 19:25:01 —-A—- C:WINDOWSntbtlog.txt
2009-01-18 11:34:59 —-D—- C:Documents and SettingsАдминистраторApplication DataCyberLink
2009-01-18 11:19:08 —-D—- C:WINDOWSpss
2009-01-18 11:18:22 —-D—- C:WINDOWSMinidump
2009-01-17 18:49:59 —-A—- C:Documents and SettingsAll UsersApplication Dataqlulib.dll
2009-01-16 20:34:59 —-D—- C:Program FilesMicrosoft ActiveSync
2009-01-08 21:39:01 —-D—- C:Program FilesOLYMPUS
2009-01-08 21:38:54 —-D—- C:Program FilesMSXML 4.0
2009-01-08 21:04:42 —-D—- C:Program FilesPhotoFiltre

======List of files/folders modified in the last 1 months======

2009-01-22 13:13:29 —-RD—- C:Program Files
2009-01-22 12:44:22 —-D—- C:WINDOWSsystem32drivers
2009-01-22 12:44:22 —-D—- C:WINDOWSsystem32
2009-01-22 12:44:21 —-D—- C:WINDOWS
2009-01-22 12:42:52 —-A—- C:WINDOWSsystem.ini
2009-01-22 12:42:29 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-22 12:40:10 —-D—- C:WINDOWSAppPatch
2009-01-22 12:40:10 —-D—- C:Program FilesCommon Files
2009-01-22 12:39:47 —-RSHD—- C:Recycled
2009-01-22 12:38:55 —-RASH—- C:boot.ini
2009-01-22 12:38:30 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-22 12:21:57 —-SHD—- C:System Volume Information
2009-01-22 12:21:57 —-D—- C:WINDOWSsystem32Restore
2009-01-21 09:47:25 —-D—- C:Program FilesEasy Wireless Net
2009-01-21 09:47:25 —-A—- C:WINDOWSred_dialer.ini
2009-01-20 19:14:51 —-A—- C:WINDOWSModemLog_AnyDATA CDMA USB Modem (PID 6501).txt
2009-01-18 11:25:32 —-A—- C:WINDOWSwin.ini
2009-01-18 11:08:17 —-SD—- C:WINDOWSDownloaded Program Files
2009-01-18 10:57:15 —-D—- C:WINDOWSPrefetch
2009-01-18 10:51:41 —-D—- C:Documents and SettingsАдминистраторApplication DataMra
2009-01-16 20:36:31 —-SD—- C:Documents and SettingsАдминистраторApplication DataMicrosoft
2009-01-16 20:35:23 —-SHD—- C:WINDOWSInstaller
2009-01-16 20:35:22 —-A—- C:WINDOWSODBC.INI
2009-01-16 20:34:56 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-01-16 20:34:35 —-D—- C:WINDOWSHelp
2009-01-16 20:34:23 —-D—- C:Program FilesCommon FilesSystem
2009-01-16 20:34:15 —-RSD—- C:WINDOWSFonts
2009-01-16 20:34:15 —-D—- C:WINDOWSSHELLNEW
2009-01-16 20:33:57 —-D—- C:Program FilesMicrosoft Office
2009-01-16 20:33:21 —-D—- C:WINDOWSsystem
2009-01-14 10:39:52 —-D—- C:Documents and SettingsАдминистраторApplication DataYandex
2009-01-08 21:38:57 —-D—- C:WINDOWSWinSxS
2009-01-05 15:40:25 —-A—- C:WINDOWSNeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Драйвер Intel процессора; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-17 40448]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2007-02-02 1975296]
R3 CmBatt;Драйвер AC-адаптера блока питания (Майкрософт); C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-11-03 4394496]
R3 MTsensor;ATK0100 ACPI UTILITY; C:WINDOWSsystem32DRIVERSATKACPI.sys [2005-02-17 5632]
R3 rimsptsk;rimsptsk; C:WINDOWSsystem32DRIVERSrimsptsk.sys [2005-07-12 51328]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet адаптер, драйвер для NT; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-04 20992]
R3 smserial;smserial; C:WINDOWSsystem32DRIVERSsmserial.sys [2006-08-07 980608]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2006-05-25 193088]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 концентратор; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Драйвер минипорта Microsoft USB открытого хост-контроллера; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
R4 catchme;catchme; ??C:DOCUME~19335~1LOCALS~1Tempcatchme.sys []
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:WINDOWSsystem32DRIVERSadusbser.sys [2006-10-23 93440]
S3 HidUsb;Драйвер класса HID Microsoft; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 mouhid;Драйвер мыши HID; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-10-19 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:WINDOWSsystem32DRIVERSpccsmcfd.sys [2007-09-17 21632]
S3 sdbus;sdbus; C:WINDOWSsystem32DRIVERSsdbus.sys [2004-08-03 67584]
S3 SONYPVU1;Драйвер Sony USB фильтра (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2007-02-02 446464]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-10 38912]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:Program FilesPC Connectivity SolutionServiceLayer.exe [2008-05-30 572416]

---

EOF

---

info.txt logfile of random’s system information tool 1.05 2009-01-22 13:13:30
======Uninstall list======

—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime701Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{DD4F051C-1A2B-4A91-B187-B093C597418C}setup.exe» -l0x19 anything
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
7-Zip 4.20—>»C:Program Files7-ZipUninstall.exe»
Adobe Flash Player ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Reader 7.0 — Russian—>MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A70000000000}
ATI — Утилита деинсталляции—>C:Program FilesATI TechnologiesUninstallAllAtiCimUn.exe
ATI Catalyst Control Center—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime91Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{055EE59D-217B-43A7-ABFF-507B966405D8}setup.exe» -l0x0
ATI Display Driver—>rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder—>MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATK0100 ACPI UTILITY—>C:WINDOWSATK0100XPunin.exe
DivX Codec—>C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter—>C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player—>C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Download Master version 5.5.4.1133—>»C:Program FilesDownload Masterunins000.exe»
Easy Wireless Net 3.16.04—>C:Program FilesEasy Wireless Netuninst.exe
High Definition Audio — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
K-Lite Mega Codec Pack 3.4.0—>»C:Program FilesK-Lite Codec Packunins000.exe»
Mail.Ru Спутник 2.0—>C:Program FilesMail.RuSputnikSputnikInstaller.exe -uninstall
Microsoft .NET Framework 2.0—>C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Microsoft .NET Framework 2.0install.exe
Microsoft Office — профессиональный выпуск версии 2003—>MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage—>MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola SM56 Data Fax Modem—>rundll32.exe sm56coin.dll,SM56UnInstaller
MSVC80_x86—>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 Parser and SDK—>MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver—>MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia PC Suite—>C:Documents and SettingsAll UsersApplication DataInstallations{2B8BEBBF-73A0-497D-9900-8474D022AB3F}Nokia_PC_Suite_rel_7_0_7_0_rus_web.exe
Nokia PC Suite—>MsiExec.exe /I{2B8BEBBF-73A0-497D-9900-8474D022AB3F}
OLYMPUS Master 2—>MsiExec.exe /X{E68C446D-D95A-4160-AC39-DE7062422985}
PC Connectivity Solution—>MsiExec.exe /I{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}
PhotoFiltre—>»C:Program FilesPhotoFiltreUninst.exe»
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe» -uninstall
QIP Infium 2.0.9020 RC3—>»C:Program FilesQIP Infiumunins000.exe»
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x19 -removeonly
Synaptics Pointing Device Driver—>rundll32.exe «C:Program FilesSynapticsSynTPSynISDLL.dll»,standAloneUninstall
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Архиватор WinRAR—>C:Program FilesWinRARuninstall.exe
Пакет драйверов Windows — Nokia Modem (05/22/2008 3.8)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181Enokia_bluetooth.inf
Пакет драйверов Windows — Nokia Modem (05/22/2008 7.00.0.1)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREnokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9nokbtmdm.inf
Пакет драйверов Windows — Nokia pccsmcfd (10/12/2007 6.85.4.0)—>C:PROGRA~1DIFX270581355A767BF1dpinst.exe /u C:WINDOWSsystem32DRVSTOREpccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175pccsmcfd.inf
Проигрыватель Windows Media 10—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Яндекс.Бар для Internet Explorer 4.0.0—>»C:Program FilesYandexYandexBarIEunins000.exe»

System event log

Computer Name: SKYNET-8C61C0DE
Event Code: 32
Message: Зависимая совокупность Microsoft.VC80.MFCLOC не может быть найдена, последняя ошибка Указанная совокупность не установлена в системе.

Record Number: 4437
Source Name: SideBySide
Time Written: 20081101205007.000000+180
Event Type: ошибка
User:

Computer Name: SKYNET-8C61C0DE
Event Code: 7036
Message: Служба «Служба сетевого расположения (NLA)» перешла в состояние Работает.

Record Number: 4436
Source Name: Service Control Manager
Time Written: 20081101205007.000000+180
Event Type: информация
User:

Computer Name: SKYNET-8C61C0DE
Event Code: 7036
Message: Служба «Совместимость быстрого переключения пользователей» перешла в состояние Работает.

Record Number: 4435
Source Name: Service Control Manager
Time Written: 20081101205007.000000+180
Event Type: информация
User:

Computer Name: SKYNET-8C61C0DE
Event Code: 7035
Message: Служба «Служба сетевого расположения (NLA)» успешно отправила управляющий элемент «запустить».

Record Number: 4434
Source Name: Service Control Manager
Time Written: 20081101205007.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

Computer Name: SKYNET-8C61C0DE
Event Code: 7035
Message: Служба «Совместимость быстрого переключения пользователей» успешно отправила управляющий элемент «запустить».

Record Number: 4433
Source Name: Service Control Manager
Time Written: 20081101205007.000000+180
Event Type: информация
User: NT AUTHORITYSYSTEM

Application event log

Computer Name: SKYNET-8C61C0DE
Event Code: 100
Message: wuauclt (2800) Ядро базы данных 5.01.2600.2180 запущено.

Record Number: 1250
Source Name: ESENT
Time Written: 20080926211304.000000+240
Event Type: информация
User:

Computer Name: SKYNET-8C61C0DE
Event Code: 0
Message:
Record Number: 1249
Source Name: ServiceLayer
Time Written: 20080926211222.000000+240
Event Type: информация
User:

Computer Name: SKYNET-8C61C0DE
Event Code: 1800
Message: Служба центра обеспечения безопасности Windows запущена.

Record Number: 1248
Source Name: SecurityCenter
Time Written: 20080926211219.000000+240
Event Type: информация
User:

Computer Name: SKYNET-8C61C0DE
Event Code: 101
Message: wuauclt (2936) Ядро базы данных остановлено.

Record Number: 1247
Source Name: ESENT
Time Written: 20080925194047.000000+240
Event Type: информация
User:

Computer Name: SKYNET-8C61C0DE
Event Code: 103
Message: wuaueng.dll (2936) SUS20ClientDataStore: Ядро базы данных остановило работу экземпляра (0).

Record Number: 1246
Source Name: ESENT
Time Written: 20080925194047.000000+240
Event Type: информация
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%systemroot%system32;%systemroot%;%systemroot%system32wbem;C:Program FilesPC Connectivity Solution;C:Program FilesATI TechnologiesATI.ACECore-Static
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 15 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=0f06
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

---

EOF

---

Запустил Combofix…..и вот результат….! Какой вывод из этого модно сделать????? 🙂 Лента новостей не удалилась!!!!!! 💡

ComboFix 09-01-20.05 — Администратор 2009-01-22 12:39:42.1 — NTFSx86
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.jpg
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.jpg
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.jpg
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.jpg
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.jpg
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsАдминистраторLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.jpg
c:documents and settingsАдминистраторLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.gif
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:recycledRecycled
c:windowsIE4 Error Log.txt
c:windowssystem32shell31.dll
c:windowssystem32sysprep.exe
c:windowswiaservb.log
c:windowswiaserviv.log
c:windowssystem32driversstr.sys . . . . failed to delete

---

BITS: Possible infected sites

---

hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-22 12:23 . 2009-01-22 12:23

d

---

C:rsit
2009-01-18 11:34 . 2009-01-18 11:34 d

---

c:documents and settingsАдминистраторApplication DataCyberLink
2009-01-18 11:34 . 2009-01-18 11:34 d

---

c:documents and settingsАдминистраторApplication DataCyberLink
2009-01-18 11:34 . 2009-01-18 11:34 d

---

c:documents and settingsАдминистраторApplication DataCyberLink
2009-01-17 18:49 . 2009-01-17 18:50 321,536 —a

---

c:documents and settingsAll UsersApplication Dataqlulib.dll
2009-01-16 20:34 . 2009-01-16 20:34 d

---

c:program filesMicrosoft ActiveSync
2009-01-08 21:39 . 2009-01-08 21:39 d

---

c:program filesOLYMPUS
2009-01-08 21:38 . 2009-01-08 21:38 d

---

c:program filesMSXML 4.0
2009-01-08 21:04 . 2009-01-08 21:04 d

---

c:program filesPhotoFiltre

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 06:47

---

d

---

w c:program filesEasy Wireless Net
2009-01-18 07:51

---

d

---

w c:documents and settingsАдминистраторApplication DataMra
2009-01-18 07:51

---

d

---

w c:documents and settingsАдминистраторApplication DataMra
2009-01-18 07:51

---

d

---

w c:documents and settingsАдминистраторApplication DataMra
2009-01-14 07:39

---

d

---

w c:documents and settingsАдминистраторApplication DataYandex
2009-01-14 07:39

---

d

---

w c:documents and settingsАдминистраторApplication DataYandex
2009-01-14 07:39

---

d

---

w c:documents and settingsАдминистраторApplication DataYandex
2008-12-12 19:15

---

d

---

w c:program filesQIP Infium
2008-12-12 19:15

---

d

---

w c:documents and settingsАдминистраторApplication DataQIP
2008-12-12 19:15

---

d

---

w c:documents and settingsАдминистраторApplication DataQIP
2008-12-12 19:15

---

d

---

w c:documents and settingsАдминистраторApplication DataQIP
2008-12-12 19:12

---

d

---

w c:program filesQIP
2008-07-13 19:33 4,085,240 —-a-w c:program filesmagentsetup.exe
2008-07-13 19:16 2,047,416 —-a-w c:program filesqip8070.exe
2008-07-13 15:36 4,922,640 —-a-w c:program filesdmaster.exe
.

---

Sigcheck

---

2005-03-14 04:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 c:windows$hf_mig$KB893066SP2QFEtcpip.sys
2005-03-14 03:55 359808 1898df9a9d550da97c2ed41ae3c76a25 c:windowssystem32dllcachetcpip.sys
2005-03-14 03:55 359808 1898df9a9d550da97c2ed41ae3c76a25 c:windowssystem32driverstcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{FE5662D2-8EBF-4A77-B9E5-AC525EA75188}]
2009-01-17 18:50 321536 —a

---

c:documents and settingsAll UsersApplication Dataqlulib.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-01-13 3112736]

[HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«StartCCC»=»c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2006-11-10 90112]
«OM2_Monitor»=»c:program filesOLYMPUSOLYMPUS Master 2MMonitor.exe» [2008-11-07 95536]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«HControl»=»c:windowsATK0100HControl.exe» [2006-10-14 110592]
«SMSERIAL»=»c:program filesMotorolaSMSERIALsm56hlpr.exe» [2006-08-07 573440]
«SynTPEnh»=»c:program filesSynapticsSynTPSynTPEnh.exe» [2006-05-25 786521]
«RTHDCPL»=»RTHDCPL.EXE» [2006-10-30 c:windowsRTHDCPL.exe]
«SkyTel»=»SkyTel.EXE» [2006-05-16 c:windowsSkyTel.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]

c:documents and settingsЂ¤¬Ё­Ёбва в®аѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
CCC.lnk — c:program filesATI TechnologiesATI.ACECore-StaticCCC.exe [2006-09-29 49152]

c:documents and settingsAll Usersѓ« ў­®Ґ ¬Ґ­оЏа®Ја ¬¬лЂўв®§ Јаг§Є 
Microsoft Office.lnk — c:program filesMicrosoft OfficeOffice10OSA.EXE [2001-02-13 83360]
“᪮७­л© § ЇгбЄ Adobe Reader.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«Start_NotifyNewApps»= 0 (0x0)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«Start_NotifyNewApps»= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.I420″= i420vfw.dll
«msacm.l3fhg»= mp3fhg.acm
«VIDC.X264″= x264vfw.dll
«VIDC.HFYU»= huffyuv.dll
«vidc.i263″= i263_32.drv
«msacm.ac3filter»= ac3filter.acm
«msacm.divxa32″= divxa32.acm

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownload Master]
—a

---

2008-07-01 16:24 3282432 c:program filesDownload Masterdmaster.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
—a

---

2008-10-24 19:34 4412920 c:documents and settingsАдминистраторApplication DataMail.RuAgentmagent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a

---

2001-07-09 10:50 155648 c:windowssystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNokia.PCSync]
—a

---

2008-06-17 15:00 1249280 c:program filesNokiaNokia PC Suite 7PcSync2.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Suite Tray]
—a

---

2008-06-18 13:31 1122816 c:program filesNokiaNokia PC Suite 7PCSuite.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
—a

---

2003-10-31 18:42 32768 c:program filesCyberLinkPowerDVDPDVDServ.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusDisableNotify»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=

S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:windowssystem32driversadusbser.sys [2008-04-26 93440]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
.

---

Supplementary Scan

---

.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Поиск@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/SEARCH.HTM
IE: Словари@Mail.Ru — c:program filesMail.RuSputnikMailRuSputnik.dll/TRANSLATE.HTM
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74} — c:program filesDownload Masterdmaster.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 12:42:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

c:windowssystem32driversstr.sys 0 bytes
c:windowssystem32driverstciajotdm.sys 30848 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001Servicestojilniualgo]
«ImagePath»=»??c:windowssystem32driverstciajotdm.sys»
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(572)
c:windowssystem32Ati2evxx.dll
.

---

Other Running Processes

---

.
c:windowssystem32ati2evxx.exe
c:windowssystem32ati2evxx.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:windowssystem32wdfmgr.exe
c:program filesATI TechnologiesATI.ACECore-StaticMOM.exe
c:windowsATK0100ATKOSD.exe
.
**************************************************************************
.
Completion time: 2009-01-22 12:44:18 — machine was rebooted
ComboFix-quarantined-files.txt 2009-01-22 09:44:12

Pre-Run: 72 313 274 368 байт свободно
Post-Run: 73,162,358,784 байт свободно

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect

193

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:

Registry::

[-HKEY_LOCAL_MACHINE~Browser Helper Objects{FE5662D2-8EBF-4A77-B9E5-AC525EA75188}]

[-HKEY_LOCAL_MACHINESystemControlSet001Servicestojilniualgo]



File::

c:windowssystem32driversstr.sys

c:windowssystem32driverstciajotdm.sys

c:documents and settingsAll UsersApplication Dataqlulib.dll

Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
И конечно-же проверьте InternetExplorer в работе.

[Автор]

Сообщения