Размещено 20.01.2011 11:48:25
Понять не могу как вообще папка карантина этой программы может помочь?
Вот лог в котором 100% причина блокировки обновления нода.
Папка и файлы имеются, могу прислать, но они чистые даже сам Malwarebytes не видит.
[CODE]Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Версия базы данных: 5363
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
01.01.2003 7:03:22
mbam-log-2003-01-01 (07-03-22).txt
Тип сканирования: Полное сканирование (C:\|)
Просканированные объекты: 348848
Времени прошло: 1 часов, 9 минут, 18 секунд
Заражённые процессы в памяти: 0
Заражённые модули в памяти: 0
Заражённые ключи в реестре: 0
Заражённые параметры в реестре: 1
Объекты реестра заражены: 5
Заражённые папки: 1
Заражённые файлы: 27
Заражённые процессы в памяти:
(Вредоносных программ не обнаружено)
Заражённые модули в памяти:
(Вредоносных программ не обнаружено)
Заражённые ключи в реестре:
(Вредоносных программ не обнаружено)
Заражённые параметры в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\load (Worm.Viking) -> Value: load -> Quarantined and deleted successfully.
Объекты реестра заражены:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(defa ult) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Заражённые папки:
c:\documents and settings\Admin\local settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.
Заражённые файлы:
c:\documents and settings\Admin\local settings\Temp\agentvkontaktesetup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\RegEx.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\8BQ1GGC2\agentsetup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\рабочий стол\downloads\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\activision\call of duty 4 - modern warfare\easyaccount.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\program files\daemon tools\setupdtsb.exe (Adware.WhenU) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\krnln.fnr (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\com.run (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\RegEx.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\CPLDAPU\ProduKey.exe (PUP.PSWTool.ProductKey) -> Not selected for removal.
c:\WINDOWS\system32\D0ED12\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\D0ED12\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\D0ED12\RegEx.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\og.edt (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\krnln.fnr (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully. [/CODE]
Вот лог в котором 100% причина блокировки обновления нода.
Папка и файлы имеются, могу прислать, но они чистые даже сам Malwarebytes не видит.
[CODE]Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Версия базы данных: 5363
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
01.01.2003 7:03:22
mbam-log-2003-01-01 (07-03-22).txt
Тип сканирования: Полное сканирование (C:\|)
Просканированные объекты: 348848
Времени прошло: 1 часов, 9 минут, 18 секунд
Заражённые процессы в памяти: 0
Заражённые модули в памяти: 0
Заражённые ключи в реестре: 0
Заражённые параметры в реестре: 1
Объекты реестра заражены: 5
Заражённые папки: 1
Заражённые файлы: 27
Заражённые процессы в памяти:
(Вредоносных программ не обнаружено)
Заражённые модули в памяти:
(Вредоносных программ не обнаружено)
Заражённые ключи в реестре:
(Вредоносных программ не обнаружено)
Заражённые параметры в реестре:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\load (Worm.Viking) -> Value: load -> Quarantined and deleted successfully.
Объекты реестра заражены:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(defa ult) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Заражённые папки:
c:\documents and settings\Admin\local settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.
Заражённые файлы:
c:\documents and settings\Admin\local settings\Temp\agentvkontaktesetup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\RegEx.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\temporary internet files\Content.IE5\8BQ1GGC2\agentsetup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\рабочий стол\downloads\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\activision\call of duty 4 - modern warfare\easyaccount.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\program files\daemon tools\setupdtsb.exe (Adware.WhenU) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\krnln.fnr (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\com.run (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\RegEx.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\CPLDAPU\ProduKey.exe (PUP.PSWTool.ProductKey) -> Not selected for removal.
c:\WINDOWS\system32\D0ED12\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\D0ED12\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\D0ED12\RegEx.fne (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\og.edt (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\krnln.fnr (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\Admin\local settings\Temp\E_4\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully. [/CODE]