Wirus z facebooka, pomocy!

olka32 · 23 Sierpień 2011 17:13

Padłam ofiarą facebook’owego wirusa, nie wiem co ma teraz zrobić? Nie ,ogę wchodzić na fejsika,

Oto

Otl :[2011-08-21 22:55:40 | 005,589,370 | ---- | C] () – C:\WINDOWS\phoenix.rar

[2011-08-21 22:55:40 | 000,182,617 | ---- | C] () – C:\WINDOWS\ufa.rar

[2011-08-21 22:55:38 | 001,075,284 | ---- | C] () – C:\WINDOWS\rpcminer.rar

[2011-08-21 22:53:02 | 004,636,907 | ---- | C] () – C:\WINDOWS\geoiplist

[2011-08-21 22:53:01 | 000,904,792 | ---- | C] () – C:\WINDOWS\geoiplist.rar

[2011-08-21 22:53:01 | 000,246,272 | ---- | C] () – C:\WINDOWS\unrar.exe

[2011-08-21 22:52:46 | 000,000,201 | ---- | C] () – C:\WINDOWS\info1

[2011-08-21 22:49:42 | 000,000,000 | ---- | C] () – C:\WINDOWS\loader2.exe_ok

[2011-08-20 21:11:58 | 000,000,791 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk

[2011-08-20 21:11:58 | 000,000,762 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk

[2011-08-20 21:11:33 | 000,000,680 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk

[2011-08-17 23:11:08 | 000,000,000 | ---- | C] () – C:\Documents and Settings\ola\Moje dokumenty\PDVD_MediaDisc.PlayList

[2011-07-29 23:00:10 | 000,000,730 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk

[2011-07-29 23:00:10 | 000,000,724 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2011-07-28 23:44:56 | 000,000,784 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Malwarebytes’ Anti-Malware.lnk

[2011-07-28 17:49:12 | 000,053,760 | ---- | C] () – C:\WINDOWS\System32\OVDecode.dll

[2011-07-28 00:28:06 | 000,000,000 | ---- | C] () – C:\WINDOWS\nsreg.dat

[2011-07-28 00:22:00 | 000,000,012 | ---- | C] () – C:\Documents and Settings\All Users\Dane aplikacji\ReminderNextRun

[2003-09-12 21:35:06 | 000,086,016 | ---- | C] () – C:\WINDOWS\System32\ati2evxx.dll

[2003-09-12 21:33:38 | 000,376,832 | ---- | C] () – C:\WINDOWS\System32\ati2evxx.exe

[2002-10-01 01:45:06 | 000,354,816 | ---- | C] () – C:\WINDOWS\System32\psisdecd.dll

[2002-10-01 01:42:16 | 000,114,688 | ---- | C] () – C:\WINDOWS\System32\ati2sgag.exe

[2002-10-01 01:41:04 | 000,023,040 | R— | C] () – C:\WINDOWS\System32\drivers\GVCplDrv.sys

[2002-10-01 01:36:01 | 000,006,144 | ---- | C] () – C:\WINDOWS\System32\drivers\FlashSys.sys

[2002-10-01 01:32:04 | 000,155,648 | ---- | C] () – C:\WINDOWS\System32\RTLCPAPI.dll

[2002-10-01 01:25:38 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat

[2002-10-01 01:19:46 | 000,021,856 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat

[2001-10-26 19:30:20 | 000,001,420 | ---- | C] () – C:\WINDOWS\System32\Dcache.bin

[2001-10-26 18:15:16 | 000,355,486 | ---- | C] () – C:\WINDOWS\System32\perfh015.dat

[2001-10-26 18:15:16 | 000,313,828 | ---- | C] () – C:\WINDOWS\System32\perfi015.dat

[2001-10-26 18:15:16 | 000,049,492 | ---- | C] () – C:\WINDOWS\System32\perfc015.dat

[2001-10-26 18:15:16 | 000,034,990 | ---- | C] () – C:\WINDOWS\System32\perfd015.dat

[2001-08-23 15:00:00 | 013,107,200 | ---- | C] () – C:\WINDOWS\System32\oembios.bin

[2001-08-23 15:00:00 | 000,004,463 | ---- | C] () – C:\WINDOWS\System32\oembios.dat

[2001-08-17 23:30:24 | 000,311,604 | ---- | C] () – C:\WINDOWS\System32\perfh009.dat

[2001-08-17 23:30:24 | 000,272,128 | ---- | C] () – C:\WINDOWS\System32\perfi009.dat

[2001-08-17 23:30:24 | 000,028,626 | ---- | C] () – C:\WINDOWS\System32\perfd009.dat

[2001-08-17 23:30:22 | 000,039,992 | ---- | C] () – C:\WINDOWS\System32\perfc009.dat

[2001-08-17 23:15:38 | 000,046,258 | ---- | C] () – C:\WINDOWS\System32\mib.bin

[2001-07-22 04:41:32 | 000,027,440 | ---- | C] () – C:\WINDOWS\System32\drivers\secdrv.sys

[2001-07-22 00:36:48 | 000,218,003 | ---- | C] () – C:\WINDOWS\System32\dssec.dat

[2001-07-22 00:36:04 | 000,673,088 | ---- | C] () – C:\WINDOWS\System32\mlang.dat

[2001-07-22 00:24:16 | 000,000,741 | ---- | C] () – C:\WINDOWS\System32\noise.dat

[1999-03-01 01:12:13 | 000,004,293 | ---- | C] () – C:\WINDOWS\ODBCINST.INI

[1999-03-01 01:11:05 | 000,093,480 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011-08-20 21:11:58 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2011-08-21 14:08:25 | 000,000,000 | —D | M] – C:\Documents and Settings\ola\Dane aplikacji\Gadu-Gadu 10

========== Purity Check ==========

< End of report >

A to EXTRAS

OTL Extras logfile created on: 2011-08-23 18:45:09 - Run 1

OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\ola\Moje dokumenty\Pobieranie

Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2600.0000)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,48 Mb Total Physical Memory | 175,66 Mb Available Physical Memory | 34,34% Memory free

1,22 Gb Paging File | 0,95 Gb Available in Paging File | 77,54% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18,62 Gb Total Space | 13,78 Gb Free Space | 73,97% Space Free | Partition Type: NTFS

Drive D: | 55,87 Gb Total Space | 4,33 Gb Free Space | 7,76% Space Free | Partition Type: NTFS

Computer Name: OLA-SBCPR7K2RQX | User Name: ola | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL %1,%*

.url [@ = InternetShortcut] – rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes]

.html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] – “%1” %*

cmdfile [open] – “%1” %*

comfile [open] – “%1” %*

cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL %1,%*

exefile [open] – “%1” %*

htmlfile [edit] – Reg Error: Key error.

InternetShortcut [open] – rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] – “%1” %*

regfile [merge] – Reg Error: Key error.

scrfile [config] – “%1”

scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] – “%1” /S

txtfile [edit] – Reg Error: Key error.

Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

“DisableSR” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

“Start” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

“Start” = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{0BEDBD4E-2D34-47B5-9973-57E62B29307C}” = ATI Control Panel

“{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP

“{38979A0F-DF38-4CDA-89DA-35E49C8A452C}” = AMD Catalyst Install Manager

“{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}” = PowerDVD

“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable

“{A25FF1C0-80B6-4B8B-A551-DC525697A408}” = AMD APP SDK Runtime

“{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1” = NOD32 FiX v2.1

“{FB08F381-6533-4108-B7DD-039E11FBC27E}” = Realtek AC’97 Audio

“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX

“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin

“ATI Display Driver” = ATI Display Driver

“Gadu-Gadu 10” = Gadu-Gadu 10

“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware wersja 1.51.1.1800

“Mozilla Firefox 5.0.1 (x86 pl)” = Mozilla Firefox 5.0.1 (x86 pl)

“MSI Live Update 3” = MSI Live Update 3

“NOD32” = System Antywirusowy NOD32

“Q329048” = Windows XP Hotfix (SP1) [see Q329048 for more information]

“Q329115” = Pakiet poprawki systemu Windows XP [zobacz Q329115, aby uzyskać więcej informacji]

“Q329170” = Windows XP Hotfix (SP1) Q329170

“Q329390” = Windows XP Hotfix (SP1) [see Q329390 for more information]

“Q329441” = Windows XP Hotfix (SP1) [see Q329441 for more information]

“Q329834” = Windows XP Hotfix (SP1) [see Q329834 for more information]

“Q810577” = Windows XP Hotfix (SP1) Q810577

“Q810833” = Windows XP Hotfix (SP1) Q810833

“Q815021” = Windows XP Hotfix (SP1) Q815021

“WinRAR archiver” = WinRAR archiver

========== Last 10 Event Log Errors ==========

[Application Events]

Error - 2011-08-21 13:54:51 | Computer Name = OLA-SBCPR7K2RQX | Source = EventSystem | ID = 4609

Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył

zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.

Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2011-08-21 13:54:51 | Computer Name = OLA-SBCPR7K2RQX | Source = VSS | ID = 8193

Description = Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas

wywoływania procedury CoCreateInstance. hr = 0x80040206.

Error - 2011-08-21 13:56:38 | Computer Name = OLA-SBCPR7K2RQX | Source = EventSystem | ID = 4609

Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył

zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.

Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2011-08-21 13:56:38 | Computer Name = OLA-SBCPR7K2RQX | Source = VSS | ID = 8193

Description = Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas

wywoływania procedury CoCreateInstance. hr = 0x80040206.

Error - 2011-08-21 14:03:35 | Computer Name = OLA-SBCPR7K2RQX | Source = EventSystem | ID = 4609

Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył

zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.

Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2011-08-21 14:03:35 | Computer Name = OLA-SBCPR7K2RQX | Source = VSS | ID = 8193

Description = Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas

wywoływania procedury CoCreateInstance. hr = 0x80040206.

Error - 2011-08-21 16:46:20 | Computer Name = OLA-SBCPR7K2RQX | Source = EventSystem | ID = 4609

Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył

zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.

Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2011-08-21 16:46:20 | Computer Name = OLA-SBCPR7K2RQX | Source = VSS | ID = 8193

Description = Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas

wywoływania procedury CoCreateInstance. hr = 0x80040206.

Error - 2011-08-23 06:54:56 | Computer Name = OLA-SBCPR7K2RQX | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2600.0, moduł powodujący

błąd unknown, wersja 0.0.0.0, adres błędu 0x70d0b67b.

[System Events]

Error - 2011-08-22 12:38:56 | Computer Name = OLA-SBCPR7K2RQX | Source = Service Control Manager | ID = 7000