Wolne działanie kompa

[MichuPower]

Witam. Kolega ma problemy z działaniem komputera. Strasznie mu wszystko muli.
Widzę w logach wirusa AhnRpta.exe ale sam nic nie będę fixował.
Logi z OTL
http://wklej.org/id/135727/
http://wklej.org/id/135728/

[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O33 - MountPoints2\{8f0efcfe-5f63-11de-b1c8-00f1d000f1d0}\Shell\AutoRun\command - "" = F:\p.exe -- File not found
O33 - MountPoints2\{8f0efcfe-5f63-11de-b1c8-00f1d000f1d0}\Shell\open\Command - "" = F:\p.exe -- File not found
O33 - MountPoints2\{98043690-194e-11de-b15b-00f1d000f1d0}\Shell\AutoRun\command - "" = F:\ysep1.exe -- File not found
O33 - MountPoints2\{98043690-194e-11de-b15b-00f1d000f1d0}\Shell\open\Command - "" = F:\ysep1.exe -- File not found
O33 - MountPoints2\{abe03b2f-f93b-11dd-b12c-00f1d000f1d0}\Shell\AutoRun\command - "" = 0w.com
O33 - MountPoints2\{abe03b2f-f93b-11dd-b12c-00f1d000f1d0}\Shell\explore\Command - "" = 0w.com
O33 - MountPoints2\{abe03b2f-f93b-11dd-b12c-00f1d000f1d0}\Shell\open\Command - "" = 0w.com
O33 - MountPoints2\{abe03b30-f93b-11dd-b12c-00f1d000f1d0}\Shell\AutoRun\command - "" = 0w.com
O33 - MountPoints2\{abe03b30-f93b-11dd-b12c-00f1d000f1d0}\Shell\explore\Command - "" = 0w.com
O33 - MountPoints2\{abe03b30-f93b-11dd-b12c-00f1d000f1d0}\Shell\open\Command - "" = 0w.com
O33 - MountPoints2\{abe03b33-f93b-11dd-b12c-00f1d000f1d0}\Shell\AutoRun\command - "" = 0w.com
O33 - MountPoints2\{abe03b33-f93b-11dd-b12c-00f1d000f1d0}\Shell\explore\Command - "" = 0w.com
O33 - MountPoints2\{abe03b33-f93b-11dd-b12c-00f1d000f1d0}\Shell\open\Command - "" = 0w.com
O33 - MountPoints2\{abe03b3b-f93b-11dd-b12c-00f1d000f1d0}\Shell\AutoRun\command - "" = m0vnonh.bat
O33 - MountPoints2\{abe03b3b-f93b-11dd-b12c-00f1d000f1d0}\Shell\open\Command - "" = m0vnonh.bat
O33 - MountPoints2\L\Shell\AutoRun\command - "" = 0w.com
O33 - MountPoints2\L\Shell\explore\Command - "" = 0w.com
O33 - MountPoints2\L\Shell\open\Command - "" = 0w.com

:Files
C:\autorun.inf
C:\m1eqos3.exe
C:\9u.exe
C:\wbj.exe
C:\ktly.exe
C:\22yj2fy1.exe
C:\ukfbi3aw.exe
C:\6rxt26.exe
C:\rx.exe
C:\mb9x.exe
C:\u0riu2.exe
C:\hm1bfpuj.exe
C:\xs6kpr0.exe
C:\p0ijj.bat
C:\8dtyjjf.exe
C:\cv8j.exe
C:\WINDOWS\System32\nmdfgds1.dll
C:\WINDOWS\System32\nmdfgds0.dll
C:\WINDOWS\System32\olhrwef.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa

[MichuPower]

http://wklej.org/id/135742/
http://wklej.org/id/135745/
http://wklej.org/id/135743/

[wojtas]

podlacz pendriva jesli masz i odpal combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

[MichuPower]

http://wklej.org/id/135801/
Konsola nie zainstalowana - brak u kolegi płytki z XP.

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\m1eqos3.exe
c:\wbj.exe
c:\program files\uik.dat
c:\windows\system32\wxpx.dat

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

[MichuPower]

Log po zabiegu >> http://wklej.org/id/135813/

[wojtas]

czysto

Autor postu otrzymał pochwałę