Fixlog.txt

Wirus blokuje instalację antywirusa i zamyka przeglądarkę - jak usunąć?

Zrobione. Dołączam logi.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Maciej at 2015-04-01 14:32:57 Run:1
Running from C:\Users\Maciej\Desktop
Loaded Profiles: Maciej (Available profiles: Maciej & Rodzice & Dorota)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Windows\iwnesmbqlyqpuuyao.exe
() C:\Users\Maciej\AppData\Local\Temp\cgnuyin.exe
() C:\Users\Maciej\AppData\Local\Temp\cgnuyin.exe
2015-03-16 01:22 - 2015-03-31 21:46 - 00483328 __RSH () C:\Windows\iwnesmbqlyqpuuyao.exe
2015-03-18 21:36 - 2015-03-18 21:37 - 00753664 _____ () C:\Users\Maciej\AppData\Local\Temp\cgnuyin.exe
HKLM-x32\...\Run: [wepaiwfodkw] = & gt; C:\Windows\iwnesmbqlyqpuuyao.exe [483328 2015-03-31] ()
HKLM-x32\...\Run: [iwnesmbqlyqpuuyao] = & gt; C:\Users\Maciej\AppData\Local\Temp\iwnesmbqlyqpuuyao.exe [483328 2015-03-31] () & lt; ===== ATTENTION
HKLM-x32\...\Run: [wepaiwfodki] = & gt; C:\Windows\iwnesmbqlyciddhzl.exe [483328 2015-04-01] ()
HKLM-x32\...\Run: [iwnesmbqlyciddhzl] = & gt; C:\Users\Maciej\AppData\Local\Temp\boeuhaocwilqkjmd.exe [483328 2015-04-01] () & lt; ===== ATTENTION
HKLM-x32\...\RunOnce: [tcoajyisiqpq] = & gt; ewrmecvonemwvzhdthaoi.exe .
HKLM-x32\...\RunOnce: [boeuhaocwilqkjmd] = & gt; C:\Users\Maciej\AppData\Local\Temp\iwnesmbqlyciddhzl.exe [483328 2015-04-01] () & lt; ===== ATTENTION
HKLM\...\Policies\Explorer\Run: [scpcmcnypymhi] = & gt; C:\Windows\iwnesmbqlyqpuuyao.exe [483328 2015-03-31] ( ())
HKLM\...\Policies\Explorer\Run: [biscjwemag] = & gt; C:\Users\Maciej\AppData\Local\Temp\csleuqhyvkqyvxdxlxo.exe [483328 2015-04-01] ( ())
HKLM\...\Policies\Explorer\Run: [scpcmcnypyyar] = & gt; C:\Windows\pgauliasqgnwuxezobtg.exe [483328 2015-04-01] ( ())
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\...\Run: [tesgriugyixtvs] = & gt; C:\Windows\rgyqfaqgcqjjpqvynb.exe [483328 2015-03-31] ()
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\...\Run: [wepaiwfodkw] = & gt; C:\Users\Maciej\AppData\Local\Temp\pgauliasqgbdlovarhlc.exe [483328 2015-03-31] () & lt; ===== ATTENTION
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\...\Run: [tesgriugyijmeb] = & gt; C:\Windows\csleuqhyvkqyvxdxlxo.exe [483328 2015-04-01] ()
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\...\Run: [wepaiwfodki] = & gt; C:\Users\Maciej\AppData\Local\Temp\ewrmecvonemwvzhdthaoi.exe [483328 2015-04-01] () & lt; ===== ATTENTION
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\...\RunOnce: [wixmyqdqjuwatrt] = & gt; boeuhaocwilqkjmd.exe .
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\...\RunOnce: [tcoajyisiqpq] = & gt; C:\Users\Maciej\AppData\Local\Temp\iwnesmbqlyciddhzl.exe [483328 2015-04-01] () & lt; ===== ATTENTION
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\...\Policies\system: [DisableRegistryTools] 1
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-03-31 22:51 - 2015-04-01 11:15 - 00000000 ____D () C:\AdwCleaner
2015-03-31 21:48 - 2015-04-01 11:18 - 00483328 __RSH () C:\Windows\vokgzysmmenyydmjapjytp.exe
2015-03-31 21:48 - 2015-04-01 11:18 - 00483328 __RSH () C:\Windows\rgyqfaqgcqvcyzexkv.exe
2015-03-31 21:48 - 2015-04-01 11:18 - 00483328 __RSH () C:\Windows\pgauliasqgnwuxezobtg.exe
2015-03-31 21:48 - 2015-04-01 11:18 - 00483328 __RSH () C:\Windows\iwnesmbqlyciddhzl.exe
2015-03-31 21:48 - 2015-04-01 11:18 - 00483328 __RSH () C:\Windows\ewrmecvonemwvzhdthaoi.exe
2015-03-31 21:48 - 2015-04-01 11:18 - 00483328 __RSH () C:\Windows\csleuqhyvkqyvxdxlxo.exe
2015-03-31 21:48 - 2015-04-01 11:18 - 00483328 __RSH () C:\Windows\boeuhaocwilqkjmd.exe
2015-03-31 21:48 - 2015-04-01 11:16 - 00483328 __RSH () C:\Windows\SysWOW64\vokgzysmmenyydmjapjytp.exe
2015-03-31 21:48 - 2015-04-01 11:16 - 00483328 __RSH () C:\Windows\SysWOW64\pgauliasqgnwuxezobtg.exe
2015-03-31 21:48 - 2015-04-01 11:16 - 00483328 __RSH () C:\Windows\SysWOW64\iwnesmbqlyciddhzl.exe
2015-03-31 21:48 - 2015-04-01 11:16 - 00483328 __RSH () C:\Windows\SysWOW64\ewrmecvonemwvzhdthaoi.exe
2015-03-31 21:48 - 2015-04-01 11:16 - 00483328 __RSH () C:\Windows\SysWOW64\csleuqhyvkqyvxdxlxo.exe
2015-03-31 21:48 - 2015-04-01 11:16 - 00483328 __RSH () C:\Windows\SysWOW64\boeuhaocwilqkjmd.exe
2015-03-31 21:48 - 2015-04-01 11:11 - 00483328 __RSH () C:\Windows\SysWOW64\rgyqfaqgcqvcyzexkv.exe
2015-03-31 21:48 - 2015-03-31 23:23 - 00000280 ____H () C:\Windows\SysWOW64\jikmlqqqwujagrgjgbbwxzya.bgg
2015-03-31 21:48 - 2015-03-31 23:23 - 00000280 ____H () C:\Windows\jikmlqqqwujagrgjgbbwxzya.bgg
2015-03-31 21:48 - 2015-03-31 23:23 - 00000280 ____H () C:\Users\Maciej\AppData\Local\jikmlqqqwujagrgjgbbwxzya.bgg
2015-03-31 21:48 - 2015-03-31 23:23 - 00000280 ____H () C:\Program Files (x86)\jikmlqqqwujagrgjgbbwxzya.bgg
2015-03-31 21:48 - 2015-03-31 21:48 - 00004248 ____H () C:\Windows\SysWOW64\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc
2015-03-31 21:48 - 2015-03-31 21:48 - 00004248 ____H () C:\Windows\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc
2015-03-31 21:48 - 2015-03-31 21:48 - 00004248 ____H () C:\Users\Maciej\AppData\Local\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc
2015-03-31 21:48 - 2015-03-31 21:48 - 00004248 ____H () C:\Program Files (x86)\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc
2015-03-18 21:39 - 2015-03-23 03:25 - 00000280 ____H () C:\Users\Maciej\AppData\Local\eglqsadgpqwjcqiyabqsxcempsb.ivo
2015-03-18 16:56 - 2015-03-29 23:40 - 00000280 ____H () C:\Users\Rodzice\AppData\Local\eglqsadgpqwjcqiyabqsxcempsb.ivo
2015-03-16 01:22 - 2015-03-31 21:46 - 00483328 __RSH () C:\Windows\vokgzysmmebfpudkdvbuqm.exe
2015-03-16 01:22 - 2015-03-31 21:46 - 00483328 __RSH () C:\Windows\rgyqfaqgcqjjpqvynb.exe
2015-03-16 01:22 - 2015-03-31 21:46 - 00483328 __RSH () C:\Windows\pgauliasqgbdlovarhlc.exe
2015-03-16 01:22 - 2015-03-31 21:46 - 00483328 __RSH () C:\Windows\iwnesmbqlyqpuuyao.exe
2015-03-16 01:22 - 2015-03-31 21:46 - 00483328 __RSH () C:\Windows\ewrmecvoneadmqyewnskf.exe
2015-03-16 01:22 - 2015-03-31 21:46 - 00483328 __RSH () C:\Windows\csleuqhyvkefmouyodg.exe
2015-03-16 01:22 - 2015-03-31 21:40 - 00483328 __RSH () C:\Windows\SysWOW64\vokgzysmmebfpudkdvbuqm.exe
2015-03-16 01:22 - 2015-03-31 21:40 - 00483328 __RSH () C:\Windows\SysWOW64\rgyqfaqgcqjjpqvynb.exe
2015-03-16 01:22 - 2015-03-31 21:40 - 00483328 __RSH () C:\Windows\SysWOW64\iwnesmbqlyqpuuyao.exe
2015-03-16 01:22 - 2015-03-31 21:40 - 00483328 __RSH () C:\Windows\SysWOW64\ewrmecvoneadmqyewnskf.exe
2015-03-16 01:22 - 2015-03-31 21:40 - 00483328 __RSH () C:\Windows\SysWOW64\csleuqhyvkefmouyodg.exe
2015-03-16 01:22 - 2015-03-31 21:40 - 00483328 __RSH () C:\Windows\SysWOW64\boeuhaocwizxbade.exe
2015-03-16 01:22 - 2015-03-31 20:55 - 00000280 ____H () C:\Windows\SysWOW64\eglqsadgpqwjcqiyabqsxcempsb.ivo
2015-03-16 01:22 - 2015-03-31 20:55 - 00000280 ____H () C:\Windows\eglqsadgpqwjcqiyabqsxcempsb.ivo
2015-03-16 01:22 - 2015-03-31 20:55 - 00000280 ____H () C:\Users\Dorota\AppData\Local\eglqsadgpqwjcqiyabqsxcempsb.ivo
2015-03-16 01:22 - 2015-03-31 20:55 - 00000280 ____H () C:\Program Files (x86)\eglqsadgpqwjcqiyabqsxcempsb.ivo
2015-03-16 01:22 - 2015-03-31 20:53 - 00483328 __RSH () C:\Windows\boeuhaocwizxbade.exe
2015-03-16 01:22 - 2015-03-30 23:16 - 00483328 __RSH () C:\Windows\SysWOW64\pgauliasqgbdlovarhlc.exe
2015-03-16 01:22 - 2015-03-16 01:22 - 00004248 ____H () C:\Windows\SysWOW64\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle
2015-03-16 01:22 - 2015-03-16 01:22 - 00004248 ____H () C:\Windows\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle
2015-03-16 01:22 - 2015-03-16 01:22 - 00004248 ____H () C:\Users\Dorota\AppData\Local\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle
2015-03-16 01:22 - 2015-03-16 01:22 - 00004248 ____H () C:\Program Files (x86)\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle
2015-03-16 01:22 - 2015-03-16 01:22 - 0004248 ____H () C:\Program Files (x86)\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle
2015-03-16 01:22 - 2015-03-31 20:55 - 0000280 ____H () C:\Program Files (x86)\eglqsadgpqwjcqiyabqsxcempsb.ivo
2015-03-31 21:48 - 2015-03-31 23:23 - 0000280 ____H () C:\Program Files (x86)\jikmlqqqwujagrgjgbbwxzya.bgg
2015-03-31 21:48 - 2015-03-31 21:48 - 0004248 ____H () C:\Program Files (x86)\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc
2015-03-18 21:39 - 2015-03-23 03:25 - 0000280 ____H () C:\Users\Maciej\AppData\Local\eglqsadgpqwjcqiyabqsxcempsb.ivo
2015-03-31 21:48 - 2015-03-31 23:23 - 0000280 ____H () C:\Users\Maciej\AppData\Local\jikmlqqqwujagrgjgbbwxzya.bgg
2015-03-31 21:48 - 2015-03-31 21:48 - 0004248 ____H () C:\Users\Maciej\AppData\Local\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc
EmptyTemp:
*****************

[2804] C:\Windows\iwnesmbqlyqpuuyao.exe = & gt; Process closed successfully.
[3608] C:\Users\Maciej\AppData\Local\Temp\cgnuyin.exe = & gt; Process closed successfully.
[3648] C:\Users\Maciej\AppData\Local\Temp\cgnuyin.exe = & gt; Process closed successfully.
C:\Windows\iwnesmbqlyqpuuyao.exe = & gt; Moved successfully.
C:\Users\Maciej\AppData\Local\Temp\cgnuyin.exe = & gt; Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\wepaiwfodkw = & gt; value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iwnesmbqlyqpuuyao = & gt; value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\wepaiwfodki = & gt; value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iwnesmbqlyciddhzl = & gt; value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\tcoajyisiqpq = & gt; value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\boeuhaocwilqkjmd = & gt; value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\scpcmcnypymhi = & gt; value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\biscjwemag = & gt; value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\scpcmcnypyyar = & gt; value deleted successfully.
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tesgriugyixtvs = & gt; value deleted successfully.
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wepaiwfodkw = & gt; value deleted successfully.
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tesgriugyijmeb = & gt; value deleted successfully.
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wepaiwfodki = & gt; value deleted successfully.
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wixmyqdqjuwatrt = & gt; value deleted successfully.
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tcoajyisiqpq = & gt; value deleted successfully.
HKU\S-1-5-21-1129333802-2774138510-927257799-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools = & gt; value deleted successfully.
ewusbnet = & gt; Service deleted successfully.
VGPU = & gt; Service deleted successfully.
C:\AdwCleaner = & gt; Moved successfully.
C:\Windows\vokgzysmmenyydmjapjytp.exe = & gt; Moved successfully.
C:\Windows\rgyqfaqgcqvcyzexkv.exe = & gt; Moved successfully.
C:\Windows\pgauliasqgnwuxezobtg.exe = & gt; Moved successfully.
C:\Windows\iwnesmbqlyciddhzl.exe = & gt; Moved successfully.
C:\Windows\ewrmecvonemwvzhdthaoi.exe = & gt; Moved successfully.
C:\Windows\csleuqhyvkqyvxdxlxo.exe = & gt; Moved successfully.
C:\Windows\boeuhaocwilqkjmd.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\vokgzysmmenyydmjapjytp.exe = & gt; Moved successfully.
Could not move " C:\Windows\SysWOW64\pgauliasqgnwuxezobtg.exe " = & gt; Scheduled to move on reboot.
Could not move " C:\Windows\SysWOW64\iwnesmbqlyciddhzl.exe " = & gt; Scheduled to move on reboot.
Could not move " C:\Windows\SysWOW64\ewrmecvonemwvzhdthaoi.exe " = & gt; Scheduled to move on reboot.
Could not move " C:\Windows\SysWOW64\csleuqhyvkqyvxdxlxo.exe " = & gt; Scheduled to move on reboot.
Could not move " C:\Windows\SysWOW64\boeuhaocwilqkjmd.exe " = & gt; Scheduled to move on reboot.
Could not move " C:\Windows\SysWOW64\rgyqfaqgcqvcyzexkv.exe " = & gt; Scheduled to move on reboot.
C:\Windows\SysWOW64\jikmlqqqwujagrgjgbbwxzya.bgg = & gt; Moved successfully.
C:\Windows\jikmlqqqwujagrgjgbbwxzya.bgg = & gt; Moved successfully.
C:\Users\Maciej\AppData\Local\jikmlqqqwujagrgjgbbwxzya.bgg = & gt; Moved successfully.
C:\Program Files (x86)\jikmlqqqwujagrgjgbbwxzya.bgg = & gt; Moved successfully.
C:\Windows\SysWOW64\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc = & gt; Moved successfully.
C:\Windows\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc = & gt; Moved successfully.
C:\Users\Maciej\AppData\Local\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc = & gt; Moved successfully.
C:\Program Files (x86)\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc = & gt; Moved successfully.
C:\Users\Maciej\AppData\Local\eglqsadgpqwjcqiyabqsxcempsb.ivo = & gt; Moved successfully.
C:\Users\Rodzice\AppData\Local\eglqsadgpqwjcqiyabqsxcempsb.ivo = & gt; Moved successfully.
C:\Windows\vokgzysmmebfpudkdvbuqm.exe = & gt; Moved successfully.
C:\Windows\rgyqfaqgcqjjpqvynb.exe = & gt; Moved successfully.
C:\Windows\pgauliasqgbdlovarhlc.exe = & gt; Moved successfully.
" C:\Windows\iwnesmbqlyqpuuyao.exe " = & gt; File/Directory not found.
C:\Windows\ewrmecvoneadmqyewnskf.exe = & gt; Moved successfully.
C:\Windows\csleuqhyvkefmouyodg.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\vokgzysmmebfpudkdvbuqm.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\rgyqfaqgcqjjpqvynb.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\iwnesmbqlyqpuuyao.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\ewrmecvoneadmqyewnskf.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\csleuqhyvkefmouyodg.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\boeuhaocwizxbade.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\eglqsadgpqwjcqiyabqsxcempsb.ivo = & gt; Moved successfully.
C:\Windows\eglqsadgpqwjcqiyabqsxcempsb.ivo = & gt; Moved successfully.
C:\Users\Dorota\AppData\Local\eglqsadgpqwjcqiyabqsxcempsb.ivo = & gt; Moved successfully.
C:\Program Files (x86)\eglqsadgpqwjcqiyabqsxcempsb.ivo = & gt; Moved successfully.
C:\Windows\boeuhaocwizxbade.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\pgauliasqgbdlovarhlc.exe = & gt; Moved successfully.
C:\Windows\SysWOW64\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle = & gt; Moved successfully.
C:\Windows\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle = & gt; Moved successfully.
C:\Users\Dorota\AppData\Local\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle = & gt; Moved successfully.
C:\Program Files (x86)\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle = & gt; Moved successfully.
" C:\Program Files (x86)\boeuhaocwizxbaderddqgwjcqeykbzdcfgtffs.yle " = & gt; File/Directory not found.
" C:\Program Files (x86)\eglqsadgpqwjcqiyabqsxcempsb.ivo " = & gt; File/Directory not found.
" C:\Program Files (x86)\jikmlqqqwujagrgjgbbwxzya.bgg " = & gt; File/Directory not found.
" C:\Program Files (x86)\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc " = & gt; File/Directory not found.
" C:\Users\Maciej\AppData\Local\eglqsadgpqwjcqiyabqsxcempsb.ivo " = & gt; File/Directory not found.
" C:\Users\Maciej\AppData\Local\jikmlqqqwujagrgjgbbwxzya.bgg " = & gt; File/Directory not found.
" C:\Users\Maciej\AppData\Local\scpcmcnypyyarnnbjpagsfpcpzpalcllnea.owc " = & gt; File/Directory not found.
EmptyTemp: = & gt; Removed 1.9 GB temporary data.

= & gt; Result of Scheduled Files to move (Boot Mode: Normal) (Date & Time: 2015-04-01 14:34:51) & lt; =

C:\Windows\SysWOW64\pgauliasqgnwuxezobtg.exe = & gt; Is moved successfully.
C:\Windows\SysWOW64\iwnesmbqlyciddhzl.exe = & gt; Is moved successfully.
C:\Windows\SysWOW64\ewrmecvonemwvzhdthaoi.exe = & gt; Is moved successfully.
C:\Windows\SysWOW64\csleuqhyvkqyvxdxlxo.exe = & gt; Is moved successfully.
C:\Windows\SysWOW64\boeuhaocwilqkjmd.exe = & gt; Is moved successfully.
C:\Windows\SysWOW64\rgyqfaqgcqvcyzexkv.exe = & gt; Is moved successfully.

==== End of Fixlog 14:34:51 ====