Prośba o pomoc z wirusem UKASH

[arturnow]

Witam.
Mam problem z UKASH.
Wklejam log z OTL :
Dostępne tylko dla zarejestrowanych użytkowników

[kominekl]

DRV - [2005-03-03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005-02-23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004-12-03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

To stare zabezpieczenia Star Force. Odinstaluj je poprzez pobranie -> Dostępne tylko dla zarejestrowanych użytkowników -> wypakowanie -> uruchomienie pliku sfdrvrem.exe.

Logi.

Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE - HKU\S-1-5-21-73586283-1383384898-839522115-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-73586283-1383384898-839522115-500\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-73586283-1383384898-839522115-500\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
IE - HKU\S-1-5-21-73586283-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-73586283-1383384898-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 888.847.4130
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "ITALIA version Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1032372&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.3.0244
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2011-12-28 17:26:26 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ox2f6vme.default\searchplugins\askcom.xml
[2012-02-13 13:05:10 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ox2f6vme.default\searchplugins\conduit.xml
[2010-09-15 18:44:57 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ox2f6vme.default\searchplugins\daemon-search.xml
[2010-10-19 20:47:27 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ox2f6vme.default\searchplugins\web-search.xml
[2011-12-29 12:26:11 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-73586283-1383384898-839522115-500\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [yksaktgpmvtatuj] C:\Documents and Settings\All Users\Application Data\yksaktgp.exe ()
O4 - HKU\S-1-5-21-73586283-1383384898-839522115-500..\Run: [yksaktgpmvtatuj] C:\Documents and Settings\All Users\Application Data\yksaktgp.exe ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Dostępne tylko dla zarejestrowanych użytkowników (Windows Genuine Advantage Validation Tool)

:Files
C:\Documents and Settings\All Users\Application Data\jnomqbpuhmqhzvj
C:\Documents and Settings\Administrator\Application Data\fm.exe
C:\WINDOWS\System32\drivers\glyhp.sys
C:\WINDOWS\tasks\*.*
C:\Documents and Settings\All Users\Application Data\ldotrbmltacqlfx
C:\Documents and Settings\All Users\Application Data\eeopnlya.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\{05181B51-44DE-44B5-983B-D2DE426F11D7}

:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajesz nowe logi z OTL (oba) -> http://hotfix.pl/articles.php?article_id=143 + log z TDSSKiller -> http://www.hotfix.pl/instrukcja-obslugi ... r-a341.htm.

Optymalizacja.

Jeśli jej pragniesz to podaj jeszcze log z Autoruns -> http://www.hotfix.pl/optymalizacja-auto ... s-a128.htm.