Netbook muli, internet bardzo wolny

[adamek]

Witam.

Od jakiegos czasu netbook mi szwankuje i muli do tego internet zamula.

netbook:asus 1.60ghz

1giga pamieci

windows 7 startet system 32 bit

Ponizej logi do sprawdzenia:

 

Addition.txt

Extras.Txt

FRST.txt

OTL.Txt

Shortcut.txt

Dokument.txt

[picasso]

Co z poprzednim tematem (KLIK) - zamknąć?

 

Jeśli chodzi o bieżący system, działa adware. Przeprowadź następujące działania:

 

1. Przez Panel sterowania odinstaluj:

- Adware: RegClean-Pro, Rocket, SafeFinder Smartbar, WSE Rocket.

- Stare wersje: Adobe Flash Player 13 ActiveX, Adobe Flash Player 13 Plugin, Adobe Reader XI - Polish, Java 7 Update 60

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
R2 MaintainerSvc2.02.5636706; C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8\maintainer.exe [123680 2014-11-04] ()
R1 {7e4355b8-96cd-43eb-b59a-82af29f01b16}w; C:\Windows\System32\drivers\{7e4355b8-96cd-43eb-b59a-82af29f01b16}w.sys [43200 2014-10-29] (StdLib)
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S1 tcpipBM; \??\C:\Windows\system32\drivers\tcpipBM.sys [X]
Task: {614C29BC-EF42-48E5-B7BE-E739491F8174} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RCP\RegCleanPro.exe [2014-07-16] (RCP) 
Task: {6288A457-9E0A-476E-8A90-6BD09A326B24} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RCP\RegCleanPro.exe [2014-07-16] (RCP) 
Task: {B823A028-E70D-41CB-AF72-3EE9ED729221} - System32\Tasks\RegClean Pro => C:\Program Files\RCP\RegCleanPro.exe [2014-07-16] (RCP) 
Task: {EA0787D3-1CEB-4C9D-BCB0-F8C55A3C221B} - System32\Tasks\Rocket Updater => C:\Users\Asus\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe [2013-05-02] ()
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RCP\RegCleanPro.exe 
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RCP\RegCleanPro.exe 
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\Asus\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE 
GroupPolicy: Group Policy on Chrome detected 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho0X2xYDGc_QKYgplvE5AaQJzeB2jLGE-NmAMe2pSqyMGjluaNMH2Lwui4h00BhpjYKICu2Pnpv-lsq1y9QEQ5ND3aP10UZdhn9oleyYVod4v05SvQQ_TEYpag8GxERTDYS_NHRY0Y1w4w2KPvEauee6zxqPpc6yLbww,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho0X2xYDGc_QKYgplvE5AaQJzeB2jLGE-NmAMe2pSqyMGjluaNMH2Lwui4h00BhpjYKICu2Pnpv-lsq1y9QEQ5ND3aP10UZdhn9oleyYVod4v05SvQQ_TEYpag8GxERTDYS_NHRY0Y1w4w2KPvEauee6zxqPpc6yLbww,,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_30_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EtCtD0Czz0CyB0BtA0BtAtN0D0Tzu0SzytAzztN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyC0DyCyCyDtG0AyDyB0CtGyCtCzyzytGtBtBzy0BtGyBtDzyzzyB0ByDtAzy0AyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EyEyDtAtGtDzyzz0BtG0CyD0DtBtGtB0CtAzytGyByB0CtC0D0DyCtCzz0F0F0F2Q&cr=34284458&ir=
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_30_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EtCtD0Czz0CyB0BtA0BtAtN0D0Tzu0SzytAzztN1L2XzutAtFtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByCyC0DyCyCyDtG0AyDyB0CtGyCtCzyzytGtBtBzy0BtGyBtDzyzzyB0ByDtAzy0AyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EyEyDtAtGtDzyzz0BtG0CyD0DtBtGtB0CtAzytGyByB0CtC0D0DyCtCzz0F0F0F2Q&cr=34284458&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EtCtD0Czz0CyB0BtA0BtAtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0CyEyC0CtD0D0AtGtB0FyDyDtGyC0E0E0CtGzztB0D0FtGtAyCtAyB0FtB0FzzzytDyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EyEyDtAtGtDzyzz0BtG0CyD0DtBtGtB0CtAzytGyByB0CtC0D0DyCtCzz0F0F0F2Q&cr=745011580&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HzGso_TVx83Je_T_BzMLRIWufTx2Q_wNtRzzyCUETChR6PtXKymOTNCsIJaq9GTUIA2kFiHjYtwzpuW0XgZC2U2bwL1UuZDksHE8Xtk2OIVbg5kqWU6p4gVmMR5BRbXSu9iIEEhwIjhv8cZ7_bB-Q,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho0X2xYDGc_QKYgplvE5AaQJzeB2jLGE-NmAMe2pSqyMGjluaNMH2Lwui4h00BhpjYKICu2Pnpv-lsq1y9QEQ5ND3aP10UZdhn9oleyYVod4v05SvQQ_TEYpag8GxERTDYS_NHRY0Y1w4w2KPvEauee6zxqPpc6yLbww,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho0X2xYDGc_QKYgplvE5AaQJzeB2jLGE-NmAMe2pSqyMGjluaNMH2Lwui4h00BhpjYKICu2Pnpv-lsq1y9QEQ5ND3aP10UZdhn9oleyYVod4v05SvQQ_TEYpag8GxERTDYS_NHRY0Y1w4w2KPvEauee6zxqPpc6yLbww,,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EtCtD0Czz0CyB0BtA0BtAtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0CyEyC0CtD0D0AtGtB0FyDyDtGyC0E0E0CtGzztB0D0FtGtAyCtAyB0FtB0FzzzytDyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EyEyDtAtGtDzyzz0BtG0CyD0DtBtGtB0CtAzytGyByB0CtC0D0DyCtCzz0F0F0F2Q&cr=745011580&ir=
SearchScopes: HKCU - {67B8B507-6308-4F8C-9088-BB9F905A8E16} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HzGso_TVx83Je_T_BzMLRIWufTx2Q_wNtRzzyCUETChR6PtXKymOTNCsIJaq9GTUIA2kFiHjYtwzpuW0XgZC2U2bwL1UuZDksHE8Xtk2OIVbg5kqWU6p4gVmMR5BRbXSu9iIEEhwIjhv8cZ7_bB-Q,,&q={searchTerms}
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3886030683-2889538507-278638460-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Asus\AppData\Local\Rocket\Application\31.0.1650.23\delegate_execute.exe (Fast Browsers)
C:\Program Files\Deal Keeper
C:\Program Files\RCP
C:\ProgramData\d7a0fe93-7bf3-4f3d-89c3-fe4e144b2eb8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
C:\Users\Asus\AppData\Local\Pay-By-Ads
C:\Users\Asus\AppData\Local\Rocket
C:\Users\Asus\AppData\Local\Smartbar
C:\Users\Asus\AppData\Roaming\{6f5d0382-9e3f-36f0-bd24-a17e270b8543}
C:\Users\Asus\AppData\Roaming\AVG
C:\Users\Asus\AppData\Roaming\AVG2014
C:\Users\Asus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Rocket.lnk
C:\Users\Asus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket
C:\Users\Asus\AppData\Roaming\RocketUpdater
C:\Users\Asus\AppData\Roaming\Systweak
C:\Users\Asus\AppData\Roaming\TuneUp Software
C:\Users\Default\AppData\Roaming\TuneUp Software
C:\Users\Asus\Desktop\Rocket.lnk
C:\Users\Asus\Desktop\Search.lnk
C:\Users\Asus\Desktop\Wyczyść rejestr za darmo!.lnk
C:\Users\Public\Desktop\RegClean Pro.lnk
C:\Windows\System32\roboot.exe
C:\Windows\System32\drivers\{7e4355b8-96cd-43eb-b59a-82af29f01b16}w.sys
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Search" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: reg query "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /s
Reg: reg query "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /s
Reg: reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s
Folder: C:\Users\Asus\AppData\Roaming\Opera Software\Opera Stable\Extensions
CMD: type "C:\Users\Asus\AppData\Roaming\Opera Software\Opera Stable\Preferences"
CMD: dir /a "C:\Program Files"
CMD: dir /a C:\ProgramData
CMD: dir /a C:\Users\Asus\AppData\Local
CMD: dir /a C:\Users\Asus\AppData\LocalLow
CMD: dir /a C:\Users\Asus\AppData\Roaming
CMD: netsh advfirewall reset
CMD: sc config "Internet Manager. RunOuc" start= demand
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Wyczyść Firefox z adware: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox. Zakładki i hasła nie zostaną naruszone.

 

4. Zrób nowy log FRST z opcji Scan, zaznacz ponownie pole Addition, by powstały dwa logi. Dołącz też plik fixlog.txt.

 

 

.