Mój laptop stał się żółwiem

Witam!mam ogromniastą prośbę do dobrych serduszek,żeby pomogłymi wyleczyć mój laptopik.Do tej pory wykorzystałam kilka programów antywirusowych,ale bez poprawy.Mam problemy zarówno ze zwykłą praca na kompie jak i problemy w połączeniu z internetem…jesli uda się połączyć to i tak to połączenie jest co chwilę zrywane.Nie mam już sił !!

Log z HijackThis:

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

“TOSCDSPD” = “C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [“TOSHIBA”]

“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“Toshiba Hotkey Utility” = ““C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang PL” [“TOSHIBA Inc.”]

“SynTPLpr” = “C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [“Synaptics, Inc.”]

“SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”]

“PadTouch” = “C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [“TOSHIBA”]

“SmoothView” = “C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe” [“TOSHIBA Corporation”]

“NDSTray.exe” = “NDSTray.exe” [“TOSHIBA CORPORATION”]

“snpstd3” = “C:\WINDOWS\vsnpstd3.exe” [“Sonix”]

“igfxtray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”]

“igfxhkcmd” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”]

“igfxpers” = “C:\WINDOWS\system32\igfxpers.exe” [“Intel Corporation”]

“NeroCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]

“APVXDWIN” = ““C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE” /s” [“Panda Software International”]

“MSKDetectorExe” = “C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall” [“McAfee, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

  • {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

  • {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

  • {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

“{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel”

  • {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”]

“{2F5AC606-70CF-461C-BFE1-6063670C3484}” = “Display CPL Extension”

  • {HKLM…CLSID} = “DisplayCplExt Class”

\InProcServer32(Default) = “C:\Program Files\Toshiba\TouchED\TouchED.DLL” [“TOSHIBA Inc.”]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

  • {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play”

  • {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play”

\InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS]

“{e0d79300-84be-11ce-9641-444553540000}” = “WinZip”

  • {HKLM…CLSID} = “WinZip”

\InProcServer32(Default) = “C:\PROGRA~1\WinZip\wzshlext.dll” [“Nico Mak Computing, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

  • {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{65756541-C65C-11CD-0000-4B656E696100}” = “Panda Antivirus”

  • {HKLM…CLSID} = “Panda Antivirus”

\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL” [“Panda Software International”]

HKLM\System\CurrentControlSet\Control\Session Manager\

“BootExecute” = “autocheck autochk *”|“stera” [file not found]|“SsiEfr.e” [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

avldr\DLLName = “avldr.dll” [“Panda Software”]

igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”]

WRNotifier\DLLName = “WRLogonNTF.dll” [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\

text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

  • {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}”

  • {HKLM…CLSID} = “Panda Antivirus”

\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL” [“Panda Software International”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

  • {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

WinZip(Default) = “{e0d79300-84be-11ce-9641-444553540000}”

  • {HKLM…CLSID} = “WinZip”

\InProcServer32(Default) = “C:\PROGRA~1\WinZip\wzshlext.dll” [“Nico Mak Computing, Inc.”]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

  • {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

WinZip(Default) = “{e0d79300-84be-11ce-9641-444553540000}”

  • {HKLM…CLSID} = “WinZip”

\InProcServer32(Default) = “C:\PROGRA~1\WinZip\wzshlext.dll” [“Nico Mak Computing, Inc.”]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Panda Antivirus(Default) = “{65756541-C65C-11CD-0000-4B656E696100}”

  • {HKLM…CLSID} = “Panda Antivirus”

\InProcServer32(Default) = “C:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL” [“Panda Software International”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

  • {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

WinZip(Default) = “{e0d79300-84be-11ce-9641-444553540000}”

  • {HKLM…CLSID} = “WinZip”

\InProcServer32(Default) = “C:\PROGRA~1\WinZip\wzshlext.dll” [“Nico Mak Computing, Inc.”]

Group Policies {policy setting}:


Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

“NoActiveDesktop” = (REG_DWORD) hex:0x00000000

{Disable Active Desktop}

“NoSaveSettings” = (REG_DWORD) hex:0x00000000

{Don’t save settings at exit}

“ClassicShell” = (REG_DWORD) hex:0x00000000

{Enable Classic Shell / Turn on Classic Shell}

“NoThemesTab” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000

{Enable Active Desktop}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

“NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“DisableTaskMgr” = (REG_DWORD) hex:0x00000000

{Remove Task Manager}

“NoColorChoice” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSizeChoice” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDispScrSavPage” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDispCPL” = (REG_DWORD) hex:0x00000000

{Remove Display in Control Panel}

“NoVisualStyleChoice” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDispSettingsPage” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDispAppearancePage” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDispBackgroundPage” = (REG_DWORD) hex:0x00000000

{Hide Desktop tab}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

“DisableTaskMgr” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:


Active Desktop may be enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

“FriendlyName” = “Desktop Uninstall”

“Source” = “”

“SubscribedURL” = “”

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]

Startup items in “tomek” “All Users” startup folders:


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Microsoft Office” - shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS]

“Picture Package Menu” - shortcut to: “C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe” [“Sony Corporation”]

“Picture Package VCD Maker” - shortcut to: “C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h” [“Sony Corporation.”]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\Program Files\Panda Software\Panda Antivirus 2007\pavlsp.dll [“Panda Software International”], 01 - 03, 21

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08

Toolbars, Explorer Bars, Extensions:


Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “Badanie”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}”

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

“ButtonText” = “Badanie”

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):


ConfigFree Service, CFSvcs, “C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe” [“TOSHIBA CORPORATION”]

Panda anti-virus service, PAVSRV, ““C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe”” [“Panda Software International”]

Panda IManager Service, PSIMSVC, ““C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe”” [“Panda Software”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]


: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 37 seconds, including 16 seconds for message boxes)

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

usuń wpis HJT

Dzięki za pomoc -usunęłam te dwa logi,jest ciut lepiej ,ale widac,że jeszcze coś w nim siedzi…teraz jak juz zaloguję sie na pocztę - to nie moge sie wylogować…wwwrrr…co moge jeszcze zrobić?

Otwórz notatnik i wklej w nim to:

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa :slight_smile: