VIRY.CZ

Vše jsem provedl jak jste napsal, ale aktivita na síti pokračuje
Znovu jsem spustil RSIT a přikládám log:



Logfile of random's system information tool 1.09 (written by random/random)
Run by oper at 2012-09-11 08:50:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 50 GB (43%) free of 114 GB
Total RAM: 511 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:51, on 2012-09-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\oper\Plocha\RSIT.exe
C:\Program Files\trend micro\oper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7110276890
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skola.int
O17 - HKLM\Software\..\Telephony: DomainName = skola.int
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skola.int
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InvokerUpdateService - LightComp v.o.s. - C:\Program Files\LightComp\Tests Checker\InvokerService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5141 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\avast! Emergency Update.job
C:\windows\tasks\Microsoft Office Outlook 2007.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\windows\SOUNDMAN.EXE [2002-10-16 47104]
"nwiz"=nwiz.exe /install []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2009-03-12 665424]
"NWEReboot"= []
"Smart File Advisor"=C:\Program Files\Smart File Advisor\sfa.exe [2011-04-04 280824]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDesktopCleanupWizard"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:/Program Files/iTALC\ica.exe"="C:/Program Files/iTALC\ica.exe:*:Enabled:iTALC Client Application (ICA)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\web\prog\apache\bin\httpd.exe"="C:\web\prog\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:/Program Files/iTALC\ica.exe"="C:/Program Files/iTALC\ica.exe:*:Enabled:iTALC Client Application (ICA)"
"C:\Program Files\iTALC\ica.exe"="C:\Program Files\iTALC\ica.exe:*:Enabled:ica.exe"
"C:\Program Files\iTALC\italc.exe"="C:\Program Files\iTALC\italc.exe:*:Enabled:iTALC"
"C:\Program Files\iTALC\setup.exe"="C:\Program Files\iTALC\setup.exe:*:Enabled:iTALC Key Setup Tool"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\oper\Local Settings\Temp\4943436\8768962.exe"="C:\Documents and Settings\oper\Local Settings\Temp\4943436\8768962.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Documents and Settings\oper\Local Settings\Temp\8244674\8768962.exe"="C:\Documents and Settings\oper\Local Settings\Temp\8244674\8768962.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Documents and Settings\oper\Local Settings\Temp\1328696\8768962.exe"="C:\Documents and Settings\oper\Local Settings\Temp\1328696\8768962.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Program Files\Management Utility\SerialManager\SerialMgr.exe"="C:\Program Files\Management Utility\SerialManager\SerialMgr.exe:*:Enabled:Utilities for Atop Devices "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"MSVideo"=C:\WINDOWS\878Map.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.tscc"=tsccvid.dll

======List of files/folders created in the last 1 month======

2012-09-11 08:33:56 ----D---- C:\Avenger
2012-09-11 08:33:55 ----A---- C:\avenger.txt
2012-09-10 22:04:17 ----D---- C:\Documents and Settings\oper\Data aplikací\Wireshark
2012-09-10 21:56:02 ----D---- C:\Program Files\WinPcap
2012-09-10 21:55:35 ----D---- C:\Program Files\Wireshark
2012-09-10 12:57:53 ----SD---- C:\ComboFix
2012-09-10 12:23:04 ----A---- C:\windows\system32\drivers\aswFsBlk.sys
2012-09-10 12:23:03 ----A---- C:\windows\system32\drivers\aswSP.sys
2012-09-10 12:22:56 ----A---- C:\windows\system32\drivers\aswRdr.sys
2012-09-10 12:22:55 ----A---- C:\windows\system32\drivers\aswTdi.sys
2012-09-10 12:22:53 ----A---- C:\windows\system32\drivers\aswSnx.sys
2012-09-10 12:22:52 ----A---- C:\windows\system32\drivers\aswmon2.sys
2012-09-10 12:22:52 ----A---- C:\windows\system32\drivers\aswmon.sys
2012-09-10 12:22:50 ----A---- C:\windows\system32\drivers\aavmker4.sys
2012-09-10 12:21:27 ----A---- C:\windows\avastSS.scr
2012-09-10 12:21:25 ----A---- C:\windows\system32\aswBoot.exe
2012-09-10 12:20:31 ----D---- C:\Program Files\AVAST Software
2012-09-10 12:20:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-09-10 11:45:33 ----D---- C:\Program Files\trend micro
2012-09-10 11:45:32 ----D---- C:\rsit
2012-09-10 11:26:34 ----A---- C:\windows\hpbvspst.ini
2012-09-08 16:47:11 ----D---- C:\windows\ie8updates
2012-09-08 16:44:19 ----D---- C:\windows\WBEM
2012-09-08 16:42:50 ----HDC---- C:\windows\ie8
2012-09-07 12:00:47 ----A---- C:\AVPTool report.txt
2012-09-06 12:43:58 ----ASH---- C:\hiberfil.sys
2012-09-05 14:16:49 ----A---- C:\windows\MBR.exe
2012-09-05 14:16:47 ----A---- C:\windows\zip.exe
2012-09-05 14:16:47 ----A---- C:\windows\SWXCACLS.exe
2012-09-05 14:16:47 ----A---- C:\windows\SWSC.exe
2012-09-05 14:16:47 ----A---- C:\windows\SWREG.exe
2012-09-05 14:16:47 ----A---- C:\windows\sed.exe
2012-09-05 14:16:47 ----A---- C:\windows\PEV.exe
2012-09-05 14:16:47 ----A---- C:\windows\grep.exe
2012-08-20 16:27:11 ----HDC---- C:\windows\$NtUninstallKB2712808$
2012-08-20 16:23:54 ----HDC---- C:\windows\$NtUninstallKB2731847$
2012-08-20 16:18:21 ----HDC---- C:\windows\$NtUninstallKB2705219$
2012-08-20 16:17:32 ----HDC---- C:\windows\$NtUninstallKB2722913$
2012-08-20 16:14:07 ----HDC---- C:\windows\$NtUninstallKB2723135$

======List of files/folders modified in the last 1 month======

2012-09-11 08:51:00 ----D---- C:\windows\Prefetch
2012-09-11 08:48:14 ----D---- C:\windows\Temp
2012-09-11 08:43:09 ----A---- C:\windows\SchedLgU.Txt
2012-09-11 08:42:36 ----HD---- C:\windows\inf
2012-09-11 08:34:37 ----SHD---- C:\windows\CSC
2012-09-11 08:33:56 ----D---- C:\windows\system32\drivers
2012-09-11 08:33:56 ----D---- C:\WINDOWS
2012-09-11 08:31:34 ----D---- C:\windows\system32\CatRoot2
2012-09-10 21:56:04 ----D---- C:\windows\system32
2012-09-10 21:56:02 ----RD---- C:\Program Files
2012-09-10 21:45:06 ----SHD---- C:\windows\Installer
2012-09-10 21:45:06 ----HD---- C:\Config.Msi
2012-09-10 14:02:22 ----D---- C:\TEMP
2012-09-10 13:41:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-09-10 12:38:39 ----SHD---- C:\System Volume Information
2012-09-10 12:38:39 ----D---- C:\windows\system32\Restore
2012-09-10 12:22:56 ----SD---- C:\windows\Tasks
2012-09-10 12:22:28 ----D---- C:\windows\WinSxS
2012-09-10 11:43:32 ----D---- C:\windows\Debug
2012-09-10 11:16:57 ----D---- C:\Program Files\Common Files
2012-09-10 10:48:08 ----D---- C:\Documents and Settings\oper\Data aplikací\Skype
2012-09-10 10:47:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-09-10 10:43:07 ----DC---- C:\windows\system32\DRVSTORE
2012-09-10 10:42:34 ----D---- C:\Program Files\HP
2012-09-10 10:41:59 ----RSD---- C:\windows\assembly
2012-09-10 10:06:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2012-09-09 18:12:11 ----D---- C:\Free files
2012-09-09 18:08:46 ----D---- C:\Free
2012-09-09 03:02:29 ----RSHDC---- C:\windows\system32\dllcache
2012-09-09 03:02:14 ----HD---- C:\windows\$hf_mig$
2012-09-08 18:33:48 ----D---- C:\windows\system32\cs-cz
2012-09-08 18:33:47 ----D---- C:\windows\Help
2012-09-08 18:33:47 ----D---- C:\Program Files\Internet Explorer
2012-09-08 16:44:27 ----D---- C:\windows\system32\config
2012-09-08 16:44:10 ----D---- C:\windows\Media
2012-09-08 15:18:17 ----D---- C:\windows\SoftwareDistribution
2012-09-08 15:18:16 ----SD---- C:\windows\Downloaded Program Files
2012-09-07 22:42:59 ----D---- C:\Documents and Settings
2012-09-07 08:41:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Activ Software
2012-09-07 08:27:07 ----D---- C:\windows\system32\CatRoot
2012-09-07 03:17:23 ----D---- C:\Program Files\Windows Desktop Search
2012-09-06 21:00:40 ----D---- C:\Program Files\InterActual
2012-09-06 20:58:23 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-09-06 20:57:47 ----D---- C:\windows\system32\wbem
2012-09-06 20:54:17 ----HD---- C:\Program Files\InstallShield Installation Information
2012-09-06 09:34:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-09-06 09:34:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-09-06 08:49:52 ----D---- C:\Program Files\UdmSoft
2012-09-05 14:16:31 ----D---- C:\QooBox
2012-09-05 14:15:49 ----D---- C:\windows\erdnt
2012-09-04 20:13:23 ----D---- C:\Program Files\CCleaner
2012-09-04 19:02:05 ----D---- C:\Program Files\Common Files\Ahead
2012-09-04 18:51:48 ----D---- C:\Program Files\InterVideo
2012-09-04 18:51:24 ----D---- C:\Program Files\Common Files\InterVideo
2012-09-04 16:24:46 ----D---- C:\windows\system32\NtmsData
2012-08-30 21:28:41 ----AC---- C:\windows\baka32F.ini
2012-08-30 18:00:21 ----AC---- C:\windows\ODBC.INI
2012-08-22 10:02:02 ----A---- C:\windows\system32\FlashPlayerApp.exe
2012-08-20 16:18:40 ----AC---- C:\windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\windows\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 AswRdr;aswRdr; C:\windows\system32\drivers\AswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;aswMon2; C:\windows\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2002-10-16 947884]
R3 E100B;Intel(R) PRO Adapter Driver; C:\windows\system32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 HPFXBULK;HPFXBULK; C:\windows\system32\drivers\hpfxbulk.sys [2007-07-16 17432]
R3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\windows\system32\drivers\NMSCFG.SYS []
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 BT848;BtCap, WDM Video Capture; C:\windows\system32\drivers\BT848.sys [2001-10-26 266008]
S2 BTTUNER;BtTuner, WDM TvTuner; C:\windows\system32\drivers\BTTUNER.sys [2001-03-07 18944]
S2 BTXBAR;BtXBar, WDM Crossbar; C:\windows\system32\drivers\BTXBAR.sys [1999-07-21 13308]
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\windows\system32\DRIVERS\activhidsermini.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dot4;Ovladač MS IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 FileObjInfo;STFileDriver; \??\C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 prmvmouse;Promethean HID Mouse Service; C:\windows\system32\DRIVERS\activmouse.sys []
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
S3 scsiscan;Ovladač skeneru SCSI; C:\windows\system32\DRIVERS\scsiscan.sys [2008-04-13 11520]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 NMSSvc;Intel(R) NMS; C:\WINDOWS\system32\NMSSvc.exe [2002-05-03 1118208]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvsvc32.exe [2002-10-25 65536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250056]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 InvokerUpdateService;InvokerUpdateService; C:\Program Files\LightComp\Tests Checker\InvokerService.exe [2007-03-18 176128]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Log vypadá OK. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

Žádný log není, vše prošlo bez problémů No Threads Detected.

Tak záhada aktivity po síti vyřešena. Příspěla k tomu utilitka stažená z http://www.ethereal.com
Na vině je prográmek nainstalovaný na různých počítačích v síti LAN - HP Toolbox Fx - pro obsluhu a nastavování síťové tiskárny HP CP1520 Color LaserJet. Nevím proč, ale počítače s tímto programem mezi sebou neustále vyměňují nějaké pakety a proto je u nich neustálá síťová aktivita.
Tímto se omlouvám všem, keté jsem zdržel, především Rudymu. Opravdu jsem nevěděl, že toto může způsobovat tento program. Mylně jsem se domníval, že počítač je nakažen nějakým virem nebo mallware.
Moc všem děkuji za pomoc a trpělivost.
Hezký den.

Mně jste určitě nezdržel, mám alespoň nový poznatek. Děkuji. Sw od HP je celkem znám tím, že je jednak objemný a za druhé je v něm dost věcí, které cpou na interent. Pokud fyzicky někomu instaluji tiskárnu, natáhnu sw pouze v minimální verzi (pouze ovladače) a tím je tento problém vyřešen.

S dovolením to zde zamknu