Logi - Czy pracodawca mnie szpieguje

Ostatnio u mnie w firmie była przeprowadzona akcja z przeinstalowywaniem systemów, tworzeniem sieci i wieloma innymi zadaniami. Zastanawiam się czy przy tej okazji pracodawca nie pokusił się o monitorowanie odwiedzanych przeze mnie stron.

Nie wiem czy to pomoże, ale na potrzeby tego pytania stworzyłem log z Hijacka i ComboFix
Proszę o analizę w kontekście tematu oraz w poszukiwaniu ewentualnych szkodników

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:35:22, on 2008-04-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Documents and Settings\Krzysztof Środa\Pulpit\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: dyski_aplociennik.bat
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E04B92E-DFC8-406D-A246-F30BB559299C}: NameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{857443A0-128A-415B-B330-8A4CE6722125}: NameServer = 10.0.0.2
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9057 bytes

ComboFix 08-03-30.5 - aplociennik 2008-04-01 9:43:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.188 [GMT 2:00]
Running from: C:\Documents and Settings\Krzysztof Środa\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-03-30 19:48 . 2008-03-30 19:48 <DIR> d-------- C:\Documents and Settings\Rafal\Dane aplikacji\Nero
2008-03-30 01:22 . 2008-03-30 01:22 <DIR> d-------- C:\Documents and Settings\Monika\Dane aplikacji\AdobeUM
2008-03-30 01:21 . 2008-03-30 01:21 <DIR> d-------- C:\Documents and Settings\Monika\Dane aplikacji\CyberLink
2008-03-30 01:14 . 2008-03-30 01:14 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-25 10:55 . 2008-03-25 10:55 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-25 10:52 . 2007-09-25 00:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-17 15:33 . 2008-03-17 15:33 <DIR> d-------- C:\Program Files\AIDA32 - Enterprise System Information
2008-03-10 13:45 . 2008-03-10 13:45 446,464 --a------ C:\EWIDENCJA PRZESYLEK.xls
2008-03-06 12:43 . 2008-03-06 12:43 1,151,960 --a------ C:\F-V1.JPG
2008-03-04 12:57 . 2008-03-04 12:57 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-03-04 12:57 . 2008-03-10 13:46 <DIR> d-------- C:\Documents and Settings\Krzysztof Środa\Dane aplikacji\FileZilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 06:42 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-01 05:51 93,704 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-04-01 05:51 93,704 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-04-01 05:51 1,264 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-04-01 05:51 1,264 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-04-01 05:50 13,880 ----a-w C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-04-01 05:50 --------- d-----w C:\Documents and Settings\Krzysztof Środa\Dane aplikacji\OpenOffice.org2
2008-03-28 11:38 --------- d-----w C:\Documents and Settings\Krzysztof Środa\Dane aplikacji\AdobeUM
2008-03-25 08:54 --------- d-----w C:\Program Files\OpenOffice.ux.pl 2.0
2008-03-25 08:52 --------- d-----w C:\Program Files\Java
2008-03-25 08:46 --------- d-----w C:\Documents and Settings\Krzysztof Środa\Dane aplikacji\OpenOffice.ux.pl2
2008-02-27 13:17 --------- d-----w C:\Documents and Settings\Krzysztof Środa\Dane aplikacji\uTorrent
2008-02-27 07:52 --------- d-----w C:\Program Files\uTorrent
2008-02-19 22:36 --------- d-----w C:\Documents and Settings\Monika\Dane aplikacji\OpenOffice.ux.pl2
2007-11-29 07:29 12,241 ----a-w C:\Documents and Settings\Krzysztof Środa\unins000.dat
2007-11-29 07:29 12,241 ----a-w C:\Documents and Settings\Krzysztof Środa\unins000.dat
2007-11-29 07:28 687,176 ----a-w C:\Documents and Settings\Krzysztof Środa\unins000.exe
2007-11-29 07:28 687,176 ----a-w C:\Documents and Settings\Krzysztof Środa\unins000.exe
2007-09-09 13:12 696,970 ----a-w C:\Documents and Settings\Krzysztof Środa\4crm.exe
2007-09-09 13:12 696,970 ----a-w C:\Documents and Settings\Krzysztof Środa\4crm.exe
2003-02-21 13:42 348,160 ----a-w C:\Documents and Settings\Krzysztof Środa\msvcr71.dll
2003-02-21 13:42 348,160 ----a-w C:\Documents and Settings\Krzysztof Środa\msvcr71.dll
2002-06-06 10:01 8,643 ----a-w C:\Documents and Settings\Krzysztof Środa\labels.reg
2002-06-06 10:01 8,643 ----a-w C:\Documents and Settings\Krzysztof Środa\labels.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 15:52 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 18:09 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 11:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 11:31 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 12:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 12:12 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 12:11 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 15:17 192512]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 11:03 2893824]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 17:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 17:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 17:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 17:00 455168]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 19:59 49152]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 14:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 16:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-06-06 12:52 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 15:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 11:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-07-25 14:34 81920]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 18:26 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-28 20:37 172032]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2007-07-23 19:30 406832]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2007-07-11 16:17 27952]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-10 12:40 1828136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 17:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\Monika\Menu Start\Programy\Autostart\
dyski_mgalant.bat [2008-03-30 20:36:41 515]

C:\Documents and Settings\Rafal\Menu Start\Programy\Autostart\
dyski_rdalberg.bat [2008-03-30 20:48:18 405]

C:\Documents and Settings\Krzysztof —roda\Menu Start\Programy\Autostart\
dyski_aplociennik.bat [2008-03-30 20:47:05 408]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 21:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 10:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 10:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 10:33]
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 12:27]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 12:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 10:33]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-06 13:01]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-05-23 16:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 10:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 10:33]
R2 cpoint;cpoint;C:\WINDOWS\system32\drivers\cpoint.sys [2007-06-08 09:44]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 14:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 19:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 15:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 17:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 16:57]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 16:43]
R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 19:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 NTProcDrv;Process creation detector for NT.;C:\Documents and Settings\Krzysztof Środa\Moje dokumenty\NtProcDrv.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25784d0a-deba-11dc-b695-0014a452eb46}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6efe758c-a3cf-11dc-b647-0014a452eb46}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6efe758e-a3cf-11dc-b647-0014a452eb46}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-05-18 13:41:42 C:\WINDOWS\Tasks\Wiersz polecenia.job"
- C:\WINDOWS\system32\cmd.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 09:46:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-01 9:48:13
ComboFix-quarantined-files.txt 2008-04-01 07:47:57
Pre-Run: 4,684,550,144 bajtów wolnych
Post-Run: 4,684,107,776 bajtów wolnych
.
2008-03-12 07:07:27 --- E O F ---

Z góry dzięki za pomoc

wyłącz w Menedżer Zadań, zanacz w logu i usuń (FIX) w Hijackthis:
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe , potem usuń ręcznie plik RUNXMLPL.exe z dysku.

Wykonane
Czy jeszcze coś? Co to za proces hkcmd.exe?
I oczywiście jeśli ktoś zna odpowiedź to ponawiam pytanie jak w temacie..

Zeby cie kontrolować pracodawca wcale nie musi nic instalowac na twoim kompie - wystarczy ze przejrzy logi z routera - niestety nie masz na to żadnego wpływu.