VIRY.CZ

Dobrý deň,
potreboval by som ešte raz skontrolovat log, PC sa chová občas divne, napr. v sobotu behom nečinnosti (šetrič-vypnutý monitor) sa sám "zatvoril" firefox a vedla hodín v oznamovacej oblasti zmizli všetky ikony vrátane NIS, zostaly tam iba ikony Sandboxie a Intel Rapid Storage, následne po poklepaný na ikonu bezpečnostného balíka NIS na ploche sa nič nedialo, akoby bol NIS nečinný a nešiel otvoriť. Po reštarte sa zdalo byť všetko OK ako predtím, no PC som radšej vypol, a dostal som sa k tomu až dnes. Neviem či to nerobý nejaký z aktualizovaných programov/aktualizácií OS, ktorých som za posledný cca týždeň a pol nainštaloval akosi viac, práve preto potrebujem vylúčiť malware/rootkit.

Sorry že zas otravujem, nie je to ani týždeň čo sme riešili preventívku, za prípadnú pomoc vďaka.

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2012-11-26 13:10:13
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 72 GB (66%) free of 110 GB
Total RAM: 8175 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:10:14, on 26. 11. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4014338055-4150777085-4270223323-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4014338055-4150777085-4270223323-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7688 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Sandboxie\SbieSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session
"taskhost.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe" /c /a /s UserSession
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
RPMDaemon.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe" -m
"C:\Windows\SysWOW64\HsMgr.exe" Envoke
"C:\Windows\system\HsMgr64.exe" Envoke
"C:\Program Files\Sandboxie\SbieCtrl.exe"
"C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\user\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\x9yuzxpb.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.257 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.257 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
GBHO.BHO - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll [2012-10-18 498584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL [2012-09-06 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1d09c093-f71e-43c3-b948-19316cbd695e} - Smart Recovery 2 - C:\Windows\system32\mscoree.dll [2010-11-21 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll [2012-10-18 498584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
"Cmaudio8788GX"=C:\Windows\syswow64\HsMgr.exe [2008-07-11 200704]
"Cmaudio8788GX64"=C:\Windows\system\HsMgr64.exe [2008-07-11 282112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"=C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2010-08-23 2552320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2012-08-25 765200]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-02-09 284184]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"=C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [2007-07-26 20480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-20 11:12:09 ----D---- C:\_OTL
2012-11-18 23:43:41 ----D---- C:\rsit
2012-11-18 23:43:41 ----D---- C:\Program Files\trend micro
2012-11-17 03:02:45 ----A---- C:\Windows\system32\Wdfres.dll
2012-11-17 03:02:45 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2012-11-17 03:02:45 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2012-11-17 03:00:50 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-11-17 03:00:50 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-11-17 03:00:50 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-11-17 03:00:50 ----A---- C:\Windows\system32\mshtmled.dll
2012-11-17 03:00:50 ----A---- C:\Windows\system32\ieui.dll
2012-11-17 03:00:49 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-11-17 03:00:49 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-11-17 03:00:49 ----A---- C:\Windows\SYSWOW64\url.dll
2012-11-17 03:00:49 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-11-17 03:00:49 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-11-17 03:00:49 ----A---- C:\Windows\system32\urlmon.dll
2012-11-17 03:00:49 ----A---- C:\Windows\system32\url.dll
2012-11-17 03:00:49 ----A---- C:\Windows\system32\msfeeds.dll
2012-11-17 03:00:49 ----A---- C:\Windows\system32\jscript9.dll
2012-11-17 03:00:49 ----A---- C:\Windows\system32\ieUnatt.exe
2012-11-17 03:00:48 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-11-17 03:00:48 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-11-17 03:00:48 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-11-17 03:00:48 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-11-17 03:00:48 ----A---- C:\Windows\system32\wininet.dll
2012-11-17 03:00:48 ----A---- C:\Windows\system32\vbscript.dll
2012-11-17 03:00:48 ----A---- C:\Windows\system32\jsproxy.dll
2012-11-17 03:00:48 ----A---- C:\Windows\system32\jscript.dll
2012-11-17 03:00:48 ----A---- C:\Windows\system32\iertutil.dll
2012-11-17 03:00:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-11-17 03:00:47 ----A---- C:\Windows\system32\mshtml.dll
2012-11-17 03:00:46 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-11-17 03:00:46 ----A---- C:\Windows\system32\ieframe.dll
2012-11-17 03:00:16 ----A---- C:\Windows\system32\WUDFSvc.dll
2012-11-17 03:00:16 ----A---- C:\Windows\system32\WUDFPlatform.dll
2012-11-17 03:00:16 ----A---- C:\Windows\system32\WUDFHost.exe
2012-11-17 03:00:16 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2012-11-17 03:00:16 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2012-11-17 03:00:16 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2012-11-17 03:00:15 ----A---- C:\Windows\system32\WUDFx.dll
2012-11-16 23:39:34 ----A---- C:\Windows\SYSWOW64\dhcpcsvc6.dll
2012-11-16 23:39:34 ----A---- C:\Windows\SYSWOW64\dhcpcore6.dll
2012-11-16 23:39:34 ----A---- C:\Windows\system32\win32k.sys
2012-11-16 23:39:34 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2012-11-16 23:39:34 ----A---- C:\Windows\system32\dhcpcore6.dll
2012-11-16 23:39:33 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2012-11-16 23:39:33 ----A---- C:\Windows\SYSWOW64\netevent.dll
2012-11-16 23:39:33 ----A---- C:\Windows\SYSWOW64\netcorehc.dll
2012-11-16 23:39:33 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2012-11-16 23:39:33 ----A---- C:\Windows\system32\nlasvc.dll
2012-11-16 23:39:33 ----A---- C:\Windows\system32\nlaapi.dll
2012-11-16 23:39:33 ----A---- C:\Windows\system32\netevent.dll
2012-11-16 23:39:33 ----A---- C:\Windows\system32\netcorehc.dll
2012-11-16 23:39:33 ----A---- C:\Windows\system32\ncsi.dll
2012-11-16 23:39:33 ----A---- C:\Windows\system32\iphlpsvc.dll
2012-11-16 23:39:33 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2012-11-16 23:39:33 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-11-16 23:39:30 ----A---- C:\Windows\SYSWOW64\synceng.dll
2012-11-16 23:39:30 ----A---- C:\Windows\system32\synceng.dll
2012-11-11 04:20:03 ----D---- C:\Users\user\AppData\Roaming\foobar2000
2012-11-11 04:19:25 ----D---- C:\Program Files (x86)\foobar2000

======List of files/folders modified in the last 1 month======

2012-11-26 13:10:13 ----D---- C:\Windows\Temp
2012-11-26 13:08:06 ----D---- C:\Windows\SysWOW64
2012-11-26 12:21:23 ----SD---- C:\ProgramData\Microsoft
2012-11-26 12:16:08 ----D---- C:\Windows
2012-11-26 12:16:08 ----A---- C:\Windows\Sandboxie.ini
2012-11-26 11:19:11 ----D---- C:\Windows\system32\config
2012-11-26 11:10:20 ----D---- C:\Windows\System32
2012-11-26 11:10:20 ----D---- C:\Windows\inf
2012-11-26 11:10:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-26 11:05:51 ----SHD---- C:\System Volume Information
2012-11-26 11:05:49 ----D---- C:\ProgramData\NVIDIA
2012-11-21 16:07:34 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-20 18:46:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-11-20 11:12:10 ----D---- C:\Windows\system32\drivers\etc
2012-11-18 23:43:41 ----RD---- C:\Program Files
2012-11-17 23:36:23 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-11-17 23:36:19 ----D---- C:\Program Files\NVIDIA Corporation
2012-11-17 23:35:25 ----D---- C:\Windows\system32\drivers
2012-11-17 23:35:23 ----D---- C:\Windows\system32\catroot
2012-11-17 23:35:21 ----D---- C:\Windows\system32\DriverStore
2012-11-17 06:08:27 ----D---- C:\Windows\rescache
2012-11-17 03:46:47 ----D---- C:\Windows\Microsoft.NET
2012-11-17 03:46:46 ----RSD---- C:\Windows\assembly
2012-11-17 03:12:03 ----D---- C:\Windows\winsxs
2012-11-17 03:11:07 ----D---- C:\Windows\SYSWOW64\migration
2012-11-17 03:11:07 ----D---- C:\Windows\SYSWOW64\en-US
2012-11-17 03:11:07 ----D---- C:\Windows\system32\wbem
2012-11-17 03:11:07 ----D---- C:\Windows\system32\migration
2012-11-17 03:11:07 ----D---- C:\Windows\system32\en-US
2012-11-17 03:11:07 ----D---- C:\Windows\system32\drivers\en-US
2012-11-17 03:11:07 ----D---- C:\Program Files (x86)\Internet Explorer
2012-11-17 03:11:06 ----RSD---- C:\Windows\Fonts
2012-11-17 03:11:06 ----D---- C:\Windows\system32\sk-SK
2012-11-17 03:11:06 ----D---- C:\Program Files\Internet Explorer
2012-11-17 03:03:55 ----SHD---- C:\Windows\Installer
2012-11-17 03:00:54 ----D---- C:\Windows\system32\catroot2
2012-11-17 03:00:25 ----A---- C:\Windows\system32\MRT.exe
2012-11-11 04:19:25 ----RD---- C:\Program Files (x86)
2012-11-10 19:57:16 ----D---- C:\Windows\system32\Tasks
2012-11-10 19:52:47 ----D---- C:\ProgramData\Norton
2012-11-10 19:52:05 ----D---- C:\Windows\system32\drivers\NISx64
2012-11-10 19:51:11 ----D---- C:\Program Files\Symantec
2012-11-10 19:50:39 ----D---- C:\Program Files (x86)\NortonInstaller

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-02-09 555032]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [2012-10-03 493216]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [2012-10-03 1133216]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-24 1384608]
R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-10-03 168096]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-08-09 484512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-11-09 513184]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS [2012-09-06 37496]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [2012-09-06 224416]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS [2012-09-06 432800]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface; C:\Windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-11-26 25640]
R3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2012-11-26 30528]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121125.006\ENG64.SYS [2012-11-09 126112]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20121125.006\EX64.SYS [2012-11-09 2084000]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2012-08-25 202632]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS [2012-10-08 776864]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-11-10 177312]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DES2 Service;DES2 Service for Energy Saving.; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-09 13336]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-10-10 143928]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2012-08-25 123664]
R2 Smart TimeLock;Smart TimeLock Service; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-20 115168]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-03 1255736]

-----------------EOF-----------------

Log vypadá OK. Nejprve zkuste obnovu systému k datu, kdy korektně fungoval.

Zdravím,
ďakujem za kontrolu logu, malware to teda nie je,
trocha som googlil a vyzerá to že pôvodcom mojich problémov je antivirus resp. jeho najnovšia verzia.
Niektorý ludia opisujú podobné prejavy ako zaznamenávam ja od doby updatu. Tak budem čakať na opravnú verziu,
prechádzať na iný produkt sa mi nechce, mám ešte predplatné a doteraz som bol velmi spokojný.
Pekný zvyšok dňa prajem, P.

Nemáte zač!