ComboFix 15-05-25.01 - Piter 2015-05-26  17:43:03.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.3955.2618 [GMT 2:00]
Uruchomiony z: C:\Users\Piter\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Internet Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Internet Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania


(((((((((((((((((((((((((   Pliki utworzone od 2015-04-26 do 2015-05-26  )))))))))))))))))))))))))))))))


2015-05-26 15:54:59 . 2015-05-26 15:54:59	--------	d-----w-	C:\Users\Public\AppData\Local\temp
2015-05-26 15:54:59 . 2015-05-26 15:54:59	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2015-05-18 20:09:40 . 2015-05-18 20:10:28	--------	d-----w-	C:\Program Files\GIMP 2
2015-05-09 09:13:19 . 2015-05-09 09:13:24	--------	d-----w-	C:\Program Files (x86)\Pony World 3
2015-05-06 20:07:53 . 2015-05-06 20:07:53	--------	d-----w-	C:\Users\Piter\AppData\Roaming\NVIDIA
2015-04-29 14:56:05 . 2015-04-29 14:56:05	--------	d-----w-	C:\NVIDIA
2015-04-29 14:55:22 . 2015-04-29 15:02:34	--------	d-----w-	C:\ProgramData\NVIDIA
2015-04-29 14:39:18 . 2015-02-04 03:56:28	1907400	----a-w-	C:\Windows\system32\nvdispco6434144.dll
2015-04-29 14:39:18 . 2015-02-04 03:56:28	1555656	----a-w-	C:\Windows\system32\nvdispgenco6434144.dll
2015-04-29 14:31:00 . 2015-02-04 02:21:59	6782152	----a-w-	C:\Windows\system32\nvcpl.dll
2015-04-29 14:31:00 . 2015-02-04 02:21:59	3522376	----a-w-	C:\Windows\system32\nvsvc64.dll
2015-04-29 14:31:00 . 2015-02-04 02:21:44	932040	----a-w-	C:\Windows\system32\nvvsvc.exe
2015-04-29 14:31:00 . 2015-02-04 02:21:44	2558792	----a-w-	C:\Windows\system32\nvsvcr.dll
2015-04-29 14:31:00 . 2015-02-04 02:21:43	62792	----a-w-	C:\Windows\system32\nvshext.dll
2015-04-29 14:31:00 . 2015-02-04 02:21:41	384200	----a-w-	C:\Windows\system32\nvmctray.dll
2015-04-29 14:31:00 . 2015-02-03 16:18:34	4229086	----a-w-	C:\Windows\system32\nvcoproc.bin
2015-04-29 14:30:39 . 2015-02-04 03:56:28	72904	----a-w-	C:\Windows\system32\OpenCL.dll
2015-04-29 14:30:39 . 2015-02-04 03:56:28	59592	----a-w-	C:\Windows\SysWow64\OpenCL.dll
2015-04-29 14:30:12 . 2015-04-29 14:54:01	--------	d-----w-	C:\Program Files (x86)\Driver Cleaner
2015-04-29 13:48:31 . 2015-04-29 13:48:31	--------	d-----w-	C:\Users\Piter\AppData\Roaming\toshiba
2015-04-29 13:46:38 . 1999-10-12 16:47:00	24576	----a-w-	C:\Windows\SysWow64\TSCI.dll
2015-04-29 13:46:38 . 1999-10-12 16:45:00	24576	----a-w-	C:\Windows\SysWow64\THCI.dll
2015-04-29 13:35:50 . 2015-04-29 13:36:14	--------	d-----w-	C:\Program Files (x86)\UEFI WinFlash
.


((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-05-19 19:44:29 . 2015-02-09 20:32:39	17920	----a-w-	C:\Windows\SysWow64\rpcnetp.dll
2015-05-19 19:43:29 . 2015-02-09 20:31:42	17920	----a-w-	C:\Windows\SysWow64\rpcnetp.exe
2015-05-19 19:43:29 . 2015-02-09 20:31:42	17920	----a-w-	C:\Windows\system32\rpcnetp.exe
2015-04-19 22:47:38 . 2015-04-19 22:47:40	14480	----a-w-	C:\Windows\system32\drivers\nvflash.sys
2015-04-15 20:21:39 . 2015-02-09 22:37:56	778416	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 20:21:39 . 2015-02-09 22:37:56	142512	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-03 22:11:16 . 2015-04-03 22:11:16	177752	----a-w-	C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2015-03-29 13:14:41 . 2015-03-27 23:35:17	111928	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2015-03-28 22:07:49 . 2015-02-09 23:13:58	98216	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-27 23:35:15 . 2015-03-27 23:35:15	682280	----a-w-	C:\Windows\SysWow64\pbsvc.exe
2015-03-27 23:35:15 . 2015-03-27 23:35:15	66872	----a-w-	C:\Windows\SysWow64\PnkBstrA.exe


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2015-02-09 20:45:34 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll

[-] 2015-02-09 20:45:34 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\SysWOW64\user32.dll
[7] 2010-11-21 03:24:20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 13:05:50	1729744	----a-w-	C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 13:05:50	1729744	----a-w-	C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 13:05:50	1729744	----a-w-	C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 08:17:44 115048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

R0 rpcnetp;rpcnetp;rpcnetp [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys;C:\Windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150519.001\BHDrvx64.sys;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150519.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys;C:\Windows\SYSNATIVE\drivers\NISx64\1507000.00B\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150521.003\IDSvia64.sys;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150521.003\IDSvia64.sys [x]
S2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe;C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe;C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys;C:\Windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;C:\Windows\system32\DRIVERS\enecirhid.sys;C:\Windows\SYSNATIVE\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;C:\Windows\system32\DRIVERS\enecirhidma.sys;C:\Windows\SYSNATIVE\DRIVERS\enecirhidma.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys;C:\Windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys;C:\Windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys;C:\Windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys;C:\Windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

Zawartość folderu 'Zaplanowane zadania'

2015-05-26 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09 22:37:56 . 2015-04-15 20:21:45]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 13:31:34 24376]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 10:21:16 896032]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10:21:16 10134560]

------- Skan uzupełniający -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Piter\AppData\Roaming\Mozilla\Firefox\Profiles\fnjpyw5o.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2

- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Teco - C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe
AddRemove-PunkBusterSvc - C:\Windows\system32\pbsvc.exe