ComboFix 15-12-16.01 - eclub21 16-12-2015 22:42:34.1.

2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.56.3082.18.3483.2233 [GMT -3:00]
Running from: c:\users\eclub21\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2015-11-17 to 2015-12-
17 )))))))))))))))))))))))))))))))
.
.
2015-12-17 01:46 . 2015-12-17 01:46 -------- d-----w-
c:\users\Default\AppData\Local\temp
2015-12-17 01:39 . 2015-12-17 01:39 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-01 21:37 578240 ----a-w- c:\program files\AVAST
Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-27 188224]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-06-12 5708432]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2011-01-31
623520]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01
4085896]
.
c:\users\eclub21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CiberPuesto 4.0 XP.lnk - c:\windows\cp40.exe [2014-7-1 1713664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat
7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft
Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\HotKeysCmds]
2012-07-27 05:20 180544 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-07-27 05:20 144704 ----a-w- c:\windows\System32\igfxtray.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-01 71944]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2014-07-01 8192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MSICDSetup;MSICDSetup;D:\CDriver.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB
Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 IObitUnlocker;IObitUnlocker;c:\program files\IObit\IObit
Unlocker\IObitUnlocker.sys [2014-03-04 30216]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 DeepFrz;DeepFrz; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-23 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-01 414520]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-01
24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-01 67824]
S2 DFServ;DFServ;c:\program files\Faronics\Deep Freeze\Install C-0\DFServ.exe
[2010-05-20 1073664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-
02-16 514152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-
D564-463c-AFF1-A69D9E530F96}]
2015-11-18 02:30 997704 ----a-w- c:\program
files\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-01 18:44]
.
2015-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-01 18:44]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.cl/
IE: &Enviar a OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{55FBD56F-EAA2-422B-999C-9AD8D5ADFD69}: NameServer = 192.168.1.222
.
- - - - ORPHANS REMOVED - - - -
.
Notify-DfLogon - LogonDll.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2900)
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
.
Completion time: 2015-12-16 22:47:55
ComboFix-quarantined-files.txt 2015-12-17 01:47
.
Pre-Run: 477.539.926.016 bytes libres
Post-Run: 477.633.327.104 bytes libres
.
- - End Of File - - 863944FB14EE7D19E129EFE192E69DD9
A36C5E4F47E84449FF07ED3517B43A31