Utilizamos Cookies de terceros para generar estadísticas de audiencia y mostrar publicidad personalizada analizando tu navegación. Si sigues navegando estarás aceptando su uso. Más información X
PortadaForo AyudaTutoriales
InicioForosForo Virus

Cómo eliminar troyano
marinalope
2010-03-08 19:53 - Respuestas: 24 - Tema nº: 2666958

Descarga el Combofix y se lo pasas.
No requiere instalación. Se descarga y se deja en el escritorio
En el caso de Windows vista (Y supongo que también en Windows 7), se debe ejecutar como administrador (Boton derecho-ejecutar como
administrador)
Se recomienda desactivar temporalmente el antivirus, ya que algunos pueden detectarlo como virus (es un falso positivo, esto es por los códigos que
necesita ejecutar)
Se hace doble click en el arcihivo combofix.exe y se aceptan los términos de uso
Se abrirá una ventana de DOS. Los íconos del escritorio desaparecerán (Esto es normal) y aparecerá ese mensaje:"Please, wait. ComboFix is preparing to run". "Attempting to create a new restore point".
Traducido, dice algo así como ComboFix se está preparando para ejecutarse y está intentando crear un nuevo punto de Restauración del Sistema.
Después comenzará el proceso de desinfección. No se debe mover el mouse para no interferir
En caso de que se use Windows XP se reiniciará automáticamente (No se debe reiniciar manualmente). En Vista esto no es necesario.
Después pega un nuevo log.
Posibles soluciones:
Cómo eliminar troyanoCómo eliminar troyano
Como eliminar virus troyano que no puedo eliminarComo eliminar virus troyano que no puedo eliminar
Como eliminar troyano ciaComo eliminar troyano cia
Como eliminar troyanoComo eliminar troyano
Como eliminar un troyanoComo eliminar un troyano
davidamigo

Re: Cómo eliminar troyano - 2010-03-08 21:05 - Respuesta 17

Se lo he pasado, y el log que me da al acabar es el siguiente:

ComboFix 10-03-08.01 - David 08/03/2010 20:48:39.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.34.3082.18.2046.1313 [GMT 1:00]
Running from: d:\users\David\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\windows\Suyin.reg

.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-08 19:55 . 2010-03-08 19:55 d-w- C:\Device
2010-03-08 19:54 . 2010-03-08 19:56 d-w- c:\users\David\AppData\Local\temp
2010-03-08 19:54 . 2010-03-08 19:54 d-w- c:\users\Default\AppData\Local\temp
2010-03-08 19:47 . 2010-03-08 19:48 d-w- C:\32788R22FWJFW
2010-03-06 02:33 . 2010-03-06 02:33 d-w- c:\users\David\AppData\Local\ESET
2010-03-05 19:10 . 2010-03-05 19:10 52224 a-w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-05 19:10 . 2010-03-05 19:10 117760 a-w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-05 11:22 . 2010-03-05 11:22 d-w- c:\programdata\SUPERAntiSpyware.com
2010-03-05 11:21 . 2010-03-05 19:10 d-w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com
2010-03-05 10:50 . 2001-10-28 15:42 116224 a-w- c:\windows\system32\pdfcmnnt.dll
2010-03-05 10:50 . 1998-07-05 23:00 23552 a-w- c:\windows\system32\MSMPIDE.DLL
2010-03-05 10:49 . 2010-02-11 07:10 293376 a-w- c:\windows\system32\browserchoice.exe
2010-03-05 10:42 . 2006-12-11 21:12 176235 a-w- c:\windows\system32\Primomonnt.dll
2010-03-05 10:42 . 2010-03-05 10:42 d-w- c:\windows\PrimoPDF
2010-03-05 00:10 . 2010-03-05 00:10 d-w- c:\program files\Trend Micro
2010-03-04 22:39 . 2010-03-04 22:39 d-w- c:\users\David\AppData\Roaming\Malwarebytes
2010-03-04 22:37 . 2010-03-04 22:37 d-w- c:\programdata\Malwarebytes
2010-03-01 00:19 . 2010-03-01 00:19 d-shwe c:\windows\system32\config\systemprofile\Datos de programa
2010-03-01 00:19 . 2010-03-01 00:19 d-shwe c:\windows\system32\config\systemprofile\Configuración local
2010-03-01 00:19 . 2010-03-01 00:19 d-w- c:\users\David\AppData\Local\Programs
2010-02-28 20:00 . 2010-02-28 20:00 dhw- c:\programdata\ArcSoft
2010-02-28 20:00 . 2010-02-28 20:00 d-w- c:\users\David\AppData\Local\ArcSoft
2010-02-28 19:59 . 2010-02-28 20:00 d-w- c:\program files\Common Files\ArcSoft
2010-02-28 19:59 . 2010-02-28 19:59 d-w- c:\program files\ArcSoft
2010-02-28 19:19 . 2009-12-13 09:30 641536 a-w- c:\windows\system32\CPFilters.dll
2010-02-28 19:19 . 2009-12-13 09:30 465408 a-w- c:\windows\system32\psisdecd.dll
2010-02-28 19:19 . 2009-12-13 09:29 417792 a-w- c:\windows\system32\msdri.dll
2010-02-28 19:19 . 2010-02-02 07:45 2048 a-w- c:\windows\system32\tzres.dll
2010-02-18 18:31 . 2010-02-18 18:31 d-w- c:\programdata\Office Genuine Advantage
2010-02-13 16:24 . 2010-02-13 16:24 177024 a-w- c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6lqp7j8o.default\FlashGot.exe
2010-02-10 13:12 . 2009-12-08 08:05 310784 a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 13:12 . 2009-12-08 08:05 113664 a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 13:12 . 2010-01-08 03:17 123392 a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 13:12 . 2010-01-08 03:18 221184 a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 13:12 . 2009-12-08 11:40 3955288 a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 13:12 . 2009-12-08 11:32 292864 a-w- c:\windows\system32\apphelp.dll
2010-02-10 13:12 . 2009-12-08 11:40 3899464 a-w- c:\windows\system32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 19:43 . 2010-01-18 22:49 672988 a-w- c:\windows\system32\prfh0816.dat
2010-03-08 19:43 . 2010-01-18 22:49 131430 a-w- c:\windows\system32\prfc0816.dat
2010-03-08 19:43 . 2009-07-14 08:48 697984 a-w- c:\windows\system32\perfh00A.dat
2010-03-08 19:43 . 2009-07-14 08:48 135616 a-w- c:\windows\system32\perfc00A.dat
2010-03-08 17:32 . 2010-01-18 22:57 d-w- c:\program files\JDownloader
2010-03-06 18:19 . 2010-01-18 20:58 d-w- c:\users\David\AppData\Roaming\Azureus
2010-03-06 01:42 . 2010-01-18 22:18 d-w- c:\program files\Eset
2010-03-05 19:07 . 2010-01-18 23:33 d-w- c:\programdata\Spybot - Search & Destroy
2010-03-05 19:05 . 2010-01-18 14:01 d-w- c:\program files\Common Files\Wise Installation Wizard
2010-03-05 17:43 . 2010-01-18 21:07 85608 a-w- c:\users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-05 10:51 . 2010-01-18 23:16 d-w- c:\program files\PDFCreator
2010-03-02 20:40 . 2010-01-18 16:10 d-w- c:\users\David\AppData\Roaming\ImgBurn
2010-03-02 00:28 . 2010-01-18 13:37 dhw- c:\program files\InstallShield Installation Information
2010-03-01 00:47 . 2010-01-18 23:33 d-w- c:\program files\Spybot - Search & Destroy
2010-02-28 20:00 . 2010-01-25 20:43 d-w- c:\users\David\AppData\Roaming\ArcSoft
2010-02-28 19:59 . 2010-01-18 21:14 d-w- c:\program files\Common Files\InstallShield
2010-02-24 08:16 . 2010-01-18 13:39 181632 w- c:\windows\system32\MpSigStub.exe
2010-02-10 13:13 . 2010-01-19 15:14 d-w- c:\programdata\Microsoft Help
2010-02-02 23:46 . 2010-02-02 23:42 d-w- c:\program files\Win7codecs
2010-02-02 23:45 . 2010-02-02 23:41 d-w- c:\programdata\Win7codecs
2010-02-02 14:13 . 2010-01-18 23:09 d-w- c:\program files\Nero
2010-02-02 14:11 . 2010-01-19 14:47 d-w- c:\programdata\Nero
2010-02-02 14:10 . 2010-01-19 14:47 d-w- c:\program files\Common Files\Nero
2010-02-02 14:02 . 2010-02-02 14:02 d-w- c:\program files\Webteh
2010-01-31 13:22 . 2010-01-31 13:21 d-w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-31 13:22 . 2010-01-31 13:21 d-w- c:\program files\iTunes
2010-01-31 13:21 . 2010-01-31 13:21 d-w- c:\program files\iPod
2010-01-31 13:21 . 2010-01-25 21:00 d-w- c:\program files\Common Files\Apple
2010-01-31 13:17 . 2010-01-31 13:17 79144 a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-28 11:00 . 2010-01-25 20:40 d-w- c:\program files\Microsoft Silverlight
2010-01-27 23:55 . 2010-01-27 23:55 d-w- c:\program files\Common Files\snp2uvc
2010-01-27 23:31 . 2010-01-27 23:31 0 -ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-01-27 23:31 . 2010-01-27 23:31 d-w- c:\program files\Synaptics
2010-01-27 23:28 . 2010-01-27 23:26 d-w- c:\program files\Intel
2010-01-25 22:55 . 2010-01-18 21:05 d-w- c:\program files\HP
2010-01-25 21:04 . 2010-01-18 22:30 d-w- c:\program files\QuickTime
2010-01-25 20:59 . 2010-01-25 20:59 d-w- c:\program files\Apple Software Update
2010-01-25 20:59 . 2010-01-25 20:59 d-w- c:\programdata\Apple
2010-01-25 20:49 . 2010-01-18 22:32 d-w- c:\users\David\AppData\Roaming\Apple Computer
2010-01-25 20:39 . 2010-01-18 22:19 d-w- c:\program files\Microsoft
2010-01-25 16:52 . 2010-01-19 12:34 d-w- c:\users\David\AppData\Roaming\Winamp
2010-01-24 23:53 . 2010-01-24 23:46 d-w- c:\program files\Macromedia
2010-01-24 23:53 . 2010-01-24 23:53 45056 a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
2010-01-24 23:51 . 2010-01-24 23:46 d-w- c:\program files\Common Files\Macromedia
2010-01-23 20:03 . 2010-01-19 21:05 d-w- c:\program files\DAEMON Tools Lite
2010-01-23 17:53 . 2010-01-19 21:19 d-w- c:\program files\Microsoft Works
2010-01-22 23:31 . 2010-01-22 23:31 d-w- c:\program files\MSXML 4.0
2010-01-22 21:25 . 2010-01-22 21:25 d-w- c:\users\David\AppData\Roaming\Telefónica Móviles
2010-01-22 21:24 . 2010-01-22 21:24 d-w- c:\users\David\AppData\Roaming\Sierra Wireless
2010-01-22 21:24 . 2010-01-22 21:24 d-w- c:\program files\Sierra Wireless Inc
2010-01-22 12:59 . 2010-01-22 12:59 411368 a-w- c:\windows\system32\deploytk.dll
2010-01-22 12:18 . 2010-01-19 12:34 d-w- c:\program files\Winamp
2010-01-22 12:18 . 2010-01-19 21:55 d-w- c:\program files\Winamp Detect
2010-01-19 21:54 . 2010-01-19 21:54 d-w- c:\program files\Common Files\PX Storage Engine
2010-01-19 21:19 . 2010-01-19 21:19 d-w- c:\program files\Microsoft.NET
2010-01-19 21:06 . 2010-01-19 21:06 691696 a-w- c:\windows\system32\drivers\sptd.sys
2010-01-19 15:55 . 2010-01-18 23:09 d-w- c:\program files\Common Files\Ahead
2010-01-19 15:55 . 2010-01-19 15:15 d-w- c:\program files\Microsoft Visual Studio 8
2010-01-19 15:16 . 2010-01-19 15:12 d-w- c:\users\David\AppData\Roaming\Nero
2010-01-19 15:09 . 2010-01-19 14:40 d-w- c:\users\David\AppData\Roaming\DAEMON Tools Lite
2010-01-19 14:47 . 2010-01-19 14:40 d-w- c:\programdata\DAEMON Tools Lite
2010-01-18 23:29 . 2010-02-10 13:11 365568 a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 13:11 85504 a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 13:11 85504 a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 13:11 369152 a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 13:11 324608 a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 13:11 277504 a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 13:11 320512 a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 13:11 280064 a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:14 . 2010-01-18 23:14 d-w- c:\users\David\AppData\Roaming\Ahead
2010-01-18 22:57 . 2010-01-18 22:57 d-w- c:\program files\Java
2010-01-18 22:56 . 2010-01-18 22:56 0 a-w- c:\windows\nsreg.dat
2010-01-18 22:49 . 2009-07-14 04:52 d-w- c:\program files\Windows Sidebar
2010-01-18 22:49 . 2009-07-14 02:37 d-w- c:\program files\Windows Mail
2010-01-18 22:49 . 2009-07-14 04:52 d-w- c:\program files\DVD Maker
2010-01-18 22:49 . 2009-07-14 09:08 d-w- c:\program files\Windows Journal
2010-01-18 22:49 . 2009-07-14 04:52 d-w- c:\program files\Windows Photo Viewer
2010-01-18 22:49 . 2009-07-14 04:52 d-w- c:\program files\Windows Defender
2010-01-18 22:48 . 2010-01-18 22:49 40548 a-w- c:\windows\system32\prfd0816.dat
2010-01-18 22:48 . 2010-01-18 22:49 336656 a-w- c:\windows\system32\prfi0816.dat
2010-01-18 22:48 . 2010-01-18 22:49 40548 a-w- c:\windows\inf\PERFLIB\0816\perfd.dat
2010-01-18 22:48 . 2010-01-18 22:49 40548 a-w- c:\windows\inf\PERFLIB\0816\perfc.dat
2010-01-18 22:48 . 2010-01-18 22:49 336656 a-w- c:\windows\inf\PERFLIB\0816\perfi.dat
2010-01-18 22:48 . 2010-01-18 22:49 336656 a-w- c:\windows\inf\PERFLIB\0816\perfh.dat
2010-01-18 22:42 . 2010-01-18 22:42 31548 a-w- c:\windows\inf\PERFLIB\0409\perfd.dat
2010-01-18 22:42 . 2010-01-18 22:42 31548 a-w- c:\windows\inf\PERFLIB\0409\perfc.dat
2010-01-18 22:42 . 2010-01-18 22:42 291294 a-w- c:\windows\inf\PERFLIB\0409\perfi.dat
2010-01-18 22:42 . 2010-01-18 22:42 291294 a-w- c:\windows\inf\PERFLIB\0409\perfh.dat
2010-01-18 22:32 . 2010-01-18 22:30 d-w- c:\programdata\Apple Computer
2010-01-18 22:27 . 2010-01-18 22:27 d-w- c:\programdata\eMule
2010-01-18 22:26 . 2010-01-18 22:26 d-w- c:\program files\eMule
2010-01-18 22:18 . 2010-01-18 22:18 d-w- c:\program files\Windows Live
2010-01-18 22:18 . 2010-01-18 22:18 d-w- c:\program files\Windows Live SkyDrive
2010-01-18 22:14 . 2010-01-18 22:14 d-w- c:\program files\Common Files\Windows Live
2010-01-18 22:09 . 2010-01-18 21:04 d-w- c:\programdata\HP
2010-01-18 22:02 . 2010-01-18 22:02 d-w- c:\program files\AKVIS
2010-01-18 21:15 . 2010-01-18 21:13 d-w- c:\users\David\AppData\Roaming\HP
2010-01-18 21:13 . 2010-01-18 21:13 d-w- c:\programdata\WEBREG
2010-01-18 21:12 . 2010-01-18 21:12 d-w- c:\programdata\Hewlett-Packard
2010-01-18 21:12 . 2010-01-18 21:12 0 -ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-06-10 21:26 . 2009-07-14 02:04 9633792 sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13797920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-07-13 33304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [x]
R3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\DRIVERS\scrswi.sys [2009-04-14 44288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\system32\DRIVERS\swnc8u90.sys [2009-04-14 167040]
R3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\system32\DRIVERS\swumx90.sys [2009-04-14 143360]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-07-01 232472]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-19 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 netw5v32;Controlador del adaptador Intel(R) Wireless WiFi Link 5000 Series para Windows Vista de 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-06-24 44544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
- Supplementary Scan -
.
uStart Page = hxxp://www.recrutamento.tap.pt/ListaConcursos
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6lqp7j8o.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-tuvuuusys - mlmljj.dll
HKU-Default-Run-ursqomsys - mlmljj.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84A721F8] DumpProcedure -> 0x69646d4d
user & kernel MBR OK

**************************************************************************
.
- LOCKED REGISTRY KEYS -

[HKEY_USERS\S-1-5-20\Software\Microsoft\MPEG2Demultiplexer\Program]
@DACL=(02 0000)
"Clock"=dword:00000001
"ClockSlaveMinSamplingWindowMillis"=dword:000007d0
"ClockSlaveHistoryMillis"=dword:0003a980
"ClockSlaveMinSlavable"=dword:0000005f
"ClockSlaveMaxSlavable"=dword:00000069
"ShiftMaxGlitchesPerHour"=dword:0000003c
"OverPadMillis"=dword:00000032
"MinDownstreamBufferingMillis"=dword:000000c8
"ClockSlaveSettlingMillis"=dword:00002710
"ReportDiscontinuities"=dword:00000001
"SetSyncPoints"=dword:00000001
"AudioPTSOffsetMs"=dword:00000000
"VideoPTSOffsetMs"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ashx\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asmx\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.axd\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cdda\OpenWithList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cdda\OpenWithProgIds]
@DACL=(02 0000)
"QuickTime.cdda"=hex(0):
@=""
"iTunes.cdda"=hex:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.config\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cs\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.disco\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gsm\OpenWithProgIds]
@DACL=(02 0000)
"QuickTime.gsm"=hex(0):

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pcb\PCBFile]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rem\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.resx\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sdp\OpenWithProgIds]
@DACL=(02 0000)
"QuickTime.sdp"=hex(0):

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtm\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.soap\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vb\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.web\OpenWithList]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wll\Word.Addin.8]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMD\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMD"=hex(0):

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMS\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMS"=hex(0):

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmz\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMZ"=hex(0):

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020800-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Graph, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Graph.GlobalClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020812-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Excel, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Excel.GlobalClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020818-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Excel, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Excel.OLEObjectClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020819-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Excel, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Excel.WorkbookClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Excel, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Excel.WorksheetClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020821-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Excel, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Excel.ChartClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020906-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Word, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Word.DocumentClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000209F0-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Word, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Word.GlobalClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000209F1-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Word, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Word.LetterContentClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000209F2-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Word, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Word.OLEControlClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000209F4-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Word, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Word.ParagraphFormatClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000209F5-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Word, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Word.FontClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Word, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Word.ApplicationClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00024500-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Excel, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Excel.ApplicationClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E101-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.VBProjectsClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E119-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.ReferencesEventsClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E132-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.CommandBarEventsClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E169-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.VBProjectClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E170-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.CodeModuleClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E174-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.CodePanesClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E178-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.CodePaneClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E17C-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.ReferencesClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E185-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.WindowsClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E187-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.LinkedWindowsClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0002E18B-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Assembly"="Microsoft.Vbe.Interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Vbe.Interop.PropertiesClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F023-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Outlook._RecipientControlClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F024-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Outlook._DocSiteControlClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F03A-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"Class"="Microsoft.Office.Interop.Outlook.ApplicationClass"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F04A-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkCommandButtonClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F04B-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkOptionButtonClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F04C-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkCheckBoxClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F04D-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkComboBoxClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F04E-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkListBoxClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F04F-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkContactPhotoClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F050-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkBusinessCardControlClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F051-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkTimeControlClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F053-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkCategoryClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F054-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkInfoBarClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F055-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkPageControlClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F056-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkDateControlClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F057-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkFrameHeaderClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F058-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkSenderPhotoClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F067-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkLabelClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0006F068-0000-0000-C000-000000000046}\InprocServer32\12.0.0.0]
@DACL=(02 0000)
"Class"="Microsoft.Office.Interop.Outlook.OlkTextBoxClass"
"Assembly"="Microsoft.Office.Interop.Outlook, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InprocServer32]
@DACL=(02 0000)
"Class"="Microsoft.Office.Core.CustomXMLSchemaCollectionClass"
"Assembly"="office, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
"RuntimeVersion"="v1.1.4322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0101014E-D958-4d10-82A1-9195E2220B66}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Windows Live\\Messenger\\wlcui.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0101014E-D958-4d10-82A1-9195E2220B66}\ProgID]
@DACL=(02 0000)
@="WlcUI.PhoneNumber.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0101014E-D958-4d10-82A1-9195E2220B66}\Programmable]
@DACL=(02 0000)
@="{534E82CE-8042-4f98-ACD8-A3858BCBED0F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0101014E-D958-4d10-82A1-9195E2220B66}\TypeLib]
@DACL=(02 0000)
@="{534E82CE-8042-4f98-ACD8-A3858BCBED0F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0101014E-D958-4d10-82A1-9195E2220B66}\VersionIndependentProgID]
@DACL=(02 0000)
@="WlcUI.PhoneNumber"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0284338F-FDBA-4659-AFB6-7C10E1CDBF7F}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Windows Live\\Messenger\\wlcui.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0284338F-FDBA-4659-AFB6-7C10E1CDBF7F}\ProgID]
@DACL=(02 0000)
@="WlcUI.DialerWindow.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0284338F-FDBA-4659-AFB6-7C10E1CDBF7F}\Programmable]
@DACL=(02 0000)
@="{534E82CE-8042-4f98-ACD8-A3858BCBED0F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0284338F-FDBA-4659-AFB6-7C10E1CDBF7F}\TypeLib]
@DACL=(02 0000)
@="{534E82CE-8042-4f98-ACD8-A3858BCBED0F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0284338F-FDBA-4659-AFB6-7C10E1CDBF7F}\VersionIndependentProgID]
@DACL=(02 0000)
@="WlcUI.DialerWindow"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D04D285-6BEC-11CF-8B97-00AA00476DA6}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.OldHTMLFormElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{163BB1E1-6E00-11CF-837A-48DC04C10000}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLLocationClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C109E4C-2F30-4EA3-A57A-A290877A2303}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\HWDeviceLogin.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C109E4C-2F30-4EA3-A57A-A290877A2303}\ProgID]
@DACL=(02 0000)
@="HWDeviceLogin.IDHWDevice.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C109E4C-2F30-4EA3-A57A-A290877A2303}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C109E4C-2F30-4EA3-A57A-A290877A2303}\TypeLib]
@DACL=(02 0000)
@="{23CBD637-D6BD-4A9B-B88B-CACA7881806B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C109E4C-2F30-4EA3-A57A-A290877A2303}\Version]
@DACL=(02 0000)
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C109E4C-2F30-4EA3-A57A-A290877A2303}\VersionIndependentProgID]
@DACL=(02 0000)
@="HWDeviceLogin.IDHWDevice"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F241-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLImgClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F245-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLSelectElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F246-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLTableCellClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F248-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLAnchorElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F249-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLDivPositionClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F24A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLBodyClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F24D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLOptionElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F24E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLObjectElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F251-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLFormElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F252-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLHRElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F25D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLEmbedClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F268-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLUnknownElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F269-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLUListElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F26A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLTextElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F26B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLTableClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F26C-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLTableColClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F26D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLTableRowClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F26E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLPhraseElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F26F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLParaElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F270-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLOListElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F271-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLMapElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F272-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLListElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F273-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLLIElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F275-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLMetaElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F276-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLBaseElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F277-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLLinkElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F278-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLIsIndexElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F279-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLNextIdElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F27A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLHeaderElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F27B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLFontElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F27C-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLDTElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F27D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLDListElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F27E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLDivElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F27F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLDDElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F280-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLBRElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F281-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLBlockElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F282-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLBaseFontElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F283-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLAreaElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F284-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLTitleElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F285-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLStyleClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F28A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLDialogClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F28C-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLScriptElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2AB-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLInputTextElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2AC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLTextAreaElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2AE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLInputFileElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2B4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLInputButtonElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2B9-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLMarqueeElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2BE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLOptionButtonElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2C4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.htmlInputImageClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2C6-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLButtonElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2DF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLRichtextElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2E4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLStyleSheetClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2E9-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLTableSectionClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F2EC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLTableCaptionClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F312-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLFrameBaseClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F314-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLFrameElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F316-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLIFrameClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F317-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLCommentElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F31A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLFrameSetSiteClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F32B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLLabelElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F35D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLScreenClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F370-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLBGsoundClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F37D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLStyleElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F37F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLStyleSheetsCollectionClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F38B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLNoShowElementClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F38D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLOptionElementFactoryClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F38F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLImageElementFactoryClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v1.0.3705"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F3CD-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32]
@DACL=(02 0000)
"Class"="mshtml.HTMLStyleSheetRulesCollectionClass"
"Assembly"="Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"Runti
marinalope

Re: Cómo eliminar troyano - 2010-03-08 21:07 - Respuesta 18

Pega el log del HijackThis.
davidamigo

Re: Cómo eliminar troyano - 2010-03-08 21:08 - Respuesta 19

Sí, perdona, estaba leyendo el post y justo cuando me escribiste vi que no estaba bien... Aquí lo tienes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:27, on 08/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.recrutamento.tap.pt/ListaConcursos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


End of file - 5526 bytes
marinalope

Re: Cómo eliminar troyano - 2010-03-08 21:13 - Respuesta 20

Parece que por fin el log sale limpio.Ve a inicio>ejecutar>escribe %temp% ,elimina todo lo que te aparezca en la carpeta,pasa CCleaner y Regseeker para limpiar temporales y registro y dinos si ahora te va bien.
Página:Anterior4 Siguiente

Respuestas relacionadas:

Como eliminar un troyanoComo eliminar un troyanoForo
¿como eliminar troyano?¿como eliminar troyano?Foro
Como eliminar un troyano de mi pcComo eliminar un troyano de mi pcForo
Como eliminar un troyanoComo eliminar un troyanoForo
Como eliminar troyanoComo eliminar troyanoForo
Como eliminar troyano backdoorComo eliminar troyano backdoorForo
No se como eliminar un troyano del baulNo se como eliminar un troyano del baulForo
Como eliminar virus (troyano)Como eliminar virus (troyano)Foro
Como eliminar virus troyanoComo eliminar virus troyanoForo
Como eliminar un troyano clickerComo eliminar un troyano clickerForo
InicioSecciones
^ SubirAviso legal
Política Privacidad
Configurarequipos23 Diciembre 2024