| Hurricane |  |
|
2005-08-10 18:51 - Respuestas: 10 - Tema nº: 39949
Primero haz la limpieza con los programas ya mensionados, y luego le pasas nuevamente el HijackThis (el LOG puede que cambie después de la limpieza inicial...).
Saludos
HURRICANE
| |
|
|
| Cleoh |  |
|
Re: Windows inicia como 1er vez siempre - 2005-08-10 19:04 - Respuesta 7
ok, ya lo hago y te cuento | |
|
|
| Cleoh | |
|
Re: Windows inicia como 1er vez siempre - 2005-08-10 21:12 - Respuesta 8
Bien, le pase el easy cleaner, pero no tengo idea lo que esta bien o lo que esta mal.
Posteo el resumen
HKEY_LOCAL_MACHINE Software\Corel\WritingTools\CorelDraw8\CB Engine\ES 04/08/2005 19:24:35 CBT PATH C:\Corel\Graphics8\programs\wt80es.CBT
HKEY_LOCAL_MACHINE Software\Corel\WritingTools\CorelDraw8\NLIH\User Word List\EA\User Word List 0 04/08/2005 19:24:35 Name C:\Corel\Graphics8\programs\WT80ES.HWL
HKEY_LOCAL_MACHINE Software\Corel\WritingTools\CorelDraw8\NLIH\User Word List\ES\User Word List 0 04/08/2005 19:24:35 Name C:\Corel\Graphics8\programs\WT80ES.HWL
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Help 07/08/2005 21:45:57 INET70US.HLP C:\Corel\Graphics8\shared\help7\INET70US.HLP
HKEY_LOCAL_MACHINE Software\Classes\CorelDraw.WritingTools.8\1,4\PathToIcon 04/08/2005 19:24:13 Text C:\COREL\GRAPHI~1\PROGRAMS\wtspi80.ico
HKEY_LOCAL_MACHINE Software\Classes\CorelDraw.WritingTools.8\1,2\PathToIcon 04/08/2005 19:24:13 Text C:\COREL\GRAPHI~1\PROGRAMS\wtthi80.ico
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{5C104E56-A441-429D-A609-D8A46EB92EA1} 30/07/2005 23:14:25 InstallSource C:\DOCUME~1\JUANAN~1\CONFIG~1\Temp\bye2F.tmp\Disk1\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\960A0171450E9D116A740060B5DB0C5B\SourceList\Net 04/08/2005 22:24:38 1 C:\DOCUME~1\JUANAN~1\CONFIG~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\960A0171450E9D116A740060B5DB0C5B\InstallProperties 04/08/2005 22:24:37 InstallSource C:\DOCUME~1\JUANAN~1\CONFIG~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{1710A069-E054-11D9-A647-00065BBDC0B5} 04/08/2005 22:24:37 InstallSource C:\DOCUME~1\JUANAN~1\CONFIG~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{5C289642-25FC-42DF-93AD-B33C3913B795}\1.0\HELPDIR 28/07/2005 23:32:21 C:\DOCUME~1\JUANAN~1\CONFIG~1\Temp\VBE
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{93735F04-DE9B-4B2F-8DFB-1B068A012F4E}\2.0\HELPDIR 28/07/2005 23:32:21 C:\DOCUME~1\JUANAN~1\CONFIG~1\Temp\VBE
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{93735F04-DE9B-4B2F-8DFB-1B068A012F4E}\2.0\0\win32 28/07/2005 23:32:21 C:\DOCUME~1\JUANAN~1\CONFIG~1\Temp\VBE\MSForms.exd
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{5C289642-25FC-42DF-93AD-B33C3913B795}\1.0\0\win32 28/07/2005 23:32:21 C:\DOCUME~1\JUANAN~1\CONFIG~1\Temp\VBE\RefEdit.exd
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{7AF8E2AE-DF0C-70E1-8612-D6CBE1DBC8CD}\InprocServer32 27/07/2005 17:01:47 C:\DOCUME~1\JUANAN~1\DATOSD~1\ANTEWA~1\messtwo.exe
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\960A0171450E9D116A740060B5DB0C5B\SourceList\Net 04/08/2005 22:24:38 3 C:\DOCUME~1\ROSANN~1\CONFIG~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\8A00EA796331F0144B76C1663221B76D\SourceList\Net 27/07/2005 23:54:56 1 C:\DOCUME~1\ROSANN~1\CONFIG~1\Temp\pft30.tmp\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A00EA796331F0144B76C1663221B76D\InstallProperties 27/07/2005 23:54:56 InstallSource C:\DOCUME~1\ROSANN~1\CONFIG~1\Temp\pft30.tmp\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6} 27/07/2005 23:55:10 InstallSource C:\DOCUME~1\ROSANN~1\CONFIG~1\Temp\pft30.tmp\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{97AE00A8-1336-410F-B467-1C6623127BD6} 27/07/2005 23:54:56 InstallSource C:\DOCUME~1\ROSANN~1\CONFIG~1\Temp\pft30.tmp\
HKEY_LOCAL_MACHINE Software\Avery Dennison\DesignPro 5.0 Limited Edition\Directories 27/07/2005 23:54:55 SampleClipartsPathFromSource C:\DOCUME~1\ROSANN~1\CONFIG~1\Temp\pft30.tmp\CommonAppData\Avery\DesignPro5\Graphics
HKEY_LOCAL_MACHINE Software\Avery Dennison\DesignPro 5.0 Limited Edition\Directories 27/07/2005 23:54:55 SampleDocumentsPathFromSource C:\DOCUME~1\ROSANN~1\CONFIG~1\Temp\pft30.tmp\CommonAppData\Avery\DesignPro5\Samples
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-343818398-1425521274-725345543-1003\Products\F17932AEEEC2CF846BD4F7476AFE090F\InstallProperties 30/07/2005 18:33:08 InstallSource C:\TempEI4\EI40_\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0} 30/07/2005 18:33:08 InstallSource C:\TempEI4\EI40_\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\App Paths\helptalk.exe 07/08/2005 21:45:10 C:\ViaVoice\BIN\helptalk.exe
HKEY_LOCAL_MACHINE Software\IBM\VoiceType\Dictation\Directories 07/08/2005 21:45:57 Macros C:\ViaVoice\Vocabs\Langs\%L\Macros
HKEY_LOCAL_MACHINE Software\IBM\VoiceType\Control\Directories 07/08/2005 21:45:57 Map C:\ViaVoice\Vocabs\Langs\%L\Map
HKEY_LOCAL_MACHINE Software\IBM\VoiceType\Engine\Directories 07/08/2005 21:45:57 DataPath C:\ViaVoice\Vocabs\Langs\%L\pools
HKEY_LOCAL_MACHINE Software\IBM\VoiceType\Install\Languages\ES_ES\UserWizard 07/08/2005 21:45:57 ReadmeTextPath C:\ViaVoice\vocabs\langs\Es_ES\s-c-r-i-p-ts\data\usrinfus.rtf
HKEY_LOCAL_MACHINE Software\IBM\VoiceType\UserWizard 07/08/2005 21:45:57 ReadmeTextPath C:\ViaVoice\vocabs\langs\Es_ES\s-c-r-i-p-ts\data\usrinfus.rtf
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Fonts 07/08/2005 21:36:55 dummy.lyt C:\WINDOWS\fonts\dummy.lyt
HKEY_LOCAL_MACHINE Software\Microsoft\Shared Tools\MSConfig\startupreg\bqqegwh 27/07/2005 17:01:54 command c:\windows\hdgxpnf.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Shared Tools\MSConfig\startupreg\jujynvd 27/07/2005 17:01:54 command c:\windows\hdgxpnf.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Shared Tools\MSConfig\startupreg\mbpijpu 27/07/2005 17:01:54 command c:\windows\hdgxpnf.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Shared Tools\MSConfig\startupreg\xjcnoht 27/07/2005 17:01:54 command c:\windows\hdgxpnf.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders 27/07/2005 17:01:54 Folder C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Setup 09/08/2005 12:59:05 ServicePackCachePath c:\windows\ServicePackFiles\ServicePackCache
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe 27/07/2005 17:01:54 C:\WINDOWS\System32\cmmgr32.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Shared Tools\MSConfig\startupreg\dmapa.exe 27/07/2005 17:01:54 command C:\WINDOWS\System32\dmapa.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\MPlayer2\Groups\Video\DVR-MS 28/07/2005 22:42:33 RequiredFile C:\WINDOWS\System32\enable.dvd
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD 10/08/2005 10:34:18 RequiredFile C:\WINDOWS\System32\enable.dvd
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\WMPlayer\Groups\Video\DVR-MS 10/08/2005 10:34:18 RequiredFile C:\WINDOWS\System32\enable.dvd
HKEY_LOCAL_MACHINE Software\Microsoft\Shared Tools\MSConfig\startupreg\hclean32.exe 27/07/2005 17:01:54 command C:\WINDOWS\System32\hclean32.exe
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{110FA82F-DB6C-3C24-8929-60961D10C56E}\1.0\0\win32 27/07/2005 17:01:53 C:\WINDOWS\System32\objsa.dll
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{CC2C83A6-9BE4-11D0-98E7-00C04FC2CAF5}\InprocServer32 27/07/2005 17:07:00 SystemDB C:\WINDOWS\System32\system.mdw
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Media Device Manager 28/07/2005 22:50:38 Log.Filename C:\WINDOWS\System32\Wmdm.log
HKEY_LOCAL_MACHINE Software\Microsoft\Shared Tools\MSConfig\startupreg\yaemu.exe 27/07/2005 17:01:54 command C:\WINDOWS\System32\yaemu.exe
HKEY_LOCAL_MACHINE Software\Microsoft\IMAPI\StashInfo 27/07/2005 17:01:54 StashPath C:\WINDOWS\Temp\StashIMAPI.bin
HKEY_LOCAL_MACHINE Software\Microsoft\Shared Tools\MSConfig\startupreg\npstfjt 27/07/2005 17:01:54 command c:\windows\ubbxvxw.exe
HKEY_USERS .DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP 27/07/2005 17:01:45 D:\PROGRA~1\DAP\dapextie2.htm
HKEY_USERS S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP 27/07/2005 17:01:45 D:\PROGRA~1\DAP\dapextie2.htm
| |
|
|
| tordanxa |  |
|
Re: Windows inicia como 1er vez siempre - 2005-08-10 21:34 - Respuesta 9
Por favor no abras posts sobre el mismo tema.
Quote:
Freeprod / como eliminarlo?
Cleoh
Mensajes: 21 - Estado: Conectado - Enviado el 10-08-2005 a las 21:28.
Me aparece un mensaje que es de Freeprod.com, que dice "your content is loading".
No logro eliminarlo, sacarlo nada,
aparece un iconito en la barra de abajo a la derecha, al lado de la hora.
Tengo entendido que es un troyano.
Alguien sabe como eliminarlo?
___________ | |
|
|
| tordanxa | |
|
Re: Windows inicia como 1er vez siempre - 2005-08-10 21:37 - Respuesta 10
Cuando limpias el registro con el easycleaner, todas las entradas que te muestra se pueden eliminar
Saludos | |
|
|
|
