Foros de Windows y Seguridad Informática: JS.Exception.Exploit written by shd

ah tons que hago o hago todo???

te lo hemos dicho : Ewido y scan on line, es muy difícil de entender
Salu2
Caito

en el ewido cuando estan en quarantine le doy restore o
remove finally?????'

Si le das a Restore te volverán los malwares que te quitó ese programa, dale a Remove...
Salu2
Caito

ese ewido ni me dio ningun log asi que vamos a seguir con 1 online...

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 03:12:17 p.m. 29/06/2006

+ Scan result:



C:\WINNT\iGator\Trickler3103_PIC_fs_DMPT.exe -> Adware.Gator : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Contact.Contacts -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-789336058-854245398-1004\Software\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-789336058-854245398-1004\Software\Hotbar\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-789336058-854245398-1004\Software\Hotbar\Hotbar\SF -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-789336058-854245398-1004\Software\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-789336058-854245398-1004\Software\ShopperReports\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-789336058-854245398-1004\Software\ShopperReports\ShopperReports\PostInstaller -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINNT\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Applications\STC.exe -> Adware.SecondThought : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Applications\STC.exe\shell -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-789336058-854245398-1004\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-789336058-854245398-1004\Software\WinSoftware\WinFixer 2005 -> Adware.WinFixer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1935655697-789336058-854245398-1004\Software\WinSoftware\WinFixer 2005\Settings -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\WINNT\system32\int_ver32b.oc$ -> Dialer.Creazione.x : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\WebRecomendada.dll -> Dialer.DialWeb : Cleaned with backup (quarantined).
C:\WINNT\system32\netslv32.dll -> Dialer.EGroup.a : Cleaned with backup (quarantined).
C:\WINNT\system32\sysnetsvc32.dll -> Dialer.EGroup.p : Cleaned with backup (quarantined).
C:\WINNT\system32\tksrv98.exe -> Downloader.Esepor.l : Cleaned with backup (quarantined).
C:\WINNT\system32\supd190204.exe -> Downloader.Esepor.x : Cleaned with backup (quarantined).
C:\WINNT\system32\YSBactivex.dl$ -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINNT\system32\mslagent.exe -> Downloader.Wintrim.bc : Cleaned with backup (quarantined).
C:\WINNT\system32\sysupd1003.exe -> Hijacker.Small.an : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWFX5YLP_0001_0816NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.
C:\WINNT\Downloaded Program Files\CONFLICT.2\UWFX5YLP_0001_0816NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.
C:\WINNT\Downloaded Program Files\UWFX5YLP_0001_0816NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Ignored.
C:\Documents and Settings\Stephanie\Cookies\stephanie@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINNT\system32\casino.exe -> Trojan.Dialer.ce : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\910277__.exe014 -> Trojan.Dialer.ko : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\910277__.exe273 -> Trojan.Dialer.ko : Cleaned with backup (quarantined).
C:\WINNT\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\system32\1024\ld39B7.tmp -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

This section of RAV AntiVirus website is closed.

Due to the acquisition of RAV's IPR (Intellectual Property Rights) by Microsoft Corp. in 2003, GeCAD Software SRL is currently scaling down and discontinuing its anti-virus related business.

More details



Please be informed that RAV AntiVirus online and direct sales ceased September 3rd, 2003.

y el house call como q la pag se quedo travada.......

Hola shd

Vale ahora pega un nuevo log del Hijackthis.

Un Saludo

Suave para termiar 1 scan online q stoy haciendo...

ah!!!!!...... ya no lo pud terminar, ya se me reinicio el internet x eso de eniar errores o no se q............

Ok no pasa nada pega el nuevo log
Un Saludo

Logfile of HijackThis v1.99.1
Scan saved at 04:06:09 p.m., on 29/06/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Archivos de programa\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\ARCHIV~1\Navnt\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\ARCHIV~1\Navnt\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
D:\oracle\ora92\bin\omtsreco.exe
D:\oracle\ora92\bin\agntsrvc.exe
D:\oracle\ora92\Apache\Apache\apache.exe
C:\WINNT\system32\cmd.exe
D:\oracle\ora92\bin\dbsnmp.exe
D:\oracle\ora92\BIN\TNSLSNR.exe
d:\oracle\ora92\bin\ORACLE.EXE
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
D:\oracle\ora92\Apache\Apache\apache.exe
D:\oracle\ora92\jdk\bin\java.exe
D:\oracle\ora92\jdk\bin\java.exe
d:\oracle\ora92\bin\isqlplus
C:\WINNT\Mixer.exe
C:\Archivos de programa\Navnt\vptray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINNT\kdx\KHost.exe
C:\ARCHIV~1\Navnt\vpexrt.exe
C:\Archivos de programa\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINNT\system32\HotfixQ0306270.exe
C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\system32\9e3f865.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINNT\system32\ctfmon.exe
c:\archiv~1\intern~1\iexplore.exe
c:\archiv~1\intern~1\iexplore.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\ARCHIV~1\RACLE~1\msconfig.exe
D:\Stephanie\Mis documentos\nadaka\?ecurity\w?crtupd.exe
C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE
C:\WINNT\msagent\AgentSvr.exe
D:\Stephanie\Mis documentos\Docs\ewido\ewido anti-spyware 4.0\ewido.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\unzipped\HJT\HJT\HijackThis[www.trucoswindows.net].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tohmpnlyn...fWCpwTopmSV.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.cr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINNT\compstuic.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - (no file)
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINNT\system32\hp101.tmp
O2 - BHO: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {CDEAF036-0A3C-8DF7-F889-835C47EC8622} - C:\DOCUME~1\STEPHA~1\DATOSD~1\GPLREA~1\IDOL COMP.exe (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Archivos de programa\Navnt\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Archivos de programa\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINNT\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [epwt] C:\WINNT\epwt.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [kG3vLfBTV] C:\WINNT\onbjjfj.exe
O4 - HKLM\..\Run: [obcn] C:\WINNT\obcn.exe
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es-la\msnappau.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Archivos de programa\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [kG3vùõš/‚²95ßPÏvbšC:\Archivos de programa\ISTsvc\istsvc.exe] C:\WINNT\onbjjfj.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Archivos de programa\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Stephanie\Mis documentos\Docs\MsgPlus.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SHIMHOLEDEFYDATA] C:\Documents and Settings\All Users\Datos de programa\MoveTestShimHole\burnbyte.exe
O4 - HKLM\..\Run: [9e3f865.exe] C:\WINNT\system32\9e3f865.exe
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Archivos de programa\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKLM\..\Run: [TrojanScanner] D:\Stephanie\Mis documentos\Docs\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [SmcService] C:\ARCHIV~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!ewido] "D:\Stephanie\Mis documentos\Docs\ewido\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1027.dll,InstantAccess
O4 - HKCU\..\Run: [Free Download Manager] D:\Stephanie\Mis documentos\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARCHIV~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Showadmin] C:\DOCUME~1\STEPHA~1\DATOSD~1\MOVEFU~1\Help new.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Stephanie\Mis documentos\Docs\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nsod] "C:\ARCHIV~1\RACLE~1\msconfig.exe" -vt yazr
O4 - HKCU\..\Run: [9e3f865.exe] C:\Documents and Settings\Stephanie\Configuración local\Datos de programa\9e3f865.exe
O4 - HKCU\..\Run: [Drssc] D:\Stephanie\Mis documentos\nadaka\?ecurity\w?crtupd.exe
O4 - HKCU\..\Run: [Ultimate Defender] "C:\Archivos de programa\Ultimate Defender\App.exe" hide
O4 - Startup: .protected
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Archivos de programa\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxdm119YYCR
O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Stephanie\Mis documentos\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://D:\Stephanie\Mis documentos\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Stephanie\Mis documentos\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Stephanie\Mis documentos\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Musica - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-libremp37\entrar.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .mw2: C:\Archivos de programa\Internet Explorer\PLUGINS\NPLCSI32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferi...1c3224a6_35.exe
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/d.../int_ver32b.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.1...Recomendada.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spam...ckerutility.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgCR2404.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downlo...netslv32_ES.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6803FAB1-7DCB-4F86-8167-955C62433568}: NameServer = 200.91.75.5,200.91.75.6
O20 - Winlogon Notify: cfgmngr32 - C:\WINNT\g7785715.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: winliw32 - C:\WINNT\SYSTEM32\winliw32.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINNT\system32\CTSVCCDA.EXE (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\ARCHIV~1\Navnt\defwatch.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Stephanie\Mis documentos\Docs\ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\ARCHIV~1\Navnt\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceBASES - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Archivos de programa\Sygate\SPF\smc.exe

y ahora ???

Me salio de la nada 1 carpet en el escritorio que se llama
%SystemDrive% la borro???