Foros de Windows y Seguridad Informática: JS.Exception.Exploit written by shd

ES UNA EMERGENCIA!!!!!!!!!!!!
EL VIRUS SE LLAMA
JS.Exception.Exploit
Y LO OCUPO QUITAR!!!!!!!!!!!

Hola raul678
Leete las normas del foro, y por favor no escribas en Mayusculas, parece que estes gritando.

Descarga el programa HijackThis 1.99.1 y colócalo en una carpeta propia para el HijackThis (por ejemplo una carpeta C:\HijackThis\). Ejecútalo y presiona el botón "Do a system scan and save a logfile"; el programa realizará el escaneo e inmediatamente generará el Log, sólo te pedira el nombre del archivo y su ubicación, puedes simplemente guardarlo así como está. Se abrirá el Bloc de Notas, copia todo el contenido y pégalo como respuesta a este tema.
Una vez descargado, da doble click en el icono del HijackThis.exe.
Primero da click en el botón "Config", y aparecerán 7 opciones . Fíjate que no estén tildadas la primera ( “Mark everything found for fixing alter scan”) y la última (“Run Hijack This scan at startup and show it ítems are fond”).Luego presiona "Back"
Para empezar el escaneo de posibles hijackers, clickea en el botón "Scan". Se te presentará una lista con todos los elementos encontrados por el programa .
Baja el HijackThis de aquí:
http://www.trucoswin....html#dldetails

Pega el log del HijackThis en este mismo post.

Un Saludo

Ah perdón pero sq se podía decir que estaba gritando xq hace como 3 dia le meti el trojan zlob y ahora est dberas que me van a matar...

Voy a ver si puedo
Gracias

me trato de meter a esa página p bajar eso y no puedo xq sale primero:


TRUCOSWIDOWS.NET
--------------------------------------------------------------------------------

Error 404 - Página no encontrada
Intentas acceder a una página que no se encuentra en nuestro servidor. Si has seguido un enlace interno de trucoswindows.net rogamos que te pongas en contacto vía mail con los webmasters mediante esta direccion de correo: webmaster@trucoswindows.net para poder solucionar el problema con la mayor rapidez posible. Para volver a la web haz clic en el enlace de abajo.

[ Ir a la página principal ]

Prueba ahora

http://www.trucoswin...ackthis-87.html

Un Saludo

No me pidio el nombre del archivo ni la ubicación pero bueno........

Logfile of HijackThis v1.99.1
Scan saved at 01:23:45 p.m., on 29/06/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Archivos de programa\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\ARCHIV~1\Navnt\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\ARCHIV~1\Navnt\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
D:\oracle\ora92\bin\omtsreco.exe
D:\oracle\ora92\bin\agntsrvc.exe
D:\oracle\ora92\Apache\Apache\apache.exe
C:\WINNT\system32\cmd.exe
D:\oracle\ora92\bin\dbsnmp.exe
D:\oracle\ora92\BIN\TNSLSNR.exe
d:\oracle\ora92\bin\ORACLE.EXE
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
D:\oracle\ora92\Apache\Apache\apache.exe
D:\oracle\ora92\jdk\bin\java.exe
D:\oracle\ora92\jdk\bin\java.exe
d:\oracle\ora92\bin\isqlplus
C:\WINNT\Mixer.exe
C:\Archivos de programa\Navnt\vptray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINNT\kdx\KHost.exe
C:\ARCHIV~1\Navnt\vpexrt.exe
C:\Archivos de programa\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINNT\system32\HotfixQ0306270.exe
C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\system32\9e3f865.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINNT\system32\ctfmon.exe
c:\archiv~1\intern~1\iexplore.exe
c:\archiv~1\intern~1\iexplore.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\ARCHIV~1\RACLE~1\msconfig.exe
D:\Stephanie\Mis documentos\nadaka\?ecurity\w?crtupd.exe
C:\WINNT\TEMP\win20B.tmp.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\unzipped\HJT\HJT\HijackThis[www.trucoswindows.net].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tohmpnlyn...fWCpwTopmSV.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.cr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINNT\compstuic.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - (no file)
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINNT\system32\hp101.tmp
O2 - BHO: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {CDEAF036-0A3C-8DF7-F889-835C47EC8622} - C:\DOCUME~1\STEPHA~1\DATOSD~1\GPLREA~1\IDOL COMP.exe (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Archivos de programa\Navnt\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Archivos de programa\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINNT\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Archivos de programa\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [epwt] C:\WINNT\epwt.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [kG3vLfBTV] C:\WINNT\onbjjfj.exe
O4 - HKLM\..\Run: [obcn] C:\WINNT\obcn.exe
O4 - HKLM\..\Run: [msnappau] "C:\Archivos de programa\MSN Apps\Updater\01.02.3000.1001\es-la\msnappau.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Archivos de programa\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [kG3vùõš/‚²95ßPÏvbšC:\Archivos de programa\ISTsvc\istsvc.exe] C:\WINNT\onbjjfj.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Archivos de programa\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Stephanie\Mis documentos\Docs\MsgPlus.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SHIMHOLEDEFYDATA] C:\Documents and Settings\All Users\Datos de programa\MoveTestShimHole\burnbyte.exe
O4 - HKLM\..\Run: [9e3f865.exe] C:\WINNT\system32\9e3f865.exe
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Archivos de programa\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKLM\..\Run: [TrojanScanner] D:\Stephanie\Mis documentos\Docs\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [SmcService] C:\ARCHIV~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1027.dll,InstantAccess
O4 - HKCU\..\Run: [Free Download Manager] D:\Stephanie\Mis documentos\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARCHIV~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Showadmin] C:\DOCUME~1\STEPHA~1\DATOSD~1\MOVEFU~1\Help new.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Stephanie\Mis documentos\Docs\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nsod] "C:\ARCHIV~1\RACLE~1\msconfig.exe" -vt yazr
O4 - HKCU\..\Run: [9e3f865.exe] C:\Documents and Settings\Stephanie\Configuración local\Datos de programa\9e3f865.exe
O4 - HKCU\..\Run: [Drssc] D:\Stephanie\Mis documentos\nadaka\?ecurity\w?crtupd.exe
O4 - HKCU\..\Run: [Ultimate Defender] "C:\Archivos de programa\Ultimate Defender\App.exe" hide
O4 - Startup: .protected
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Archivos de programa\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxdm119YYCR
O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Stephanie\Mis documentos\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://D:\Stephanie\Mis documentos\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Stephanie\Mis documentos\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Stephanie\Mis documentos\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Musica - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-libremp37\entrar.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .mw2: C:\Archivos de programa\Internet Explorer\PLUGINS\NPLCSI32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferi...1c3224a6_35.exe
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/d.../int_ver32b.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.1...Recomendada.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spam...ckerutility.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgCR2404.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downlo...netslv32_ES.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6803FAB1-7DCB-4F86-8167-955C62433568}: NameServer = 200.91.75.5,200.91.75.6
O20 - Winlogon Notify: cfgmngr32 - C:\WINNT\g7785715.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: winliw32 - C:\WINNT\SYSTEM32\winliw32.dll
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINNT\system32\CTSVCCDA.EXE (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\ARCHIV~1\Navnt\defwatch.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\ARCHIV~1\Navnt\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - D:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - D:\oracle\ora92\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome92PagingServer - Unknown owner - D:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - D:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - D:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - D:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceBASES - Oracle Corporation - d:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Archivos de programa\Sygate\SPF\smc.exe

y donde esta el cono del HijackThis.exe.?????

Marco todos los los que salen en la ventana de HijackThis y le doi
"fix checked"????

NO, NO,NO

Solo pega el log y espera.......No hagas nada de eso.

El hijackthis no necesita instalacion, dejalo en su carpeta.

ok tons spero.....

Haz esto:
Pasale el Ewido. (Actualizalo)
http://www.ewido.net/en/download/

Borrar todas las cookies y el registro con el CCleaner:
http://www.filehippo...nload_ccleaner/

Haz un par de Scan on line:
http://www.bitdefend...m/scan8/ie.html
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan8/
http://www.ravantivirus.com/scan/
http://www.windowsec...com/trojanscan/
Pega un nuevo log del Hijackthis, los Report de los Scan y Ewido.

Un Saludo

de aqui a q haga toodo eso.............

eso dic el d mi compu:

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


29-06-2006 02:26:32 p.m. - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 152
ThreadCreationTime : 29-06-2006 07:06:50 p.m.
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 176
ThreadCreationTime : 29-06-2006 07:06:59 p.m.
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 172
ThreadCreationTime : 29-06-2006 07:07:03 p.m.
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 224
ThreadCreationTime : 29-06-2006 07:07:05 p.m.
BasePriority : Normal
FileVersion : 5.00.2195.7035
ProductVersion : 5.00.2195.7035
ProductName : Sistema operativo Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Aplicación de servicios y controlador
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 236
ThreadCreationTime : 29-06-2006 07:07:05 p.m.
BasePriority : Normal
FileVersion : 5.00.2195.7011
ProductVersion : 5.00.2195.7011
ProductName : Sistema operativo Microsoft® Windows® 2000
CompanyName : Microsoft Corporation
FileDescription : DLL de servidor y ejecutable LSA (versión de exportación)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [smc.exe]
FilePath : C:\Archivos de programa\Sygate\SPF\
ProcessID : 372
ThreadCreationTime : 29-06-2006 07:07:08 p.m.
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 428
ThreadCreationTime : 29-06-2006 07:07:11 p.m.
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 452
ThreadCreationTime : 29-06-2006 07:07:11 p.m.
BasePriority : Normal
FileVersion : 5.00.2195.7059
ProductVersion : 5.00.2195.7059
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:9 [defwatch.exe]
FilePath : C:\ARCHIV~1\Navnt\
ProcessID : 500
ThreadCreationTime : 29-06-2006 07:07:12 p.m.
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:10 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 520
ThreadCreationTime : 29-06-2006 07:07:12 p.m.
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [mdm.exe]
FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\
ProcessID : 556
ThreadCreationTime : 29-06-2006 07:07:13 p.m.
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:12 [rtvscan.exe]
FilePath : C:\ARCHIV~1\Navnt\
ProcessID : 576
ThreadCreationTime : 29-06-2006 07:07:13 p.m.
BasePriority : Normal


#:13 [nvsvc32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 600
ThreadCreationTime : 29-06-2006 07:07:14 p.m.
BasePriority : Normal
FileVersion : 6.13.10.2942
ProductVersion : 6.13.10.2942
ProductName : NVIDIA Driver Helper Service, Version 29.42
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 29.42
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:14 [omtsreco.exe]
FilePath : D:\oracle\ora92\bin\
ProcessID : 620
ThreadCreationTime : 29-06-2006 07:07:14 p.m.
BasePriority : Normal
FileVersion : 9.2.0.1.0
ProductVersion : 9.2.0.1.0
ProductName : Oracle MTS Recovery Service
CompanyName : Oracle Corporation
FileDescription : Oracle MTS Recovery Service
InternalName : Oracle Services for MTS
LegalCopyright : Copyright © Oracle Corporation 1998, 2000. All rights reserved.
OriginalFilename : omtsreco.exe

#:15 [agntsrvc.exe]
FilePath : D:\oracle\ora92\bin\
ProcessID : 708
ThreadCreationTime : 29-06-2006 07:07:21 p.m.
BasePriority : Normal
FileVersion : 9.2.0.0.0
CompanyName : Oracle Corporation
FileDescription : Oracle Intelligent Agent Executable
OriginalFilename : agntsrvc.exe

#:16 [apache.exe]
FilePath : D:\oracle\ora92\Apache\Apache\
ProcessID : 728
ThreadCreationTime : 29-06-2006 07:07:23 p.m.
BasePriority : Normal


#:17 [cmd.exe]
FilePath : C:\WINNT\system32\
ProcessID : 736
ThreadCreationTime : 29-06-2006 07:07:23 p.m.
BasePriority : Normal
FileVersion : 5.00.2195.6995
ProductVersion : 5.00.2195.6995
ProductName : Sistema operativo Microsoft® Windows 2000®
CompanyName : Microsoft Corporation
FileDescription : Procesador de comandos de Windows NT
InternalName : cmd
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : Cmd.Exe

#:18 [dbsnmp.exe]
FilePath : D:\oracle\ora92\bin\
ProcessID : 748
ThreadCreationTime : 29-06-2006 07:07:24 p.m.
BasePriority : Normal
FileVersion : 9.2.0.0.0
CompanyName : Oracle Corporation
FileDescription : Oracle Intelligent Agent Executable
OriginalFilename : dbsnmp.exe

#:19 [tnslsnr.exe]
FilePath : D:\oracle\ora92\BIN\
ProcessID : 768
ThreadCreationTime : 29-06-2006 07:07:24 p.m.
BasePriority : Normal


#:20 [oracle.exe]
FilePath : d:\oracle\ora92\bin\
ProcessID : 820
ThreadCreationTime : 29-06-2006 07:07:26 p.m.
BasePriority : Normal
FileVersion : 9.2.0.1.0 Production
CompanyName : Oracle Corporation
FileDescription : Oracle RDBMS Kernel Executable
OriginalFilename : oracle.exe

#:21 [ioctlsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 836
ThreadCreationTime : 29-06-2006 07:07:29 p.m.
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IoctlSvc Application
CompanyName : Prolific Technology Inc.
FileDescription : PLFlash DeviceIoControl Service
InternalName : IoctlSvc
LegalCopyright : Copyright © 2003 Prolific Technology Inc.
OriginalFilename : IoctlSvc.exe

#:22 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 856
ThreadCreationTime : 29-06-2006 07:07:29 p.m.
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:23 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 884
ThreadCreationTime : 29-06-2006 07:07:33 p.m.
BasePriority : Normal
FileVersion : 4.71.2195.6972
ProductVersion : 4.71.2195.6972
ProductName : Programador de tareas de Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Motor de Programador de tareas
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:24 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 944
ThreadCreationTime : 29-06-2006 07:07:37 p.m.
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Sistema operativo Microsoft® Windows ® 2000
CompanyName : Microsoft Corporation
FileDescription : Monitor de dispositivos de imagen estática
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:25 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 968
ThreadCreationTime : 29-06-2006 07:07:42 p.m.
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Instrumental de administración de Windows
CompanyName : Microsoft Corporation
FileDescription : Instrumental de administración de Windows
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:26 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 984
ThreadCreationTime : 29-06-2006 07:07:42 p.m.
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:27 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1012
ThreadCreationTime : 29-06-2006 07:07:42 p.m.
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:28 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1188
ThreadCreationTime : 29-06-2006 07:07:46 p.m.
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:29 [apache.exe]
FilePath : D:\oracle\ora92\Apache\Apache\
ProcessID : 1216
ThreadCreationTime : 29-06-2006 07:07:50 p.m.
BasePriority : Normal


#:30 [java.exe]
FilePath : D:\oracle\ora92\jdk\bin\
ProcessID : 1200
ThreadCreationTime : 29-06-2006 07:07:53 p.m.
BasePriority : Normal


#:31 [java.exe]
FilePath : D:\oracle\ora92\jdk\bin\
ProcessID : 656
ThreadCreationTime : 29-06-2006 07:07:53 p.m.
BasePriority : Normal


#:32 [isqlplus]
FilePath : d:\oracle\ora92\bin\
ProcessID : 1456
ThreadCreationTime : 29-06-2006 07:07:53 p.m.
BasePriority : Normal


#:33 [mixer.exe]
FilePath : C:\WINNT\
ProcessID : 1960
ThreadCreationTime : 29-06-2006 07:09:32 p.m.
BasePriority : Normal
FileVersion : 1.58
ProductVersion : 1.58
ProductName : Mixer
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
LegalCopyright : Copyright © 1997-2002
LegalTrademarks : NONE
OriginalFilename : Mixer.EXE
Comments : Feng Min-Chih (min_chih@cmedia.com.tw)

#:34 [vptray.exe]
FilePath : C:\Archivos de programa\Navnt\
ProcessID : 1844
ThreadCreationTime : 29-06-2006 07:09:36 p.m.
BasePriority : Normal


#:35 [hpztsb04.exe]
FilePath : C:\WINNT\system32\spool\drivers\w32x86\3\
ProcessID : 1996
ThreadCreationTime : 29-06-2006 07:09:41 p.m.
BasePriority : Normal
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001

#:36 [jusched.exe]
FilePath : C:\Archivos de programa\Java\j2re1.4.2_03\bin\
ProcessID : 2008
ThreadCreationTime : 29-06-2006 07:09:44 p.m.
BasePriority : Normal


#:37 [khost.exe]
FilePath : C:\WINNT\kdx\
ProcessID : 2080
ThreadCreationTime : 29-06-2006 07:09:51 p.m.
BasePriority : Normal
FileVersion : 2.20.40120.0
ProductVersion : 2.20.40120.0
ProductName : Secure Delivery Plug-In
CompanyName : Kontiki Inc.
FileDescription : Secure Delivery Plug-In
InternalName : khost.exe
LegalCopyright : Copyright 2001-03 Kontiki, Inc.
OriginalFilename : khost.exe
Comments : Secure Delivery Plug-In

#:38 [vpexrt.exe]
FilePath : C:\ARCHIV~1\Navnt\
ProcessID : 1804
ThreadCreationTime : 29-06-2006 07:09:53 p.m.
BasePriority : Normal


#:39 [plbkmon.exe]
FilePath : C:\Archivos de programa\Prolific\USB Flash Disk Utility\
ProcessID : 2124
ThreadCreationTime : 29-06-2006 07:09:53 p.m.
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : PLFlash
CompanyName : Prolific Technology Inc.
FileDescription : USB Flash Disk Log On Application
InternalName : PLBkMon
LegalCopyright : Copyright © 2004 Prolifc Technology Inc.
OriginalFilename : PLBkMon.exe

#:40 [hotfixq0306270.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1708
ThreadCreationTime : 29-06-2006 07:09:55 p.m.
BasePriority : Normal
FileVersion : 3, 0, 0, 3
ProductVersion : 3, 0, 0, 1
ProductName : USB Flash Disk
CompanyName : Prolific Technology Inc.
FileDescription : HotFix Q0306270
InternalName : HotFix0306270
LegalCopyright : Copyright c 2003 Prolific Technology Inc.
OriginalFilename : DevReboot.exe

#:41 [shwicon2k.exe]
FilePath : C:\Archivos de programa\Multimedia Card Reader\
ProcessID : 348
ThreadCreationTime : 29-06-2006 07:09:57 p.m.
BasePriority : Idle
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Alcor Micro Sunkist
CompanyName : Alcor Micro, Corp.
FileDescription : Sunkist
InternalName : Sunkist
LegalCopyright : Copyright c 2002
OriginalFilename : Sunkist.exe

#:42 [pdvdserv.exe]
FilePath : C:\Archivos de programa\CyberLink\PowerDVD\
ProcessID : 1928
ThreadCreationTime : 29-06-2006 07:10:01 p.m.
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:43 [9e3f865.exe]
FilePath : C:\WINNT\system32\
ProcessID : 2188
ThreadCreationTime : 29-06-2006 07:10:07 p.m.
BasePriority : Normal


#:44 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ProcessID : 2000
ThreadCreationTime : 29-06-2006 07:10:18 p.m.
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : IEXPLORE.EXE

#:45 [ctfmon.exe]
FilePath : C:\WINNT\system32\
ProcessID : 2244
ThreadCreationTime : 29-06-2006 07:10:28 p.m.
BasePriority : Normal
FileVersion : 1.00.2409.7 built by: Lab06_N
ProductVersion : 1.00.2409.7
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Cicero Loader
InternalName : CICLOAD
LegalCopyright : Copyright © Microsoft Corporation. 1981-2001
OriginalFilename : CICLOAD.EXE

#:46 [iexplore.exe]
FilePath : c:\archiv~1\intern~1\
ProcessID : 2192
ThreadCreationTime : 29-06-2006 07:10:41 p.m.
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : IEXPLORE.EXE

#:47 [iexplore.exe]
FilePath : c:\archiv~1\intern~1\
ProcessID : 2316
ThreadCreationTime : 29-06-2006 07:10:41 p.m.
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : IEXPLORE.EXE

#:48 [msnmsgr.exe]
FilePath : C:\Archivos de programa\MSN Messenger\
ProcessID : 2092
ThreadCreationTime : 29-06-2006 07:10:47 p.m.
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:49 [msconfig.exe]
FilePath : C:\ARCHIV~1\RACLE~1\
ProcessID : 2020
ThreadCreationTime : 29-06-2006 07:10:50 p.m.
BasePriority : Normal


#:50 [w?crtupd.exe]
FilePath : D:\Stephanie\Mis documentos\nadaka\?ecurity\
ProcessID : 2344
ThreadCreationTime : 29-06-2006 07:10:59 p.m.
BasePriority : Normal


#:51 [iexplore.exe]
FilePath : C:\Archivos de programa\Internet Explorer\
ProcessID : 2592
ThreadCreationTime : 29-06-2006 07:42:11 p.m.
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Reservados todos los derechos.
OriginalFilename : IEXPLORE.EXE

#:52 [winword.exe]
FilePath : C:\Archivos de programa\Microsoft Office\Office10\
ProcessID : 3828
ThreadCreationTime : 29-06-2006 07:59:21 p.m.
BasePriority : Normal


#:53 [agentsvr.exe]
FilePath : C:\WINNT\msagent\
ProcessID : 3748
ThreadCreationTime : 29-06-2006 08:03:33 p.m.
BasePriority : Normal
FileVersion : 2.00.0.3422
ProductVersion : 2.00.0.3422
ProductName : Microsoft Agent Server
CompanyName : Microsoft Corporation
FileDescription : Microsoft Agent Server
InternalName : AgentServer
LegalCopyright : Copyright © Microsoft Corp. 1997-98
OriginalFilename : AgentSvr.exe

#:54 [ewido.exe]
FilePath : D:\Stephanie\Mis documentos\Docs\ewido\ewido anti-spyware 4.0\
ProcessID : 1152
ThreadCreationTime : 29-06-2006 08:14:55 p.m.
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware
InternalName : ewido anti-spyware
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : ewido.exe

#:55 [ad-aware.exe]
FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3664
ThreadCreationTime : 29-06-2006 08:26:18 p.m.
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : stephanie@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:stephanie@atdmt.com/
Expires : 27-06-2011 06:00:00 p.m.
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\DOCUME~0\STEPHA~1\CONFIG~0\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-854245398-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-854245398-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1935655697-789336058-854245398-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

02:31:58 p.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:25.769
Objects scanned:53094
Objects identified:1
Objects ignored:0
New critical objects:1

Tu log está muy sucio, tienes de todo, si no haces un scan on line y ejecutas el Ewido (actualizado) será imposible ayudarte.
Salu2
Caito
Pd:
Antivirus on line :
http://www.pandasoft...n_principal.htm
http://www.kaspersky...oduct=161744315

ah decidanc que hago o hago todo???