Tras leer detenidamente los consejos importantes a tener en cuenta, y tras varias pasadas de hjt, spyboot y ad-aware se, y tras reiniciar el s.o. a modo prueba de fallos y fixar las entradas desaconsejables, he conseguido que desapareciese la página de inicio de un "buscador" de windows el cual cada vez que iniciaba salía un tipo distinto de pastilla. Ahora me persiste el problema siguiente: cuando uso la busqueda de google, aparece paralelamente el buscador searching the search engine que no sé como deshabilitarlo, por otro lado en favoritos aparecen entre otros una carpeta Site about llena de enlaces y más enlaces "search the web" y dos más dirigidos al mundo porno. Adjunto el último log de hijachthis para que lo analicéis.
También adjunto un par de avisos que nunca he visto y no sé si son verdaderos o no,pues nunca me habían aparecido y como piden aceptar para comenzar, pues no me atrevo. PERDON PERO NO TENGO PERMISO PARA ENVIAR ADJUNTOS.
También he de indicar que recibo muchos pop-up de productos anti spyware y el bloqueador de google no los frena.
AHÍ VA EL LOG.
Muchas gracias de antemano.

Logfile of HijackThis v1.99.1
Scan saved at 15:59:27, on 22/02/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Class - {632429FC-7132-FBF7-255C-EAC2A7424B37} - C:\WINDOWS\IPXL32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [POINTER] C:\ARCHIV~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Acecad.Wtxpload] c:\windows\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] c:\windows\SYSTEM\ZPOINT32.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\ARCHIV~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\ARCHIVOS DE PROGRAMA\TONIARTS\EASYCLEANER\EASYCLEA.EXE" -s -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TLogonPath] "c:\program files\timbuktu pro\tb2logon.exe"
O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
O4 - HKLM\..\RunServices: [3Com DMI Agent] C:\WINDOWS\SYSTEM\3com_dmi\3CDMINIC.EXE
O4 - HKLM\..\RunServices: [DMILDR] C:\DMI\bin\dmildr.exe
O4 - HKLM\..\RunServices: [Win32SL] C:\DMI\BIN\Win32sl.EXE -i -p -r
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Archivos de programa\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [NTVP32.EXE] C:\WINDOWS\NTVP32.EXE
O4 - HKLM\..\RunServices: [NTMG.EXE] C:\WINDOWS\SYSTEM\NTMG.EXE
O4 - HKLM\..\RunServices: [SYSMA.EXE] C:\WINDOWS\SYSMA.EXE
O4 - HKLM\..\RunServices: [JAVAEB32.EXE] C:\WINDOWS\SYSTEM\JAVAEB32.EXE
O4 - HKLM\..\RunServices: [MSTZ.EXE] C:\WINDOWS\SYSTEM\MSTZ.EXE
O4 - HKLM\..\RunServices: [APPKF.EXE] C:\WINDOWS\APPKF.EXE
O4 - HKLM\..\RunServices: [ATLIW32.EXE] C:\WINDOWS\ATLIW32.EXE
O4 - HKLM\..\RunServices: [SDKAX.EXE] C:\WINDOWS\SDKAX.EXE
O4 - HKLM\..\RunServices: [NTOJ32.EXE] C:\WINDOWS\SYSTEM\NTOJ32.EXE
O4 - HKLM\..\RunServices: [IPDE32.EXE] C:\WINDOWS\SYSTEM\IPDE32.EXE
O4 - HKLM\..\RunServices: [IECV.EXE] C:\WINDOWS\SYSTEM\IECV.EXE
O4 - HKLM\..\RunServices: [APPDE32.EXE] C:\WINDOWS\APPDE32.EXE
O4 - HKLM\..\RunServices: [MFCXY32.EXE] C:\WINDOWS\MFCXY32.EXE
O4 - HKLM\..\RunOnce: [cetec] regedit.exe /s c:\windows\TEMP\cetec.reg
O4 - HKCU\..\Run: [Software Web Segura FNMT-RCM Recovery] C:\Archivos de programa\Entrust\Direct\etdirrcv.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Adaware Bootup] C:\ARCHIVOS DE PROGRAMA\LAVASOFT AD-AWARE\AD-AWARE.EXE /Auto /Log "C:\ARCHIVOS DE PROGRAMA\LAVASOFT AD-AWARE\"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Outlook Express.lnk = C:\Archivos de programa\Outlook Express\msimn.exe
O4 - Startup: Lotus Organizer 5.01.lnk = C:\lotus\organize\org5.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Archivos de programa\Eyetide Media\Eyetide Viewer\EyetideController.exe
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Control HouseCall) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = IAM.NET.MA
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.217.0.1,212.217.0.12

MUCHAS GRACIAS POR SUS CONSEJOS

Bienvenido al Foro de Spyware, segui los siguientes pasos.

1- Con todos los programas cerrados ejecuta el HijackThis y dale a estas entradas:

O2 - BHO: Class - {632429FC-7132-FBF7-255C-EAC2A7424B37} - C:\WINDOWS\IPXL32.DLL

O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe

O4 - HKLM\..\RunServices: [NTVP32.EXE] C:\WINDOWS\NTVP32.EXE

O4 - HKLM\..\RunServices: [NTMG.EXE] C:\WINDOWS\SYSTEM\NTMG.EXE

O4 - HKLM\..\RunServices: [SYSMA.EXE] C:\WINDOWS\SYSMA.EXE

O4 - HKLM\..\RunServices: [JAVAEB32.EXE] C:\WINDOWS\SYSTEM\JAVAEB32.EXE

O4 - HKLM\..\RunServices: [MSTZ.EXE] C:\WINDOWS\SYSTEM\MSTZ.EXE

O4 - HKLM\..\RunServices: [APPKF.EXE] C:\WINDOWS\APPKF.EXE

O4 - HKLM\..\RunServices: [ATLIW32.EXE] C:\WINDOWS\ATLIW32.EXE

O4 - HKLM\..\RunServices: [SDKAX.EXE] C:\WINDOWS\SDKAX.EXE

O4 - HKLM\..\RunServices: [NTOJ32.EXE] C:\WINDOWS\SYSTEM\NTOJ32.EXE

O4 - HKLM\..\RunServices: [IPDE32.EXE] C:\WINDOWS\SYSTEM\IPDE32.EXE

O4 - HKLM\..\RunServices: [IECV.EXE] C:\WINDOWS\SYSTEM\IECV.EXE

O4 - HKLM\..\RunServices: [APPDE32.EXE] C:\WINDOWS\APPDE32.EXE

O4 - HKLM\..\RunServices: [MFCXY32.EXE] C:\WINDOWS\MFCXY32.EXE

O4 - HKLM\..\RunOnce: [cetec] regedit.exe /s c:\windows\TEMP\cetec.reg

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Control HouseCall) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab



2- Usa el Disk Cleaner para limpiar cookies y temporales

3- Pásale Ad-Aware SE actualizado.

4- Reinicia y después nos contas los resultados.

Salu2

Gracias por la pronta respuesta. Detallo los pasos seguidos:
En modo a prueba de fallos, Hijackthis, y fix en las lineas indicadas.
Después Diskcleaner. Después AD-Aware y reiniciado.
Resultado: A continuación el log del Ad-aware que se queda colgado en "deleting", y creo que no logra eliminar los elementos malignos encontrados. Después pasé el Spy bot y también muestro el log. Creo que también pasa lo mismo pues el CWT ya lo he borrado unas cuantas veces y persiste.
También muestro el log de hjt tras hacer todos estos procesos.
Disculpa la extensión del mensaje. Gracias anticipadas.
Síntomas que persisten: Funcionamiento lento. El navegador IE inicia normalmente, cuando lanzo busqueda en google persiste la búsqueda en el Search engine que proviene de http://www.searchxp.com/ - creo.
Siempre está activo en las tareas Skdhr.. sabeis si afecta negativamente?
Gracias de nuevo Piedra.


AQUI EL LOG DE LAVASOFT

Ad-Aware SE Build 1.05
Logfile Created on:miércoles, 23 de febrero de 2005 10:32:07
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):25 total references
MRU List(TAC index:0):6 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Win32.TrojanDownloader.Agent.al(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R28 16.02.2005
Internal build : 33
File location : C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE SE
PERSONAL\defs.ref
File size : 411893 Bytes
Total size : 1300934 Bytes
Signature data size : 1271214 Bytes
Reference data size : 29208 Bytes
Signatures total : 36156
Fingerprints total : 620
Fingerprints size : 23479 Bytes
Target categories : 15
Target families : 632


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:6 %
Total physical memory:127136 kb
Available physical memory:308 kb
Total page file size:1970012 kb
Available on page file:1815928 kb
Total virtual memory:2093056 kb
Available virtual memory:2044032 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


23-02-05 10:32:07 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion \explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\8.0\excel\recen t file list
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplicatio n
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion \explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293864371
Threads : 8
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Componente del núcleo del kernel Win32
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294929291
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Servidor de mensajes VxD de 32 bits de Windows
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294920307
Threads : 3
Priority : Realtime
FileVersion : 4.06.03.0518
ProductVersion : 4.06.03.0518
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294950131
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:5 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294948651
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:6 [TB2LOGON.EXE]
FilePath : C:\PROGRAM FILES\TIMBUKTU PRO\
ProcessID : 4294951807
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : TB2Logon Application
FileDescription : TB2Logon MFC Application
InternalName : TB2Logon
LegalCopyright : Copyright (C) 1999
OriginalFilename : TB2Logon.EXE

#:7 [PSSVC.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4292881351
Threads : 2
Priority : Normal
FileVersion : 2.0
ProductName : Dell AutoShutdown/ThermalShutdown Service
CompanyName : Dell Computer Corporation
FileDescription : AutoShutdown/ThermalShutdown Service for Windows NT and Windows 95/98
InternalName : PSSVC
LegalCopyright : Copyright © 1996, 1999 Dell Computer Corporation
OriginalFilename : PSSVC.EXE

#:8 [3CDMINIC.EXE]
FilePath : C:\WINDOWS\SYSTEM\3COM_DMI\
ProcessID : 4292879167
Threads : 3
Priority : Normal
FileVersion : 3, 2, 0, 0
ProductVersion : 3, 2, 0, 0
ProductName : 3Com DMI Agent
CompanyName : 3Com Corporation
FileDescription : 3Com DMI Agent
InternalName : 3CDMINIC.EXE
LegalCopyright : Copyright ©3Com Corporation 1999
OriginalFilename : 3CDMINIC.EXE
Comments : 3Com DMI Agent for network interface adapters

#:9 [WIN32SL.EXE]
FilePath : C:\DMI\BIN\
ProcessID : 4292873255
Threads : 12
Priority : Normal
FileVersion : 2, 0, 0, 62
ProductVersion : 2, 0, 0, 62
ProductName : DMI 2.0s SDK
CompanyName : Intel
FileDescription : WIN32SL
InternalName : WIN32SL
LegalCopyright : Copyright © 1997-1998 Intel Corporation
OriginalFilename : WIN32SL.exe

#:10 [AVSYNMGR.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\
ProcessID : 4292902543
Threads : 4
Priority : Normal


#:11 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292887771
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:12 [NETLW32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294951255
Threads : 1
Priority : Normal


Win32.TrojanDownloader.Agent.al Object Recognized!
Type : Process
Data : NETLW32.EXE
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\


Warning! Win32.TrojanDownloader.Agent.al Object found in memory(C:\WINDOWS\NETLW32.EXE)

"C:\WINDOWS\NETLW32.EXE"Process terminated successfully

#:13 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292930211
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:14 [APPED.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4292953563
Threads : 1
Priority : Normal


Win32.TrojanDownloader.Agent.al Object Recognized!
Type : Process
Data : APPED.EXE
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\


Warning! Win32.TrojanDownloader.Agent.al Object found in memory(C:\WINDOWS\APPED.EXE)

"C:\WINDOWS\APPED.EXE"Process terminated successfully

#:15 [APIHP32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292982851
Threads : 1
Priority : Normal


Win32.TrojanDownloader.Agent.al Object Recognized!
Type : Process
Data : APIHP32.EXE
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\SYSTEM\


Warning! Win32.TrojanDownloader.Agent.al Object found in memory(C:\WINDOWS\SYSTEM\APIHP32.EXE)

"C:\WINDOWS\SYSTEM\APIHP32.EXE"Process terminated successfully

#:16 [WTXPLOAD.EXE]
FilePath : C:\WINDOWS\ACECAD\
ProcessID : 4292974127
Threads : 1
Priority : Normal
FileVersion : 1.02
ProductVersion : 1.02
ProductName : Pointing Device Drivers
CompanyName : LCS/Telegraphics
FileDescription : Wintab Control Panel
InternalName : WTXPLOAD
LegalCopyright : Copyright (C) LCS/Telegraphics 1999
OriginalFilename : WTXPLOAD.EXE

#:17 [XPOINT32.EXE]
FilePath : C:\WINDOWS\ACECAD\
ProcessID : 4293074087
Threads : 1
Priority : Normal
FileVersion : 1.00.01.012
ProductVersion : 1.00
ProductName : Pointing Device Drivers
CompanyName : LCS/Telegraphics
FileDescription : XPoint32 COM Object Local Server
InternalName : XPoint32
LegalCopyright : Copyright (C) LCS/Telegraphics. 1996-2002
OriginalFilename : XPoint32.exe

#:18 [RPCSS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293012343
Threads : 8
Priority : Normal
FileVersion : 4.71.2900
ProductVersion : 4.71.2900
ProductName : Microsoft(R) Windows NT(TM) Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe

#:19 [VSSTAT.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\
ProcessID : 4292991807
Threads : 2
Priority : Normal


#:20 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4293096823
Threads : 13
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Sistema operativo Microsoft(R) Windows NT(R)
CompanyName : Microsoft Corporation
FileDescription : Explorador de Windows
InternalName : explorer
LegalCopyright : (C) Microsoft Corporation 1981-1997
OriginalFilename : EXPLORER.EXE

#:21 [VSHWIN32.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\
ProcessID : 4293111615
Threads : 6
Priority : Normal


#:22 [AVCONSOL.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\
ProcessID : 4293100455
Threads : 2
Priority : Normal


#:23 [GGVIEWER67-78.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\GOOGLE\
ProcessID : 4293058787
Threads : 7
Priority : Normal
FileVersion : 0, 5, 67, 0
ProductVersion : 0, 5, 67, 0
ProductName : Google Deskbar
CompanyName : Google
FileDescription : Google Deskbar
LegalCopyright : Copyright 2003 Google

#:24 [WEBSCANX.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\
ProcessID : 4293152711
Threads : 3
Priority : Normal


#:25 [DELLDMI.EXE]
FilePath : C:\DMI\BIN\
ProcessID : 4293212199
Threads : 4
Priority : Normal


#:26 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293204715
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Subprograma Bandeja de sistema
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:27 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293234935
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Sistema operativo Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Monitor de dispositivos de imagen estática
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:28 [MSWHEEL.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293263079
Threads : 1
Priority : Normal


#:29 [ZPOINT32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293255463
Threads : 1
Priority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : ACE CAD USB Tablet Control Panel
CompanyName : ACE CAD Enterprise Co., Ltd.
FileDescription : This file is used as a control panel extension support.
InternalName : WTFUNC.EXE
LegalCopyright : Copyright © 2002 ACE CAD Enterprise Co., Ltd.
OriginalFilename : WTFUNC.EXE
Comments : This file is used as a control panel extension support.

#:30 [MONITOR.EXE]
FilePath : C:\DMI\BIN\
ProcessID : 4293248907
Threads : 3
Priority : Normal


#:31 [NIC.EXE]
FilePath : C:\DMI\BIN\
ProcessID : 4293256251
Threads : 3
Priority : Normal


#:32 [IKEYMAIN.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\A4TECH\KEYBOARD\
ProcessID : 4293270479
Threads : 1
Priority : Normal
FileVersion : 6.12.00.00
ProductVersion : 6.12.00.00
ProductName : A4Tech iKeyWorks Software
CompanyName : A4Tech Co.,Ltd.
FileDescription : IKeymain.exe
InternalName : Ikeymain.exe
LegalCopyright : Copyright © A4Tech Co.,Ltd. 2000-2001
LegalTrademarks : A4Tech is a registered trademark of A4Tech Co.,Ltd.
OriginalFilename : Ikeymain.exe
Comments : A4Tech iKeyWorks Software

#:33 [COO.EXE]
FilePath : C:\DMI\BIN\
ProcessID : 4293261155
Threads : 3
Priority : Normal


#:34 [DNAR.EXE]
FilePath : C:\DMI\BIN\
ProcessID : 4293294551
Threads : 1
Priority : Normal
FileVersion : 5, 0, 0, 7
ProductVersion : 5, 0, 0, 0
ProductName : Dell OpenManage Client Instrumentation
CompanyName : Dell Computer Corporation
FileDescription : Dell OMC DNAR
InternalName : DNAR
LegalCopyright : Copyright © 1999
OriginalFilename : DNAR.exe
Comments : Sockets Connection to Dell IT Assistant

#:35 [NODEMNGR.EXE]
FilePath : C:\DMI\BIN\
ProcessID : 4293139651
Threads : 3
Priority : Normal
FileVersion : 5, 0, 0, 6
ProductVersion : 5, 0, 0, 0
ProductName : Dell OpenManage Client Instrumentation
CompanyName : Dell Computer Corporation
FileDescription : Dell OMC Node Manager
InternalName : NodeMngr
LegalCopyright : Copyright © 1999
OriginalFilename : NodeMngr.exe
Comments : MIF Export Agent

#:36 [EASYCLEA.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\TONIARTS\EASYCLEANER\
ProcessID : 4293312031
Threads : 1
Priority : Normal
FileVersion : 2.0.5.324
ProductVersion : 2.0.5
ProductName : EasyCleaner
CompanyName : ToniArts
FileDescription : EasyCleaner executable
InternalName : EasyCleaner
LegalCopyright : Totally freeware!
LegalTrademarks : Trademark of ToniArts
OriginalFilename : EasyClea.exe
Comments : Visit http://www.toniarts.com

#:37 [SDKHR.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4293322995
Threads : 3
Priority : Normal


#:38 [MSNMSGR.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\
ProcessID : 4293332915
Threads : 14
Priority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:39 [APPED.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4293342819
Threads : 1
Priority : Normal


Win32.TrojanDownloader.Agent.al Object Recognized!
Type : Process
Data : APPED.EXE
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\


Warning! Win32.TrojanDownloader.Agent.al Object found in memory(C:\WINDOWS\APPED.EXE)

"C:\WINDOWS\APPED.EXE"Process terminated successfully

#:40 [NETLW32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4293240439
Threads : 1
Priority : Normal


#:41 [AD-AWARE.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4293468719
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:42 [EYETIDECONTROLLER.EXE]
FilePath : C:\ARCHIVOS DE PROGRAMA\EYETIDE MEDIA\EYETIDE VIEWER\
ProcessID : 4293770951
Threads : 2
Priority : Normal
FileVersion : 1.0
ProductVersion : 1.0
ProductName : EyetideController Module
FileDescription : EyetideController Module
InternalName : EyetideController
LegalCopyright : Copyright 2000
OriginalFilename : EyetideController.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 10


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : vigls.txt
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\



CoolWebSearch Object Recognized!
Type : File
Data : fifqr.txt
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\



CoolWebSearch Object Recognized!
Type : File
Data : kabjf.txt
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\



CoolWebSearch Object Recognized!
Type : File
Data : emkyc.txt
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\



CoolWebSearch Object Recognized!
Type : File
Data : vxzlu.dat
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\



CoolWebSearch Object Recognized!
Type : File
Data : elwize.txt
Category : Malware
Comment :
Object : c:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : ypgng.txt
Category : Malware
Comment :
Object : c:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : wnnzlw.txt
Category : Malware
Comment :
Object : c:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : descpd.txt
Category : Malware
Comment :
Object : c:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : xxuei.txt
Category : Malware
Comment :
Object : c:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : geuhfo.dat
Category : Malware
Comment :
Object : c:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : nfrjvr.txt
Category : Malware
Comment :
Object : c:\WINDOWS\



Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : C:\WINDOWS\Favoritos\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered: http://www.onlysex.ws/
Object : C:\WINDOWS\Favoritos\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free porn.url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\WINDOWS\Favoritos\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstal l\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 38

10:51:58 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:51.270
Objects scanned:72079
Objects identified:32
Objects ignored:0
New critical objects:32



AQUI EL LOG DE SPY BOOT

Startpage-EH: Marcador (Internet Explorer: .DEFAULT) (Libreta de direcciones, fixed)


Startpage-EH: Marcador (Internet Explorer: Emilio) (Libreta de direcciones, fixed)


CoolWWWSearch.Aff.Winshow: Favorito maligno (Archivo, fixed)
C:\WINDOWS\Favoritos\Search the web.url


--- Spybot - Search && Destroy version: 1.3 ---
2004-11-29 Includes\Cookies.sbi
2005-02-16 Includes\Dialer.sbi
2005-02-16 Includes\Hijackers.sbi
2005-01-11 Includes\Keyloggers.sbi
2005-02-16 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-02-16 Includes\Spybots.sbi
2005-02-16 Includes\Trojans.sbi
2004-05-12 Includes\LSP.sbi
2005-02-16 Includes\Tracks.uti

perdón pero no cabía todo en el mísmo mensaje. gracias.



AQUI EL LOG DE HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 14:25:53, on 23/02/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PSSVC.EXE
C:\DMI\BIN\WIN32SL.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\APIHP32.EXE
C:\WINDOWS\NETLW32.EXE
C:\WINDOWS\APPED.EXE
C:\WINDOWS\SYSTEM\CRJL.EXE
C:\WINDOWS\SYSTEM\SYSRA32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\DMI\BIN\DELLDMI.EXE
C:\DMI\BIN\MONITOR.EXE
C:\DMI\BIN\NIC.EXE
C:\DMI\BIN\COO.EXE
C:\DMI\BIN\DNAR.EXE
C:\DMI\BIN\NODEMNGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {124F455F-3EBC-8849-B9B6-62927941EC45} - C:\WINDOWS\SYSTEM\MSFB32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] C:\ARCHIV~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Acecad.Wtxpload] c:\windows\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] c:\windows\SYSTEM\ZPOINT32.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\ARCHIV~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\ARCHIVOS DE PROGRAMA\TONIARTS\EASYCLEANER\EASYCLEA.EXE" -s -startup
O4 - HKLM\..\Run: [SDKHR.EXE] C:\WINDOWS\SDKHR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TLogonPath] "c:\program files\timbuktu pro\tb2logon.exe"
O4 - HKLM\..\RunServices: [AutoShutdown] C:\WINDOWS\pssvc.exe
O4 - HKLM\..\RunServices: [3Com DMI Agent] C:\WINDOWS\SYSTEM\3com_dmi\3CDMINIC.EXE
O4 - HKLM\..\RunServices: [DMILDR] C:\DMI\bin\dmildr.exe
O4 - HKLM\..\RunServices: [Win32SL] C:\DMI\BIN\Win32sl.EXE -i -p -r
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Archivos de programa\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [APPED.EXE] C:\WINDOWS\APPED.EXE
O4 - HKLM\..\RunServices: [NETLW32.EXE] C:\WINDOWS\NETLW32.EXE
O4 - HKLM\..\RunServices: [APIHP32.EXE] C:\WINDOWS\SYSTEM\APIHP32.EXE
O4 - HKLM\..\RunServices: [CRJL.EXE] C:\WINDOWS\SYSTEM\CRJL.EXE
O4 - HKLM\..\RunServices: [SYSRA32.EXE] C:\WINDOWS\SYSTEM\SYSRA32.EXE
O4 - HKCU\..\Run: [Software Web Segura FNMT-RCM Recovery] C:\Archivos de programa\Entrust\Direct\etdirrcv.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Adaware Bootup] C:\ARCHIVOS DE PROGRAMA\LAVASOFT AD-AWARE\AD-AWARE.EXE /Auto /Log "C:\ARCHIVOS DE PROGRAMA\LAVASOFT AD-AWARE\"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Archivos de programa\Eyetide Media\Eyetide Viewer\EyetideController.exe
O8 - Extra context menu item: Download with GetRight - C:\Archivos de programa\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Archivos de programa\GetRight\GRbrowse.htm
O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = IAM.NET.MA
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.217.0.1,212.217.0.12