Buenas tardes, e tenid problemas con el winlogon, cada vez que elimino una dll con el hijackthis, se elimina pero cuando escaneo de nuevo aparece sin ser eliminada, una de las dll es e4jm0e11eh.dll, y cuando reinicio a prueba de fallos se elimina pero se crea otra con otro nombre diferente, ya utilize el killbox reiniciando, ad-aware, dr spyware, ya limpie los registros etc etc, ya me tiene canzado esa pagina k se abre sola, tiene terminacion yyy.html, tambien intento eliminar directamente el archivo dede el REGEDIT y no me deja, anexo el log :

Logfile of HijackThis v1.99.1
Scan saved at 04:54:25 p.m., on 09/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\AVPersonal\AVGUARD.EXE
C:\Archivos de programa\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\AVPersonal\AVGNT.EXE
C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\procexp\HijackThis.exe

O4 - HKLM\..\Run: [AVGCtrl] C:\Archivos de programa\AVPersonal\AVGNT.EXE /min
O8 - Extra context menu item: Agregar a Compaq Organize... - C:\ARCHIV~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARCHIV~1\SPYWAR~1\tools\iesdpb.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\e4jm0e11eh.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Archivos de programa\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Archivos de programa\AVPersonal\AVWUPSRV.EXE
O23 - Service: Servicio del iPod (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe



tambien anexo el LOG del
L2MFIX find log 1.04a
These are the registry keys present
************************************************** ********************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\e4jm0e11eh.d ll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Usuarios
(ID-IO) ALLOW Read BUILTIN\Usuarios
(ID-NI) ALLOW Full access BUILTIN\Administradores
(ID-IO) ALLOW Full access BUILTIN\Administradores
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


************************************************** ********************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
"{517CECF0-FBBD-E04D-3549-C88BE5754885}"=""

************************************************** ********************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Hoja de propiedades de archivos multimedia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Administraci¢n de esc ner ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="P gina de seguridad NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="P gina de propiedades del archivo de documentos OLE"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del adaptador de pantalla"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extensi¢n CPL del monitor de pantalla"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="P gina de seguridad DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="P gina de compatibilidad"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extensi¢n de copia de discos"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensiones del shell para objetos de la red de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Administraci¢n de monitor ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Administraci¢n de impresora ICM"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extensi¢n del shell de impresora en Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Malet¡n"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extensi¢n de icono de HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fuentes"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Perfil de ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="P gina de seguridad de impresoras"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensiones de interfaz para uso compartido"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n PKO cifrada"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extensi¢n de firma cifrada"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Conexiones de red"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Conexiones de red"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&C maras y esc neres"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&C maras y esc neres"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&C maras y esc neres"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&C maras y esc neres"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&C maras y esc neres"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensiones del shell para Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="V¡nculos a datos de Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tareas programadas"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barra de tareas y men£ Inicio"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Buscar"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ayuda y soporte t‚cnico"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ejecutar..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Correo electr¢nico"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fuentes"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Herramientas administrativas"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barra de herramientas de Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Estado de la descarga"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Carpeta Shell aumentada"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Carpeta 2 Shell aumentada"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Banda del explorador de Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Banda de b£squeda"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="B£squeda en panel"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="B£squeda Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilidad de opciones del rbol de Registro"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Direcci¢n"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Cuadro de la direcci¢n"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Autocompletar de Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Lista autocompleta MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Lista autocompleta MRU personalizada"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barra de progreso emergente"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lista autocompleta de la historia de Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lista autocompleta de la carpeta Shell de Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Contenedor de la Lista m£ltiple de Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Men£ de sitio de bandas Shell"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barra de escritorio Shell"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Asistencia al usuario"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Configuraci¢n de carpeta global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Servicio de Historial de las direcciones URL de Microsoft"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historial"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Archivos temporales de Internet"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Hook de b£squeda de direcciones URL de Microsoft"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Pantalla de bienvenida de IE4 Suite"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Banda de Explorador"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Carpeta del cach‚ de ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Carpeta de suscripciones"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Administrador de aplicaciones de Shell"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Enumerador de aplicaciones instaladas"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extractor de vistas en miniatura de archivos GDI+"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Controlador de la informaci¢n de resumen para vistas en miniatura (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extractor de vistas en miniatura HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Asistente para la publicaci¢n en Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Pedido de impresiones v¡a web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objeto de Asistente de publicaci¢n de shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Asistente para obtener pasaporte"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Cuentas de usuario"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Archivo de canal"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Acceso directo al canal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Objeto de control de canal"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Carpeta de archivos sin conexi¢n"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personas..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}"="Componente de extensi¢n del n£cleo de CorelDRAW"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}"="Registered ActiveX Controls"
"{D545EBD1-BD92-11CF-8772-00A0C9039735}"="Developer Studio Components"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Dispositivos Plug and Play universales"
"{C32D45A4-932B-4EF3-95C5-7BF03CCA738E}"=""
"{C4C7F0DF-51A0-48CE-B8FE-C015AD6D26DE}"=""
"{2A53B44E-CF62-4F98-B501-212421FDE9A4}"=""
"{D231A171-2E9D-4A6D-811C-77AD9E828B22}"=""

************************************************** ********************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C4C7F0DF-51A0-48CE-B8FE-C015AD6D26DE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4C7F0DF-51A0-48CE-B8FE-C015AD6D26DE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4C7F0DF-51A0-48CE-B8FE-C015AD6D26DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4C7F0DF-51A0-48CE-B8FE-C015AD6D26DE}\InprocServer32]
"ThreadingModel"="Apartment"
@="C:\\WINDOWS\\system32\\guard.tmp"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2A53B44E-CF62-4F98-B501-212421FDE9A4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A53B44E-CF62-4F98-B501-212421FDE9A4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A53B44E-CF62-4F98-B501-212421FDE9A4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A53B44E-CF62-4F98-B501-212421FDE9A4}\InprocServer32]
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D231A171-2E9D-4A6D-811C-77AD9E828B22}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D231A171-2E9D-4A6D-811C-77AD9E828B22}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D231A171-2E9D-4A6D-811C-77AD9E828B22}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D231A171-2E9D-4A6D-811C-77AD9E828B22}\InprocServer32]
@="C:\\WINDOWS\\system32\\kgdne.dll"
"ThreadingModel"="Apartment"

************************************************** ********************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
bqshell.dll Wed 14 Sep 2005 7:30:30p ..... 552,960 540.00 K
browseui.dll Fri 2 Sep 2005 5:06:12p A.... 1,020,416 996.50 K
cdfview.dll Fri 2 Sep 2005 5:06:12p A.... 151,552 148.00 K
cdosys.dll Fri 9 Sep 2005 6:55:12p A.... 2,067,968 1.97 M
danim.dll Fri 2 Sep 2005 5:06:14p A.... 1,055,744 1.00 M
dxtrans.dll Fri 2 Sep 2005 5:06:14p A.... 205,312 200.50 K
e4jm0e~1.dll Wed 9 Nov 2005 3:50:40p ..S.R 235,705 230.18 K
extmgr.dll Fri 2 Sep 2005 5:06:14p A.... 55,808 54.50 K
iepeers.dll Fri 2 Sep 2005 5:06:14p A.... 251,392 245.50 K
iiagehlp.dll Wed 9 Nov 2005 3:37:30p ..S.R 234,210 228.72 K
imagr5.dll Wed 19 Oct 2005 2:32:48p ..... 507,904 496.00 K
imagx5.dll Wed 19 Oct 2005 2:32:48p ..... 532,480 520.00 K
imagxpr5.dll Wed 19 Oct 2005 2:32:48p ..... 275,312 268.86 K
inseng.dll Fri 2 Sep 2005 5:06:14p A.... 96,768 94.50 K
iqagehlp.dll Wed 9 Nov 2005 2:38:48p ..S.R 234,210 228.72 K
irengine.dll Wed 9 Nov 2005 1:04:54p ..S.R 235,403 229.88 K
j8l40i~1.dll Thu 27 Oct 2005 9:02:22a ..S.R 234,931 229.42 K
kgdne.dll Wed 9 Nov 2005 4:21:54p ..... 235,705 230.18 K
kkdtat.dll Wed 9 Nov 2005 3:52:56p ..S.R 234,210 228.72 K
kpdusr.dll Thu 27 Oct 2005 2:56:48p ..S.R 234,669 229.17 K
kudsl.dll Thu 27 Oct 2005 7:48:54a ..S.R 234,307 228.81 K
l8j8li~1.dll Thu 27 Oct 2005 3:15:46p ..S.R 237,030 231.47 K
linkinfo.dll Wed 31 Aug 2005 6:43:36p A.... 19,968 19.50 K
m2280c~1.dll Wed 9 Nov 2005 3:53:56p ..S.R 234,210 228.72 K
msexcl35.dll Mon 7 Nov 2005 11:30:40a A.... 250,128 244.27 K
mshtml.dll Tue 4 Oct 2005 5:27:26p A.... 3,013,120 2.87 M
mshtmled.dll Fri 2 Sep 2005 5:06:14p A.... 448,512 438.00 K
mspdox35.dll Mon 7 Nov 2005 11:30:40a A.... 250,128 244.27 K
msrating.dll Fri 2 Sep 2005 5:06:14p A.... 146,432 143.00 K
mstext35.dll Mon 7 Nov 2005 11:30:40a A.... 165,648 161.77 K
mstime.dll Fri 2 Sep 2005 5:06:14p A.... 530,432 518.00 K
multisz.dll Wed 19 Oct 2005 2:32:52p ..... 49,152 48.00 K
mxvidc32.dll Wed 9 Nov 2005 2:04:46p ..S.R 237,217 231.66 K
netman.dll Mon 22 Aug 2005 11:34:58a A.... 197,632 193.00 K
nlmarta.dll Wed 9 Nov 2005 12:15:26p ..S.R 235,403 229.88 K
oybcp32r.dll Wed 9 Nov 2005 2:12:32p ..S.R 235,212 229.70 K
picn20.dll Wed 19 Oct 2005 2:32:48p ..... 35,328 34.50 K
pngfilt.dll Fri 2 Sep 2005 5:06:14p A.... 39,424 38.50 K
quartz.dll Mon 29 Aug 2005 8:55:42p A.... 1,293,312 1.23 M
rmsrad.dll Thu 27 Oct 2005 12:56:56p ..S.R 236,190 230.65 K
semsrv.dll Wed 9 Nov 2005 3:04:08p ..S.R 234,210 228.72 K
shdocvw.dll Fri 2 Sep 2005 5:06:14p A.... 1,484,288 1.41 M
shell32.dll Thu 22 Sep 2005 8:06:56p A.... 8,492,544 8.10 M
shlwapi.dll Fri 2 Sep 2005 5:06:14p A.... 474,112 463.00 K
sirenacm.dll Mon 19 Sep 2005 6:00:34a A.... 119,856 117.05 K
twnlib20.dll Wed 19 Oct 2005 2:32:48p ..... 106,496 104.00 K
umpnpmgr.dll Mon 22 Aug 2005 8:39:10p A.... 124,416 121.50 K
urlmon.dll Fri 2 Sep 2005 5:06:14p A.... 604,672 590.50 K
wdntrust.dll Thu 27 Oct 2005 8:36:00a ..S.R 236,531 230.98 K
wininet.dll Fri 2 Sep 2005 5:06:14p A.... 660,992 645.50 K
winsrv.dll Wed 31 Aug 2005 6:43:38p A.... 292,352 285.50 K
wnaspint.dll Thu 13 Oct 2005 7:01:14a A.... 57,344 56.00 K
wrvdmoe2.dll Wed 9 Nov 2005 3:49:40p ..S.R 235,705 230.18 K

53 items found: 53 files (17 H/S), 0 directories.
Total of file sizes: 29,864,962 bytes 28.48 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Wed 9 Nov 2005 4:22:54p ..S.R 235,705 230.18 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 235,705 bytes 230.18 K
************************************************** ********************************
Directory Listing of system files:
El volumen de la unidad C es Sistemas
El n£mero de serie del volumen es: 27BE-9E4A

Directorio de C:\WINDOWS\System32

09/11/2005 04:22 p.m. 235,705 guard.tmp
09/11/2005 03:53 p.m. 234,210 m2280cfuef280.dll
09/11/2005 03:52 p.m. 234,210 kkdtat.dll
09/11/2005 03:50 p.m. 235,705 e4jm0e11eh.dll
09/11/2005 03:49 p.m. 235,705 wrvdmoe2.dll
09/11/2005 03:37 p.m. 234,210 iiagehlp.dll
09/11/2005 03:04 p.m. 234,210 sEmsrv.dll
09/11/2005 02:38 p.m. 234,210 iqagehlp.dll
09/11/2005 02:12 p.m. 235,212 oybcp32r.dll
09/11/2005 02:04 p.m. 237,217 mxvidc32.dll
09/11/2005 01:04 p.m. 235,403 irengine.dll
09/11/2005 12:15 p.m. 235,403 nlmarta.dll
27/10/2005 03:15 p.m. 237,030 l8j8li1u18.dll
27/10/2005 02:56 p.m. 234,669 kpdusr.dll
27/10/2005 12:56 p.m. 236,190 rMsrad.dll
27/10/2005 09:02 a.m. 234,931 j8l40i3qe8.dll
27/10/2005 08:35 a.m. 236,531 wdntrust.dll
27/10/2005 07:48 a.m. 234,307 kudsl.dll
13/10/2005 04:14 p.m. <DIR> dllcache
08/03/2005 12:32 p.m. <DIR> Microsoft
23/02/2005 01:00 a.m. 181,312 SCSIACC.EXE
21/03/2001 09:34 a.m. 244,232 Msflxgrd.ocx
20 archivos 4,660,602 bytes
2 dirs 58,709,479,424 bytes libres


Espero k puedan ayudarme, enverdad...

Por su atencion muchas garcias :)...

mi mail es Editado por Moderador@hotmail.com

Hola, te doy la bienvenida al Foro de InfoSpyware.

No usese la herramienta LSmfix.exe a menos que alguno de los miembras del equipo de InfoSpyware te lo haya soliticiato y no respondemos por email unicamente en el foro.

Descargar, actualiza y ejecuta el programa Spy Sweeper 4.5

Usa el Disk Cleaner para limpiar cookies y temporales y RegSeeker para limpiar el registro de Win.

Reinicia y nos contas los resultados.

Salu2

__________________

Muchas Gracias, si funciono, ya no se abren las paginas, y el el hijack ya no aparece el winlogon, de verdad muchas gracias, . Seguiremos en contacto.

Es bueno contar con un foro como el de ustedes que es de mucho apoyo, GRACIAS...