Hola, mi pc esta infectada con Spylocket, sistema operativo windows XP service pack 2. Ya pase el PSGUard y el ccleaner. No encuentro en el Hijackthis las entradas BHO y toolbar que citan en esta pagina. Gracias por su ayuda

Hola guasopampa

Reiniciá en Modo Seguro y analizá con RogueRemover. Luego reiniciá en modo normal, analizá con Panda ActiveScan y pegá su reporte aquí junto a uno de lopxpMH2.

Salu2

el roueremover no encontro nada.
Aca estan los logs
Incidencia Estado Elemento Herramienta potencialmente no deseada:Application/Processor No desinfectado C:\WINNT\SYSTEM32\Process.exe
Herramienta potencialmente no deseada:Application/Processor No desinfectado C:\Documents and Settings\Osvaldo Caccaglio\Escritorio\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Desinfectado C:\Documents and Settings\Osvaldo Caccaglio\Escritorio\SmitfraudFix\RESTART.EXE
Reporte realizado a 22:28:25,43, 30/06/2007

Reporte realizado a 22:28:25,45, 30/06/2007
******************************************
## Carpetas Datos de programa


******************************************
## Carpetas Datos de programa

El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: 0B34-16F3

Directorio de C:\Documents and Settings\Default User\Datos de programa

05/04/2005 00:47 <DIR> .
05/04/2005 00:47 <DIR> ..
23/03/2006 22:38 <DIR> AVG7
05/04/2005 00:55 <DIR> Microsoft
29/06/2007 02:59 62 desktop.ini
1 archivos 62 bytes
4 dirs 10.506.207.232 bytes libres
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: 0B34-16F3

Directorio de C:\Documents and Settings\All Users\Datos de programa

05/04/2005 00:47 <DIR> .
05/04/2005 00:47 <DIR> ..
23/04/2005 17:42 <DIR> Adobe
28/06/2005 22:52 <DIR> Adobe Systems
18/12/2005 23:23 <DIR> Autodesk
23/03/2006 22:38 <DIR> avg7
23/03/2006 22:38 <DIR> Grisoft
04/07/2005 01:28 <DIR> HP
28/06/2007 02:22 <DIR> Macromedia
05/04/2005 00:53 <DIR> Microsoft
05/04/2005 23:53 <DIR> SBT
28/06/2007 20:14 <DIR> Spybot - Search & Destroy
28/06/2007 04:17 <DIR> TEMP
29/06/2007 20:34 <DIR> Yahoo! Companion
29/06/2007 02:59 62 desktop.ini
04/07/2005 00:44 1.130 hpzinstall.log
2 archivos 1.192 bytes
14 dirs 10.506.207.232 bytes libres
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: 0B34-16F3

Hola guasopampa

1. Descarga el SilentRunner (dale click con el boton derecho del ratón al enlace y luego en Guardar enlace cómo, Save as o Save Link as....)
   
2. Ejecuta el script, al hacerlo, te hará unas preguntas, en dichas preguntas contesta 'No' y 'Si' (en ese orden)....
   
3. Luego, deberás esperar (aunque parezca que no hace nada) a que te aparezca un mensaje con el botón OK
   
4. En la misma carpeta que ejecutes el script aparecerá un archivo llamado Reporte el cual deberás colocarlo aquí (si lo abres o envías antes de ver el mensaje con el botón Ok, no estará completo)

Salu2
Recuerda volver

listo aqui lo tienes

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINNT\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"IgfxTray" = "C:\WINNT\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINNT\system32\hkcmd.exe" ["Intel Corporation"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"NeroFilterCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Archivos de programa\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"HP Software Update" = ""C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"!AVG Anti-Spyware" = ""C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"SDTray" = ""C:\Archivos de programa\Spyware Doctor\SDTrayApp.exe"" ["PC Tools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx\ {++}
"Register Homesite+.exe" = ""C:\Archivos de programa\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER" ["Macromedia, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensión de paneo de pantalla del Panel de control"
-> {HKLM...CLSID} = "Extensión de paneo de pantalla del Panel de control"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"
-> {HKLM...CLSID} = "Menu Band"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Seguimiento de menú Shell"
-> {HKLM...CLSID} = "Seguimiento de menú Shell"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Sitio del menú"
-> {HKLM...CLSID} = "Sitio del menú"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menú Barra de escritorio"
-> {HKLM...CLSID} = "Menú Barra de escritorio"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"
-> {HKLM...CLSID} = "IShellFolderBand"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "&Vínculos"
-> {HKLM...CLSID} = "&Vínculos"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Imágenes en miniatura"
-> {HKLM...CLSID} = "Background Thumbnail Generator"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{450D8FBA-AD25-11D0-98A8-0800361B1103}" = "MyDocs Folder"
-> {HKLM...CLSID} = "Mis documentos"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensión de iconos de archivo de Outlook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Componente de extensión del núcleo de CorelDRAW"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
\InProcServer32\(Default) = "C:\Archivos de programa\Corel\Corel Graphics 12\PROGRAMS\CrlShell.dll" ["Corel Corporation"]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Archivos de programa\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
"{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"
-> {HKLM...CLSID} = "Nero Shell Extension Property Sheet"
\InProcServer32\(Default) = "[NeroFolder]\neroshx.dll" [file not found]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}" = "Macromedia FTP & RDS"
-> {HKLM...CLSID} = "Macromedia FTP & RDS"
\InProcServer32\(Default) = "C:\WINNT\system32\CfShellFtpRds.dll" ["Macromedia, Inc."]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\WINNT\system32\AcSignIcon.dll" ["Autodesk"]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler\
<<!>> "{596e4935-4d3b-4a3c-842d-2efd1b3de598}" = "hundi"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINNT\system32\pjgerka.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]|"sprestrt" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> wzcnotif\DLLName = "wzcdlg.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\
FAExt\(Default) = "{05672D66-9736-42F5-8BEB-FA1DD3CA51C4}"
-> {HKLM...CLSID} = "FAExt Class"
\InProcServer32\(Default) = "C:\ARCHIV~1\FILEAS~1\FILEAS~1.DLL" ["Malwarebytes"]


Default executables:
--------------------

HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open \command\(Default) = ""C:\WINNT\notepad.exe" "%1"" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"CDRAutoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINNT\system32\config\systemprofile\Configurac ión local\Datos de programa\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINNT\system32\logon.scr" [MS]


Startup items in "Osvaldo Caccaglio" & "All Users" startup folders:
-------------------------------------------------------------------

C:\Documents and Settings\Osvaldo Caccaglio\Menú Inicio\Programas\Inicio
"Adobe Gamma" -> shortcut to: "C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"Microsoft Office" -> shortcut to: "C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Archivos de programa\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Acrobat Assistant" -> shortcut to: "C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Hola guasopampa

- "Reinicia a prueba de fallos"

- Busca y elimina estos archivos/carpetas (Si no lo/los encuentras activa ''Ver archivos ocultos del sistema''),si no se dejan eliminar descarga el programa "FileASSASSIN",con la opción "Use la función eliminar al reiniciar windows

• C:\WINNT\system32\pjgerka.dll

- Reinicia el PC a "Modo normal"

- Usa el Ccleaner(Manual) para limpiar el sistema,primero utilizá la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

salu2
Recuerda volver y contarnos los resultados

Además pegá un reporte del lopxpMH2 completo.

Salu2

parece que lo lograste sacar, de ser asi te felicito. Te paso el log:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINNT\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"IgfxTray" = "C:\WINNT\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINNT\system32\hkcmd.exe" ["Intel Corporation"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"NeroFilterCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"InCD" = "C:\Archivos de programa\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"HP Software Update" = ""C:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"!AVG Anti-Spyware" = ""C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"SDTray" = ""C:\Archivos de programa\Spyware Doctor\SDTrayApp.exe"" ["PC Tools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx\ {++}
"Register Homesite+.exe" = ""C:\Archivos de programa\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER" ["Macromedia, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensión de paneo de pantalla del Panel de control"
-> {HKLM...CLSID} = "Extensión de paneo de pantalla del Panel de control"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"
-> {HKLM...CLSID} = "Menu Band"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Seguimiento de menú Shell"
-> {HKLM...CLSID} = "Seguimiento de menú Shell"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Sitio del menú"
-> {HKLM...CLSID} = "Sitio del menú"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menú Barra de escritorio"
-> {HKLM...CLSID} = "Menú Barra de escritorio"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"
-> {HKLM...CLSID} = "IShellFolderBand"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "&Vínculos"
-> {HKLM...CLSID} = "&Vínculos"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Imágenes en miniatura"
-> {HKLM...CLSID} = "Background Thumbnail Generator"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{450D8FBA-AD25-11D0-98A8-0800361B1103}" = "MyDocs Folder"
-> {HKLM...CLSID} = "Mis documentos"
\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensión de iconos de archivo de Outlook"
\InProcServer32\(Default) = "C:\ARCHIV~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Componente de extensión del núcleo de CorelDRAW"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
\InProcServer32\(Default) = "C:\Archivos de programa\Corel\Corel Graphics 12\PROGRAMS\CrlShell.dll" ["Corel Corporation"]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Archivos de programa\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
"{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"
-> {HKLM...CLSID} = "Nero Shell Extension Property Sheet"
\InProcServer32\(Default) = "[NeroFolder]\neroshx.dll" [file not found]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}" = "Macromedia FTP & RDS"
-> {HKLM...CLSID} = "Macromedia FTP & RDS"
\InProcServer32\(Default) = "C:\WINNT\system32\CfShellFtpRds.dll" ["Macromedia, Inc."]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\WINNT\system32\AcSignIcon.dll" ["Autodesk"]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler\
<<!>> "{596e4935-4d3b-4a3c-842d-2efd1b3de598}" = "hundi"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINNT\system32\pjgerka.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]|"sprestrt" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> wzcnotif\DLLName = "wzcdlg.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\
FAExt\(Default) = "{05672D66-9736-42F5-8BEB-FA1DD3CA51C4}"
-> {HKLM...CLSID} = "FAExt Class"
\InProcServer32\(Default) = "C:\ARCHIV~1\FILEAS~1\FILEAS~1.DLL" ["Malwarebytes"]


Default executables:
--------------------

HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open \command\(Default) = ""C:\WINNT\notepad.exe" "%1"" [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"CDRAutoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINNT\system32\config\systemprofile\Configurac ión local\Datos de programa\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINNT\system32\logon.scr" [MS]


Startup items in "Osvaldo Caccaglio" & "All Users" startup folders:
-------------------------------------------------------------------

C:\Documents and Settings\Osvaldo Caccaglio\Menú Inicio\Programas\Inicio
"Adobe Gamma" -> shortcut to: "C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"Microsoft Office" -> shortcut to: "C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Archivos de programa\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Acrobat Assistant" -> shortcut to: "C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINNT\system32\drivers\CDAC11BA.EXE" ["Macrovision"]
InCD Helper, InCDsrv, "C:\Archivos de programa\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"]
Spyware Doctor Auxiliary Service, sdAuxService, "C:\Archivos de programa\Spyware Doctor\svcntaux.exe" ["PC Tools"]
Spyware Doctor Service, sdCoreService, "C:\Archivos de programa\Spyware Doctor\swdsvc.exe" ["PC Tools"]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINNT\system32\mspmspsv.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
Adobe PDF Port\Driver = "C:\WINNT\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 72 seconds.
---------- (total run time: 152 seconds)

Hola guasopampa

El SilentRunner sige mostrado el archivo nocivo que debes eliminar

- "Reinicia a prueba de fallos"

- Busca y elimina estos archivos/carpetas (Si no lo/los encuentras activa ''Ver archivos ocultos del sistema''),si no se dejan eliminar descarga el programa "FileASSASSIN",con la opción "Use la función eliminar al reiniciar windows

• C:\WINNT\system32\pjgerka.dll

- Reinicia el PC a "Modo normal"

- Usa el Ccleaner(Manual) para limpiar el sistema,primero utilizá la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

- Sube este archivo C:\WINNT\notepad.exe a Jotti's (Esta al final del post)

salu2
Recuerda volver y contarnos los resultados