Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola que tal, buen dia
tengo el Norton Internet Security, la herramienta de Ahnlab Online Security y el Avira AntVir,
win XP Pro SP2
solo el Avira me ha estado avisando de una troyano llamado
Virus or unwanted program 'TR/VB.xop [trojan]'
detected in file 'C:\WINDOWS\system32\winconfig.exe.

pero no puedo eliminarlo desde el Avira
Error detected in AntiVir Guard.
Error message: Action failed for file: C:\WINDOWS\system32\winconfig.exe
Error code: [0x00000005 - Acceso denegado.].

no se si puedan ayudarme

les agradezco de antemano

Hola carladaniela84. Por favor, sigue estos pasos:

Para mayor comodidad, IMPRIME ESTA HOJA. Si no puedes hacer algún paso, lo saltas y continúas.

- Descarga y/o actualiza estas herramientas:
CCLEANER - Manual.
Malwarebytes' Anti-Malware - Manual.

- Ahora has esto:

• Apaga Restaurar sistema (System Restore).
• Reinicia en "Modo Seguro" (Si no puede iniciar en Modo Seguro, omite este paso).

- EJECUTA CCleaner - EJECUTA Malwarebytes' Anti-Malware. Seleccionas su opción de hacer un "escaneo completo". Cuando termine presiona la opción "quitar todo lo seleccionado".

- Reinicia y entra en modo normal, luego habilita la opción de Restaurar Sistema. Pasas CCleaner nuevamente en su opción de limpiador.

- Realiza un Análisis Online con Kaspersky como lo indica su Manual. Si usas Mozilla Firefox recuerda usar la extensión IE Tab para poder realizar el escaneo online sugeridos anteriormente.

Reinicia y comenta que tal va tu PC, junto al reporte generado por Malwarebytes' Anti-Malware y Kaspersky.

Saludos y espero tu respuesta.

Hola que tal
ya estan los pasos ejecutados
solamente q no me deja activar la restauracion del sistema

estos son los reportes (todos dicen q ya no tengo nada, pero Avira sigue reportando anomalias y de Norton no he podido eliminar lo q hay en cuarentena)

Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3036
Windows 5.1.2600 Service Pack 2 (Safe Mode)

26/10/2009 13:44:05
mbam-log-2009-10-26 (13-44-05).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 332003
Tiempo transcurrido: 1 hour(s), 50 minute(s), 41 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)
Wednesday, October 28, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 26, 2009 20:00:46
Records in database: 3085853


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area Critical areas
C:\Archivos de programa
C:\Documents and Settings\AGOSTO\Menú Inicio\Programas\Inicio
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
C:\Program Files
C:\WINDOWS

Scan statistics
Objects scanned 54688
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 14:50:27

No threats found. Scanned area is clean.


Avira AntiVir Personal
Report file date: martes, 27 de octubre de 2009 17:24

Scanning for 1831182 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CONTRALORIA

Version information:
BUILD.DAT : 9.0.0.410 18074 Bytes 25/09/2009 11:56:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 19:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 15:21:42
ANTIVIR2.VDF : 7.1.6.112 4833792 Bytes 15/10/2009 15:53:12
ANTIVIR3.VDF : 7.1.6.155 434176 Bytes 27/10/2009 15:40:44
Engineversion : 8.2.1.44
AEVDF.DLL : 8.1.1.2 106867 Bytes 24/10/2009 15:53:32
AESCRIPT.DLL : 8.1.2.40 487804 Bytes 24/10/2009 15:53:31
AESCN.DLL : 8.1.2.5 127346 Bytes 24/10/2009 15:53:29
AERDL.DLL : 8.1.3.2 479604 Bytes 24/10/2009 15:53:27
AEPACK.DLL : 8.2.0.2 422263 Bytes 24/10/2009 15:53:26
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 15:59:39
AEHEUR.DLL : 8.1.0.167 2011511 Bytes 24/10/2009 15:53:24
AEHELP.DLL : 8.1.7.0 237940 Bytes 24/10/2009 15:53:20
AEGEN.DLL : 8.1.1.68 364918 Bytes 24/10/2009 15:53:18
AEEMU.DLL : 8.1.1.0 393587 Bytes 24/10/2009 15:53:17
AECORE.DLL : 8.1.8.1 184693 Bytes 24/10/2009 15:53:16
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 25/10/2009 15:40:25
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 21:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 16:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\archivos de programa\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: martes, 27 de octubre de 2009 17:24

Starting search for hidden objects.
'127733' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'EXCEL.EXE' - '1' Module(s) have been scanned
Scan process 'acrodist.exe' - '1' Module(s) have been scanned
Scan process 'mkd25tray.exe' - '1' Module(s) have been scanned
Scan process 'mf40nt.exe' - '1' Module(s) have been scanned
Scan process 'aostray.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ScanningProcess.exe' - '1' Module(s) have been scanned
Scan process 'ScanningProcess.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'VTTrayp.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SyncServices.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'MaxBackServiceInt.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '59' files ).


Starting the file scan:

Begin scan in 'C:\' <Disco C>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC10.tmp
[DETECTION] Is the TR/VB.xop Trojan
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC11.tmp
[DETECTION] Is the TR/VB.xop Trojan
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{060F9A85-C6EB-4F8F-B0F6-3EA13F09B834}\{AB653661-C117-40EF-9B8B-AF404F4EB13D}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{060F9A85-C6EB-4F8F-B0F6-3EA13F09B834}\{AB653661-C117-40EF-9B8B-AF404F4EB13D}.qbd
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.sca back-door program
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{0F6D380F-709F-4FB8-A832-B707A7EF68D2}\{81288ED8-D556-419C-B655-614E42475471}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{0F6D380F-709F-4FB8-A832-B707A7EF68D2}\{81288ED8-D556-419C-B655-614E42475471}.qbd
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.sca back-door program
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{12498962-60A1-48AA-BEA8-1DDFA097C298}\{ABDB3119-CA3A-40E3-B572-351F4445AFA1}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{12498962-60A1-48AA-BEA8-1DDFA097C298}\{ABDB3119-CA3A-40E3-B572-351F4445AFA1}.qbd
[DETECTION] Contains recognition pattern of the WORM/IrcBot.20480.1 worm
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{207EB1E0-6CC1-47B5-B981-A1B9E48C553A}\{481F00C7-95D9-4DED-9714-41243A53CB6A}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{207EB1E0-6CC1-47B5-B981-A1B9E48C553A}\{481F00C7-95D9-4DED-9714-41243A53CB6A}.qbd
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.sca back-door program
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{21DA083B-9161-4812-AE4F-843C8FBC9835}\{3678555D-F0C6-4657-8149-BFD2F10EE926}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{21DA083B-9161-4812-AE4F-843C8FBC9835}\{3678555D-F0C6-4657-8149-BFD2F10EE926}.qbd
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.afwb back-door program
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{2C2FA917-C4C1-4445-B972-D816286E4E18}\{355DE7A5-6256-4242-86EB-1C61FF211AEC}.qbd
[DETECTION] Is the TR/Crypt.FSPM.Gen Trojan
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{35D0F9B2-38CA-4D10-BA82-75F68F6C2F97}\{8D73A03B-EE0F-4A4E-A0B9-3E72637A6CCC}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{3952A941-36DD-463E-84DF-30D7D271B548}\{C6C24DA1-968F-4AA4-9A07-93BE7E17A26D}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{3952A941-36DD-463E-84DF-30D7D271B548}\{C6C24DA1-968F-4AA4-9A07-93BE7E17A26D}.qbd
[DETECTION] Is the TR/Agent.ckeq Trojan
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{4A03F60E-6D54-47C9-9831-5F84B0F83EA3}\{0AD29945-E770-4077-BFD1-AA00A58AAD67}.qbd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{4A03F60E-6D54-47C9-9831-5F84B0F83EA3}\{F8DDC268-13AC-4AE2-9DFE-34D54077B616}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{A37DCD39-FADE-47BA-9C9C-DEBB307B2EFF}\{2AABA5EF-E13C-40A7-A9D6-379135A74C39}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{A37DCD39-FADE-47BA-9C9C-DEBB307B2EFF}\{2AABA5EF-E13C-40A7-A9D6-379135A74C39}.qbd
[DETECTION] Contains recognition pattern of the WORM/Brontok.C worm
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{D997F572-BFE9-4827-95F8-257CC71E9F2A}\{027F73D5-1379-4074-8567-D90077ED3DEC}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{D997F572-BFE9-4827-95F8-257CC71E9F2A}\{A4F4C449-CE35-4CC6-9FE3-913332D39A3A}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{ED5470AC-E0C3-4534-B8EE-187D6791AEEB}\{95827478-0B5E-4255-BC33-32482E92024F}.qbd
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{ED5470AC-E0C3-4534-B8EE-187D6791AEEB}\{95827478-0B5E-4255-BC33-32482E92024F}.qbd
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.sca back-door program
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB CARLA\CPF CARLA HALMEX\netsetup.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\WallCooler20242setup.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\ActualGold.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\ActualizaBase.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\GetDiskSerial.DLL
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\touchGold.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\unins000.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\XL2AccessWiz.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\HALMEX TUXTLA GTZ\SetupActualAdmingoldv163.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Mis documentos\essentialpim2.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Mis documentos\essentialpimpro2.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Mis documentos\LCPF\DTI\DTI.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\ActualGold.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\ActualizaBase.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\GetDiskSerial.DLL
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\touchGold.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\unins000.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\XL2AccessWiz.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\RegCleaner\RegCleanr.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\RegCleaner\Uninstall.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\RegCleaner\Backups\RegCleaner\RegClean r.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\RegCleaner\Backups\RegCleaner\Uninstal l.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A26D5E4F-C432-4829-B514-A23DE5D8AE35}\RP86\A0046924.exe
[DETECTION] Contains recognition pattern of the SPR/Destart.A program
C:\WINDOWS\system32\winconfig.exe
[DETECTION] Is the TR/VB.xop Trojan

Beginning disinfection:
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC10.tmp
[DETECTION] Is the TR/VB.xop Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b2b5151.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC11.tmp
[DETECTION] Is the TR/VB.xop Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b2b5153.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{060F9A85-C6EB-4F8F-B0F6-3EA13F09B834}\{AB653661-C117-40EF-9B8B-AF404F4EB13D}.qbd
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4a522185.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{0F6D380F-709F-4FB8-A832-B707A7EF68D2}\{81288ED8-D556-419C-B655-614E42475471}.qbd
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b195144.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{12498962-60A1-48AA-BEA8-1DDFA097C298}\{ABDB3119-CA3A-40E3-B572-351F4445AFA1}.qbd
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4a46940e.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{207EB1E0-6CC1-47B5-B981-A1B9E48C553A}\{481F00C7-95D9-4DED-9714-41243A53CB6A}.qbd
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '48afcde1.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{21DA083B-9161-4812-AE4F-843C8FBC9835}\{3678555D-F0C6-4657-8149-BFD2F10EE926}.qbd
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '488ef529.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{2C2FA917-C4C1-4445-B972-D816286E4E18}\{355DE7A5-6256-4242-86EB-1C61FF211AEC}.qbd
[DETECTION] Is the TR/Crypt.FSPM.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4f4a74d9.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{35D0F9B2-38CA-4D10-BA82-75F68F6C2F97}\{8D73A03B-EE0F-4A4E-A0B9-3E72637A6CCC}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4f436957.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{3952A941-36DD-463E-84DF-30D7D271B548}\{C6C24DA1-968F-4AA4-9A07-93BE7E17A26D}.qbd
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b1e5152.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{4A03F60E-6D54-47C9-9831-5F84B0F83EA3}\{0AD29945-E770-4077-BFD1-AA00A58AAD67}.qbd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b295140.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{4A03F60E-6D54-47C9-9831-5F84B0F83EA3}\{F8DDC268-13AC-4AE2-9DFE-34D54077B616}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4f49ac37.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{A37DCD39-FADE-47BA-9C9C-DEBB307B2EFF}\{2AABA5EF-E13C-40A7-A9D6-379135A74C39}.qbd
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4f42546b.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{D997F572-BFE9-4827-95F8-257CC71E9F2A}\{027F73D5-1379-4074-8567-D90077ED3DEC}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4889e542.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{D997F572-BFE9-4827-95F8-257CC71E9F2A}\{A4F4C449-CE35-4CC6-9FE3-913332D39A3A}.qbd
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4888ea9b.qua'!
C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{ED5470AC-E0C3-4534-B8EE-187D6791AEEB}\{95827478-0B5E-4255-BC33-32482E92024F}.qbd
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '488892dc.qua'!
C:\System Volume Information\_restore{A26D5E4F-C432-4829-B514-A23DE5D8AE35}\RP86\A0046924.exe
[DETECTION] Contains recognition pattern of the SPR/Destart.A program
[NOTE] The file was moved to '4b185142.qua'!
C:\WINDOWS\system32\winconfig.exe
[DETECTION] Is the TR/VB.xop Trojan
[NOTE] The file was moved to '4b56517c.qua'!


End of the scan: miércoles, 28 de octubre de 2009 08:11
Used time: 11:07:36 Hour(s)

The scan has been done completely.

15084 Scanned directories
548529 Files were scanned
18 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
18 Files were moved to quarantine
0 Files were renamed
23 Files cannot be scanned
548488 Files not concerned
5039 Archives were scanned
39 Warnings
19 Notes
127733 Objects were scanned with rootkit scan
0 Hidden objects were found



Y la verdad no se que hacer, agradezco de antemano su tiempo y apoyo

quedo en espera de su comentario

saludos cordiales

Hola fijate que con Kaspersky hiciste un scan de las areas criticas y tenes que hacer uno de Mi PC.

Salu2.

Hola que tal

este es el resultado

KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 28, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 26, 2009 20:00:46
Records in database: 3085853


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area Critical areas
C:\Archivos de programa
C:\Documents and Settings\AGOSTO\Menú Inicio\Programas\Inicio
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
C:\Program Files
C:\WINDOWS

Scan statistics
Objects scanned 54688
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 14:50:27

No threats found. Scanned area is clean.
Selected area has been scanned.

pero este es el resultado del avira con un analisis de hoy

me aparecio el troyano Is the TR/VB.xop Trojan y seleccione mover a cuarentena porq no me deja eliminarlo

Avira AntiVir Personal
Report file date: martes, 03 de noviembre de 2009 08:31

Scanning for 1854592 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CONTRALORIA

Version information:
BUILD.DAT : 9.0.0.410 18074 Bytes 25/09/2009 11:56:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 19:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 15:21:42
ANTIVIR2.VDF : 7.1.6.160 5413376 Bytes 28/10/2009 16:12:24
ANTIVIR3.VDF : 7.1.6.178 114688 Bytes 02/11/2009 16:12:41
Engineversion : 8.2.1.53
AEVDF.DLL : 8.1.1.2 106867 Bytes 24/10/2009 15:53:32
AESCRIPT.DLL : 8.1.2.43 528764 Bytes 30/10/2009 16:15:50
AESCN.DLL : 8.1.2.5 127346 Bytes 24/10/2009 15:53:29
AERDL.DLL : 8.1.3.2 479604 Bytes 24/10/2009 15:53:27
AEPACK.DLL : 8.2.0.2 422263 Bytes 24/10/2009 15:53:26
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 15:59:39
AEHEUR.DLL : 8.1.0.173 2064760 Bytes 30/10/2009 16:15:22
AEHELP.DLL : 8.1.7.0 237940 Bytes 24/10/2009 15:53:20
AEGEN.DLL : 8.1.1.70 364917 Bytes 30/10/2009 16:13:27
AEEMU.DLL : 8.1.1.0 393587 Bytes 24/10/2009 15:53:17
AECORE.DLL : 8.1.8.1 184693 Bytes 24/10/2009 15:53:16
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 25/10/2009 15:40:25
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 21:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 16:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\archivos de programa\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: martes, 03 de noviembre de 2009 08:31

Starting search for hidden objects.
'128475' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'Adobelm_Cleanup.0001' - '1' Module(s) have been scanned
Scan process 'Adobelmsvc.exe' - '1' Module(s) have been scanned
Scan process 'Adobelm_Cleanup.0001' - '1' Module(s) have been scanned
Scan process 'Acrobat.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'mkd25tray.exe' - '1' Module(s) have been scanned
Scan process 'mf40nt.exe' - '1' Module(s) have been scanned
Scan process 'aostray.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'VTTrayp.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SyncServices.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'MaxBackServiceInt.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
51 processes with 51 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '57' files ).


Starting the file scan:

Begin scan in 'C:\' <Disco C>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB CARLA\CPF CARLA HALMEX\netsetup.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\WallCooler20242setup.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\ActualGold.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\ActualizaBase.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\GetDiskSerial.DLL
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\touchGold.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\unins000.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\GOLD2009\XL2AccessWiz.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\HALMEX TUXTLA GTZ\SetupActualAdmingoldv163.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Mis documentos\essentialpim2.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Mis documentos\essentialpimpro2.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Mis documentos\LCPF\DTI\DTI.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\ActualGold.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\ActualizaBase.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\GetDiskSerial.DLL
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\touchGold.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\unins000.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\CPF\Nueva carpeta\XL2AccessWiz.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\RegCleaner\RegCleanr.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\RegCleaner\Uninstall.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\RegCleaner\Backups\RegCleaner\RegClean r.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\gehalmex\Mis documentos\TELMEX\TEL MEX\CARLA\USB FEBRERO2009\RegCleaner\Backups\RegCleaner\Uninstal l.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A26D5E4F-C432-4829-B514-A23DE5D8AE35}\RP88\A0047017.exe
[DETECTION] Is the TR/VB.xop Trojan

Beginning disinfection:
C:\System Volume Information\_restore{A26D5E4F-C432-4829-B514-A23DE5D8AE35}\RP88\A0047017.exe
[DETECTION] Is the TR/VB.xop Trojan
[NOTE] The file was moved to '4b206f85.qua'!


End of the scan: martes, 03 de noviembre de 2009 11:58
Used time: 3:26:18 Hour(s)

The scan has been done completely.

15079 Scanned directories
550543 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
23 Files cannot be scanned
550519 Files not concerned
5048 Archives were scanned
23 Warnings
2 Notes
128475 Objects were scanned with rootkit scan
0 Hidden objects were found

quedo en espera de tus comentarios
gracias de antemano

Tenes que hacer un scan con Kaspersky de Mi PC no de Areas Criticas. Por favor lee el Manual que te deje en mi primera respuesta.

Salu2.

Buen dia

si lo hice MI PC,
aqui esta nuevamente,

Scan - My Computer
Scan statistics

Objects scanned: 143546

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 05:32:04
Scan beginning
Scanning in progress (90%)

Select the area for scanning in the Scan section of the left window part.

Last start: 12.45.2009 00:11:642
Status: completed successfully

Scanning:
Path:
Configure | View report | Stop scanning

Version: 7.0.26.13

Database date: 11.15.2009 23:11:00

Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Thursday, November 5, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 04, 2009 23:15:24
Records in database: 3133256


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Objects scanned 143546
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 05:32:04

No threats found. Scanned area is clean.
Selected area has been scanned.

En verdad agradezco tu tiempo y atencion

Como esta andando el PC?

Salu2.

No me esta dejando acceder a algunas cuentas de usuario...arrojando un mensaje de que la cuenta ha sido bloqueada
Tambien empezo a lanzar ventana como si estuviera instalando programa (que yo no ejecuto), pero no termina la instalacion por un error que dice que no tiene acceso a modificar las rutas, pero tampoco me deja desinstalar el programa, arrojando el mismo error

Hola, por favor, sigue estos pasos:

Para mayor comodidad, IMPRIME ESTA HOJA. Si no puedes hacer algún paso, lo saltas y continúas.

- Descarga y/o actualiza estas herramientas:

• Dr. Web CureIt - Manual.

- Ahora has esto:

• Apaga Restaurar sistema (System Restore).
• Reinicia en "Modo Seguro" (Si no puede iniciar en Modo Seguro, omite este paso).

- EJECUTA Dr. Web CureIt, primero realizando su examen rápido y luego el completo, eliminando todas las infecciones que encuentre.

- Realiza un Análisis Online con Panda Active Scan siguiendo su manual.

Reinicia y comenta que tal va tu PC, junto al reporte generado por Dr. Web CureIt y Panda.

Saludos.