Uso exesivo de RAM en mi pc

Ayuda General
#3

hola, abajo estan las especificasiones de mi equipo, gracias por turespuesta tan rapida.

Fabricante OEM Modelo OEM Cantidad total de memoria del sistema 4,00 GB en RAM Tipo de sistema Sistema operativo de 64 bits Número de procesadores principales 2

Almacenamiento

Tamaño total de los discos duros 382 GB Partición del disco (C:) 93 GB disponibles (132 GB en total) Partición del disco (D:) 75 GB disponibles (149 GB en total) Partición del disco (E:) 37 GB disponibles (101 GB en total) Unidad de medios (F:) CD/DVD

Gráficos

Tipo del adaptador de monitor NVIDIA GeForce 8400GS Memoria de gráficos disponible en total 2175 MB Memoria dedicada de gráficos 1024 MB Memoria dedicada del sistema 0 MB Memoria compartida del sistema 1151 MB Mostrar la versión del controlador del adaptador 21.21.13.4201 Resolución del monitor principal 1360x768 Versión de DirectX DirectX 10

Red

Adaptador de red Realtek PCIe GbE Family Controller

y otra cosa, utilize un punto de restauracion mas antiguo y al parecer el problema decresio un poco pero aun sigue estando lento y utilizando RAM sin razon aparente.

#4

Hola @Santiago_Penaranda:

Tenes equipo mas que suficiente como para que el SP1 no te moleste para nada.

Dime si tu SO es original? Y de donde descargaste el SP1?

Busquemos a ver si el problema es por Malwares.:thinking:

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Completo.
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2

#5

hola :D, son barios pasos, puede que me demore un poco en responder, pero para aclarar tus dudas, mi SO no es original, lo descargue por youtube de un sitio de confianza, ya que no es la primera vez que lo descargo, y le puse un crack pues para tenerlo full, y el SP1 lo descargue de la pagina oficial de microsoft, ya que soy consiente de los problemas que puede traer la instlacion de este si esta corrupto o algo.

#6

Hola @Santiago_Penaranda:

Ok.

Al margen de como lo actives siempre recomendamos instalar SO originales en lo posible descargados desde Microsoft para evitar problemas y que sean completos y sin sorpresas.

Este equipo es el mismo que formateaste hace poco? Si es así suspende el análisis que te doy otros pasos.

Ve a Inicio >>> Ejecutar >>> escribe tal cual >>> winver

Tomas la imagen y la subes en tu próxima respuesta.

Como insertar una imagen en el Foro?

Salu2.

#8

efectivamente,este es el mismo equipo que tenia el SO en la unidad O, el cual me toco reinstalar windows

Sin%20t%C3%ADtulo
Sin título.png1360×768 151 KB

uy perdon, se me ah olvidado recortarla

#9

Hola:

Ok.

Probemos lo siguiente para despejar dudas:

1.- Descarga, instala y/o actualiza las siguientes herramientas:

2.- Ejecute CCleaner:

  • En sus opciónes Limpiador y Registro para hacer una limpieza de cookies, archivos temporales e innecesarios, para mejorar el rendimiento de su equipo y generar reportes mas limpios., tal como se indica en su Manual. (NO necesitamos este reporte)

3- Ejecuta Malwarebytes tal como se indica en su Manual

4.- Reinicie su PC

5.- Para ver el estado de algunos servicios de ese SO Descarga FSS.exe a tu escritorio.

Ejecuta FSS.exe (Presiona clic derecho y seleccionas Ejecutar como administrador)

Marca todas las opciones:

  • Internet Services.
  • Windows Firewall
  • System Restore.
  • Security Center/Action Center.
  • Windows Update.
  • Windows Defender.

Presiona el botón Scan y espera a que termine su trabajo.

Se abrirá un Bloc de notas. Copia y pega el contenido en tu próxima respuesta.

Salu2.

#10

entengo que mandar reporte de malwarebytes?

#11

Hola:

Exacto:

Como pegar reportes en el Foro?

Salu2

#12

hola, ya termine con los escaneos, a continuacion sus resultados

resultados de FSS.EXE:

Farbar Service Scanner Version: 27-01-2016
Ran by santiago (administrator) on 19-12-2018 at 23:36:16
Running from "C:\Users\santiago\Desktop"
Microsoft Windows 7 Enterprise   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

resultados de malwarebytes:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 19/12/18
Hora del análisis: 23:31
Archivo de registro: 2a210bfa-0410-11e9-ba45-0022686a6c65.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.8401
Licencia: Prueba

-Información del sistema-
SO: Windows 7
CPU: x64
Sistema de archivos: NTFS
Usuario: santiago-PC\santiago

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 212190
Amenazas detectadas: 21
Amenazas en cuarentena: 17
Tiempo transcurrido: 2 min, 40 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 2
Backdoor.Bot, C:\WINDOWS\SYSTEM\EXPLORER.EXE, En cuarentena, [866], [207664],1.0.8401
Trojan.Agent, C:\WINDOWS\SYSTEM\SVCHOST.EXE, En cuarentena, [407], [196488],1.0.8401

Módulo: 2
Backdoor.Bot, C:\WINDOWS\SYSTEM\EXPLORER.EXE, En cuarentena, [866], [207664],1.0.8401
Trojan.Agent, C:\WINDOWS\SYSTEM\SVCHOST.EXE, En cuarentena, [407], [196488],1.0.8401

Clave del registro: 2
Trojan.Gosys, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}, Sin acciones por parte del usuario, [4132], [199097],1.0.8401
Trojan.Gosys, HKU\S-1-5-21-446505234-209791776-530350210-1000\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}, Se eliminará al reiniciar, [4132], [199097],1.0.8401

Valor del registro: 2
Backdoor.Bot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Explorer, Sin acciones por parte del usuario, [866], [207664],1.0.8401
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SVCHOST, Se eliminará al reiniciar, [407], [196488],1.0.8401

Datos del registro: 1
Backdoor.Bot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Sin acciones por parte del usuario, [866], [207664],1.0.8401

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 12
Backdoor.Bot, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Se eliminará al reiniciar, [866], [207664],1.0.8401
Trojan.Gosys, C:\USERS\SANTIAGO\APPDATA\ROAMING\MRSYS.EXE, Se eliminará al reiniciar, [4132], [199097],1.0.8401
RiskWare.HeuristicsReservedWordExploit, C:\WINDOWS\SYSTEM\SPOOLSV.EXE, Se eliminará al reiniciar, [5724], [293552],1.0.8401
Trojan.Agent, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Se eliminará al reiniciar, [407], [196488],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\DOWNLOADS\VC_REDIST.X64 (1).EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\DOWNLOADS\CCSETUP551.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\DOWNLOADS\ADWCLEANER_7.2.5.0.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\DOWNLOADS\DOLPHIN-X64-5.0.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\APPDATA\LOCAL\STSYS.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\APPDATA\LOCAL\ICSYS.ICN.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\MWow64 - Acceso directo.lnk, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, D:\WOW\7.1.5 RUN&PLAY\MWOW64.EXE, Sin acciones por parte del usuario, [5753], [355551],1.0.8401

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

espero que sea de ayuda.

#13

Hola:

Como lo sospeche tienes tremendas infecciones.

Pues parece que el activador tenia varios regalos no deseados.

Malwarebytes tardo solo en dos minutos 40 segundos en analizar todo el equipo.??:thinking:

Te repito los pasos, debes seleccionar y eliminar Todooo absolutamente todo, ya que las infecciones son serias, tienes Troyanos y Backdoors.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Completo.
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisisencontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

Salu2.

#14

hola, de antemano me disculpo por los problemas que he causado al poner los resultados de los escaneos, no soy muy diestro en le manejo de post jaja, y otra cosa, le doy en analisis completo pero el analisis termina muy rapido, en estos momentos procedere a reiniciar el equipo, pero se me hace raro que termine tan rapido, esta ves tardo poco menos de el minuto.

aqui el resultado de nuevo:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 20/12/18
Hora del análisis: 0:00
Archivo de registro: 287ed4fe-0414-11e9-99d0-0022686a6c65.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.8401
Licencia: Prueba

-Información del sistema-
SO: Windows 7
CPU: x64
Sistema de archivos: NTFS
Usuario: santiago-PC\santiago

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 212238
Amenazas detectadas: 8
Amenazas en cuarentena: 7
Tiempo transcurrido: 2 min, 17 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 2
Backdoor.Bot, C:\WINDOWS\SYSTEM\EXPLORER.EXE, En cuarentena, [866], [207664],1.0.8401
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, En cuarentena, [5753], [355551],1.0.8401

Módulo: 2
Backdoor.Bot, C:\WINDOWS\SYSTEM\EXPLORER.EXE, En cuarentena, [866], [207664],1.0.8401
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, En cuarentena, [5753], [355551],1.0.8401

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 4
Trojan.Gosys, C:\USERS\SANTIAGO\APPDATA\ROAMING\MRSYS.EXE, Error durante la eliminación, [4132], [199097],1.0.8401
Backdoor.Bot, C:\WINDOWS\SYSTEM\EXPLORER.EXE, En cuarentena, [866], [207664],1.0.8401
Backdoor.Agent.Generic, C:\WINDOWS\SYSTEM\SVCHOST.EXE, En cuarentena, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\APPDATA\LOCAL\STSYS.EXE, En cuarentena, [5753], [355551],1.0.8401

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

no me sale el truco ;-;

#15

Hola:

Cambiamos de Herramienta:

Realiza lo siguiente:

Análisis del PC con Eset Online Scaner : Manual de Uso

Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

NOTAS IMPORTANTES:

  1. En tu próxima respuesta, debes pegar ambos reportes.

  2. Debes copiar y pegar los reportes solicitados con todo su contenido. Usaras varios mensajes si recibes un mensaje de error indicando que es muy largo (mas de 50.000 caracteres aprox.).

  3. Nos comentas como sigue el problema original por el que abriste el tema.

Guía: Como pegar Reportes en el Foro?

Y mañana la seguimos que aqui ya es muy tarde.

Salu2.

#16

ok, hasta mañana, que descances.

#17

hola, aqui esta el reporte de eset online scaner, para el reporte de kasperky tendre que mandarlo en otro mensaje mas adelante, aunque estoy algo molesto, ya que el eset a eliminado una gran cantidad de .exe de juego, juegos que creeria yo que no heran una amenaza, pero bueno, por algo les habra eliminado, a continuacion el reporte.

20/12/2018 18:53:57 p.m.
Archivos explorados: 135841
Archivos infectados: 71
Amenazas eliminadas: 71
Tiempo total de exploración 01:07:17
Estado de la exploración: Finalizado
C:\Program Files (x86)\IObit\Driver Booster\5.5.1\AutoUpdate.exe	una variante de Win32/IObit.N aplicación potencialmente no deseada	desinfectado por eliminación
C:\Program Files (x86)\IObit\Driver Booster\5.5.1\IObitDownloader.exe	una variante de Win32/IObit.L aplicación potencialmente no deseada	desinfectado por eliminación
C:\Users\santiago\Downloads\ccsetup551.exe 	Win32/Bundled.Toolbar.Google.D aplicación potencialmente no segura	desinfectado por eliminación
C:\Users\santiago\Downloads\mb3-setup-35891.35891-3.6.1.2711-1.0.463-1.0.6913.exe	Win32/VB.OSK troyano	desinfectado por eliminación
C:\Users\santiago\Downloads\windows6.1-KB976932-X64.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Activador total\cw.exe	Win32/HackTool.WinActivator.N aplicación potencialmente no segura	desinfectado por eliminación
D:\Activador total\RemoveWAT.exe	una variante de MSIL/HackTool.Wpakill.A aplicación potencialmente no segura	desinfectado por eliminación
D:\Cheat Engine 6.7\ceregreset.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Cheat Engine 6.7\cheatengine-i386.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Cheat Engine 6.7\cheatengine-x86_64.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Cheat Engine 6.7\DotNetDataCollector32.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Cheat Engine 6.7\DotNetDataCollector64.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Cheat Engine 6.7\Kernelmoduleunloader.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Cheat Engine 6.7\standalonephase1.dat	una variante de Win32/HackTool.CheatEngine.AF aplicación potencialmente no segura	desinfectado por eliminación
D:\Cheat Engine 6.7\Tutorial-i386.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Cheat Engine 6.7\Tutorial-x86_64.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Cheat Engine 6.7\unins000.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\GTA San Andreas\gta_sa.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\GTA San Andreas\rcon.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\GTA San Andreas\samp.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\GTA San Andreas\SAMPUninstall.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\GTA San Andreas\samp_debug.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Halo 1\Halo 1\chktrust.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Halo 1\Halo 1\haloupdate.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Halo 1\Halo 1\Uninstal.EXE	Win32/VB.OSK troyano	desinfectado por eliminación
D:\MSI Afterburner\MSIAfterburner.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\MSI Afterburner\Uninstall.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Need for Speed Most Wanted\eauninstall.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Need for Speed Most Wanted\NFSMW Aplicacion.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Need for Speed Most Wanted\safemode_inst.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Need for Speed Most Wanted\shell_inst.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Need for Speed Most Wanted\speed.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Need for Speed Most Wanted\Texmod.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\RivaTuner Statistics Server\EncoderServer.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\RivaTuner Statistics Server\EncoderServer64.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\RivaTuner Statistics Server\RTSS.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\RivaTuner Statistics Server\RTSSHooksLoader.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\RivaTuner Statistics Server\RTSSHooksLoader64.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\RivaTuner Statistics Server\Uninstall.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\SteamLibrary\steamapps\common\World of Warships\_CommonRedist\DirectX\Jun2010\infinst.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Worms Armageddon\clokspl.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Worms Armageddon\GfxUpdate.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Worms Armageddon\Landgen.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\Worms Armageddon\WA.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\wow\7.1.5 Run&Play\Arctium WoW Client Patcher.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\wow\7.1.5 Run&Play\MWow.exe	Win32/VB.OSK troyano	desinfectado por eliminación
D:\wow\7.1.5 Run&Play\MWow64.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\AudacityPortable\lame.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\AudacityPortable\unins000.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe,	Win32/VB.OSK troyano	desinfectado por eliminación
E:\DAEMON Tools Lite\DTHelper.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\DAEMON Tools Lite\DTLauncher.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\DAEMON Tools Lite\DTLite.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\DAEMON Tools Lite\DTLiteHelper.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\DAEMON Tools Lite\Extractor.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\DAEMON Tools Lite\SPTDinst-x64.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\DAEMON Tools Lite\uninst.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\Delta Force Black Hawk Down\dfbhd.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\Delta Force Black Hawk Down\dfbhdlc.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\Delta Force Black Hawk Down\dfbhdmed.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\doom 3\Doom 3 (renechivas100)\Doom3.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\doom 3\Doom 3 (renechivas100)\Server.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\doom 3\Desinstalador.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\eggnoggplus-win\eggnoggplus-win\eggnoggplus.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\Geometry Dash 2.11 Funcional\GeometryDash.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\leage of legends\Uninstall League of Legends.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\Microsoft Office 2013 x64bits\setup (2).exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\Microsoft Office 2013 x64bits\setup.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\Music\AudacityPortable\AudacityPortable.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\LOLPRO 8.24.1.exe	Win32/VB.OSK troyano	desinfectado por eliminación
E:\partition-wizard-8-1-1-home-en-win.exe	Win32/VB.OSK troyano	desinfectado por eliminación
#18

image
image.jpg1360×768 238 KB
eso fue lo que me arojo KVRT, no me dio ningun reporte, le doy en reporte y no sale nada.

#19

Hola @Santiago_Penaranda:

Por el momento no descargues nada de nuevo aunque tu creas que es confiable.

Te explico una diferencia:

D:\Activador total\cw.exe Win32/HackTool.WinActivator.N aplicación potencialmente no segura desinfectado por eliminación.

Un activador. Algunos usuarios piensas que son Falsos Positivos.

c:\Users\santiago\Downloads\windows6.1-KB976932-X64.exe Win32/VB.OSK troyano desinfectado por eliminación

Claramente un Troyano, y tenias muchísimos. Son de los códigos maliciosos mas peligrosos de la red.

Pero falta lo detectado por Malwarebytes y eso es lo que me mosquea.

Ahora con el equipo un poco mas limpio realiza lo siguiente:

1.- Desinstala con Revo Uninstaller en su Modo Avanzado:

  • IObit\Driver Booster

Manual de Revo Uninstaller.

2.- Desinstala con su Herramienta especifica: Malwarebytes Anti-Malware, ya que sospecho de la integridad del programa por el momento.

  • Descargue en su escritorio y ejecute MB-Clean.exe .
  • REINICIAR nuevamente su equipo.

3.- Realiza los siguientes pasos, sin cambiar el orden:

Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

4.- Descarga a tu escritorio:

5.- Malwarebytes Anti Rootkits

Instalarlo y actualizarlo. Realiza un Análisis Completo de acuerdo a su Manual.

Nota Importante:

En tu próxima respuesta debes pegar el reporte de Malwarebytes Anti Rootkits

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte y no olvides comentar como va el problema.

Tienes que presionar el acento que esta al lado de la letra p. es el acento al revés…:wink:

Salu2

1 me gusta
Troyano Mrsys no desaparece
#20

mmm… ok, pero tengo una duda

c:\Users\santiago\Downloads\windows6.1-KB976932-X64.exe Win32/VB.OSK troyano desinfectado por eliminación

todas las actualizaciones me las baje de la pagina oficial de microsoft, se me hace extraño que sea un troyano y pues el driver booster me lo baje tambien de la pagina oficial pues por l tema de que me toco reinsalar windows.

depronto no aparecen los de malwarebytes porque ya los he eliminado de la cuarentena, depronto esa sea la razon, en cuanto a los de mas analizis restantes, es probable que me demore un poco en subir los resultados.

#21

Hola @Santiago_Penaranda:

Un equipo infectado se va contaminando, y especialmente los .exe.

Hace tiempo que no es un software confiable.

Ojala…:wink:

Por acá te esperamos, lo que has olvidado comentar es como sientes el sistema.

Salu2.

#22

hola @SanMar

con este ultimo scan del MB-AR aumenta en 1 el numero de juegos dados de baja por este proceso de desinfeccion, ahora me elimino el word of warcraft ;-;, bueno no importa jaja, desinstale como me pediste el driver booster con la herramienta revo uninstaller como fue espesificado, en cuanto a el SO, sin duda lo siento mas ligero, el problema ha desaparecido por completo, a continuacion le voy a subir los reportes, subire dos, el de MB-CLEAN y el de MB-AR pus creo que los dos serian mas de utilidad.

reporte de MB-CLEAN:

2018-12-21 12:50:49.951   mb-clean:3.1.0.1035  @ Malwarebytes. All rights reserved.
2018-12-21 12:50:51.937   Trying to change the start type of MBAMChameleon.
2018-12-21 12:50:52.246   MBAMChameleon is disabled successfully.
2018-12-21 12:50:52.247   Trying to disable self-protection.
2018-12-21 12:50:52.520   Launching process:"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /log="C:\Users\santiago\AppData\Local\Temp\Mbam3x.log"
2018-12-21 12:50:59.942   >>>>>> Starting 2nd phase cleanup for Malwarebytes versión 3.6.1.2711 <<<<<<
2018-12-21 12:50:59.943   HKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver does not exist.
2018-12-21 12:50:59.943   HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2018-12-21 12:50:59.944   HKLM\SYSTEM\CurrentControlSet\Services\MBAMFarflt does not exist.
2018-12-21 12:50:59.944   HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtection does not exist.
2018-12-21 12:50:59.945   HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2018-12-21 12:50:59.945   HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2018-12-21 12:50:59.948   HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebProtection does not exist.
2018-12-21 12:51:01.250   Trying to delete path C:\Program Files\Malwarebytes\Anti-Malware\
2018-12-21 12:51:01.250   Cannot delete path C:\Program Files\Malwarebytes\Anti-Malware\, reason:((error=3))
2018-12-21 12:51:01.250   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService
2018-12-21 12:51:01.251   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService
2018-12-21 12:51:01.251   --------BEGINNING OF THE UNINSTALLER LOG FILE ----------
2018-12-21 12:50:52.997   Log opened. (Time zone: UTC-05:00)
2018-12-21 12:50:52.998   Setup version: Inno Setup version 5.5.8 (u)
2018-12-21 12:50:52.998   Original Uninstall EXE: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
2018-12-21 12:50:52.998   Uninstall DAT: C:\Program Files\Malwarebytes\Anti-Malware\unins000.dat
2018-12-21 12:50:52.998   Uninstall command line: /SECONDPHASE="C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /FIRSTPHASEWND=$50208 /LOG /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /log="C:\Users\santiago\AppData\Local\Temp\Mbam3x.log"
2018-12-21 12:50:52.998   Windows version: 6.1.7600  (NT platform: Yes)
2018-12-21 12:50:52.998   64-bit Windows: Yes
2018-12-21 12:50:52.998   Processor architecture: x64
2018-12-21 12:50:52.998   User privileges: Administrative
2018-12-21 12:50:53.068   64-bit install mode: Yes
2018-12-21 12:50:53.068   Created temporary directory: C:\Users\santiago\AppData\Local\Temp\is-767I1.tmp
2018-12-21 12:50:53.173   Uninstalling service
2018-12-21 12:50:58.754   Installed service, result 0
2018-12-21 12:50:58.754   Uninstall service complete
2018-12-21 12:50:58.789   Uninstall from Security Center , result 0
2018-12-21 12:50:58.793   Removing mbshlext.dll
2018-12-21 12:50:58.794   Spawning 64-bit RegSvr32: "C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll"
2018-12-21 12:50:59.021   Starting the uninstallation process.
2018-12-21 12:50:59.114   Deleting file: C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-21 12:50:59.165   Deleting file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk
2018-12-21 12:50:59.175   Deleting directory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-21 12:50:59.175   Failed to delete directory (145). Will retry later.
2018-12-21 12:50:59.254   Deleting file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk
2018-12-21 12:50:59.255   Deleting directory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-21 12:50:59.255   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\zlib.dll
2018-12-21 12:50:59.256   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\7z.dll
2018-12-21 12:50:59.256   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll
2018-12-21 12:50:59.256   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
2018-12-21 12:50:59.257   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionSdk.dll
2018-12-21 12:50:59.257   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll
2018-12-21 12:50:59.258   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\rtp.dll
2018-12-21 12:50:59.258   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\RtpShim.dll
2018-12-21 12:50:59.259   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll
2018-12-21 12:50:59.259   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll
2018-12-21 12:50:59.260   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MwacLib.dll
2018-12-21 12:50:59.260   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MwacSdkShim.dll
2018-12-21 12:50:59.261   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MBAMCore.dll
2018-12-21 12:50:59.262   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll
2018-12-21 12:50:59.263   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\arwlib.dll
2018-12-21 12:50:59.264   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ArwSdkShim.dll
2018-12-21 12:50:59.264   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll
2018-12-21 12:50:59.264   Deleting file: C:\Windows\system32\drivers\mbae64.sys
2018-12-21 12:50:59.265   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll
2018-12-21 12:50:59.265   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\AeShim.dll
2018-12-21 12:50:59.265   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLLShim.dll
2018-12-21 12:50:59.266   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLL.dll
2018-12-21 12:50:59.267   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll
2018-12-21 12:50:59.267   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll
2018-12-21 12:50:59.267   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll
2018-12-21 12:50:59.268   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll
2018-12-21 12:50:59.269   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll
2018-12-21 12:50:59.270   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll
2018-12-21 12:50:59.271   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll
2018-12-21 12:50:59.271   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll
2018-12-21 12:50:59.272   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll
2018-12-21 12:50:59.272   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll
2018-12-21 12:50:59.273   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll
2018-12-21 12:50:59.273   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll
2018-12-21 12:50:59.274   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll
2018-12-21 12:50:59.275   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ArwControllerImpl.dll
2018-12-21 12:50:59.275   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
2018-12-21 12:50:59.276   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
2018-12-21 12:50:59.507   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_bg.qm
2018-12-21 12:50:59.507   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sk.qm
2018-12-21 12:50:59.507   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sl.qm
2018-12-21 12:50:59.507   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_hr.qm
2018-12-21 12:50:59.508   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ro.qm
2018-12-21 12:50:59.508   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ko.qm
2018-12-21 12:50:59.508   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_zh_TW.qm
2018-12-21 12:50:59.523   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_cs.qm
2018-12-21 12:50:59.523   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_hu.qm
2018-12-21 12:50:59.524   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ja.qm
2018-12-21 12:50:59.524   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_fi.qm
2018-12-21 12:50:59.524   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_no.qm
2018-12-21 12:50:59.525   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_da.qm
2018-12-21 12:50:59.529   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_sv.qm
2018-12-21 12:50:59.529   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_es.qm
2018-12-21 12:50:59.530   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_ru.qm
2018-12-21 12:50:59.530   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pt_PT.qm
2018-12-21 12:50:59.530   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pt_BR.qm
2018-12-21 12:50:59.531   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_pl.qm
2018-12-21 12:50:59.531   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_nl.qm
2018-12-21 12:50:59.531   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_it.qm
2018-12-21 12:50:59.534   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_fr.qm
2018-12-21 12:50:59.534   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_de.qm
2018-12-21 12:50:59.535   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_en_US.qm
2018-12-21 12:50:59.535   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Languages\lang_en_GB.qm
2018-12-21 12:50:59.536   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Languages
2018-12-21 12:50:59.539   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ucrtbase.dll
2018-12-21 12:50:59.539   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-utility-l1-1-0.dll
2018-12-21 12:50:59.540   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-time-l1-1-0.dll
2018-12-21 12:50:59.540   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-string-l1-1-0.dll
2018-12-21 12:50:59.540   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-stdio-l1-1-0.dll
2018-12-21 12:50:59.540   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-runtime-l1-1-0.dll
2018-12-21 12:50:59.541   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-process-l1-1-0.dll
2018-12-21 12:50:59.541   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-private-l1-1-0.dll
2018-12-21 12:50:59.541   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-multibyte-l1-1-0.dll
2018-12-21 12:50:59.541   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-math-l1-1-0.dll
2018-12-21 12:50:59.542   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-locale-l1-1-0.dll
2018-12-21 12:50:59.542   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-heap-l1-1-0.dll
2018-12-21 12:50:59.542   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-filesystem-l1-1-0.dll
2018-12-21 12:50:59.542   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-environment-l1-1-0.dll
2018-12-21 12:50:59.543   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-convert-l1-1-0.dll
2018-12-21 12:50:59.543   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-conio-l1-1-0.dll
2018-12-21 12:50:59.543   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\API-MS-Win-core-xstate-l2-1-0.dll
2018-12-21 12:50:59.544   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-util-l1-1-0.dll
2018-12-21 12:50:59.544   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-timezone-l1-1-0.dll
2018-12-21 12:50:59.544   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-21 12:50:59.545   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-synch-l1-2-0.dll
2018-12-21 12:50:59.545   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-synch-l1-1-0.dll
2018-12-21 12:50:59.545   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-string-l1-1-0.dll
2018-12-21 12:50:59.546   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-21 12:50:59.547   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-profile-l1-1-0.dll
2018-12-21 12:50:59.547   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-processthreads-l1-1-1.dll
2018-12-21 12:50:59.548   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-21 12:50:59.548   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-21 12:50:59.548   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-21 12:50:59.549   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-memory-l1-1-0.dll
2018-12-21 12:50:59.549   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-localization-l1-2-0.dll
2018-12-21 12:50:59.549   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-21 12:50:59.550   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-21 12:50:59.550   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-heap-l1-1-0.dll
2018-12-21 12:50:59.551   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-handle-l1-1-0.dll
2018-12-21 12:50:59.551   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-file-l2-1-0.dll
2018-12-21 12:50:59.551   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-file-l1-2-0.dll
2018-12-21 12:50:59.551   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-file-l1-1-0.dll
2018-12-21 12:50:59.552   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-21 12:50:59.554   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-debug-l1-1-0.dll
2018-12-21 12:50:59.554   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-datetime-l1-1-0.dll
2018-12-21 12:50:59.555   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-console-l1-1-0.dll
2018-12-21 12:50:59.555   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\vcruntime140.dll
2018-12-21 12:50:59.555   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\msvcp140.dll
2018-12-21 12:50:59.556   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2018-12-21 12:50:59.556   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qmldir
2018-12-21 12:50:59.557   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\plugins.qmltypes
2018-12-21 12:50:59.557   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2
2018-12-21 12:50:59.557   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2018-12-21 12:50:59.558   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\qmldir
2018-12-21 12:50:59.559   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\plugins.qmltypes
2018-12-21 12:50:59.559   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2
2018-12-21 12:50:59.559   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-12-21 12:50:59.560   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\qmldir
2018-12-21 12:50:59.560   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\plugins.qmltypes
2018-12-21 12:50:59.560   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets
2018-12-21 12:50:59.582   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-12-21 12:50:59.582   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qmldir
2018-12-21 12:50:59.583   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\plugins.qmltypes
2018-12-21 12:50:59.583   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts
2018-12-21 12:50:59.642   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\qmldir
2018-12-21 12:50:59.643   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\icons.ttf
2018-12-21 12:50:59.644   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\IconGlyph.qml
2018-12-21 12:50:59.644   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\IconButtonStyle.qml
2018-12-21 12:50:59.644   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\DefaultWindowDecoration.qml
2018-12-21 12:50:59.644   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\ColorSlider.qml
2018-12-21 12:50:59.645   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml
2018-12-21 12:50:59.645   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\qmldir
2018-12-21 12:50:59.645   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\plugins.qmltypes
2018-12-21 12:50:59.645   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
2018-12-21 12:50:59.648   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private
2018-12-21 12:50:59.659   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\window_border.png
2018-12-21 12:50:59.659   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\warning.png
2018-12-21 12:50:59.660   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\sunken_frame.png
2018-12-21 12:50:59.660   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\slider_handle.png
2018-12-21 12:50:59.661   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\question.png
2018-12-21 12:50:59.661   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\information.png
2018-12-21 12:50:59.662   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\crosshairs.png
2018-12-21 12:50:59.662   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\critical.png
2018-12-21 12:50:59.663   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\copy.png
2018-12-21 12:50:59.663   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\checkmark.png
2018-12-21 12:50:59.663   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\checkers.png
2018-12-21 12:50:59.663   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images
2018-12-21 12:50:59.664   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\WidgetMessageDialog.qml
2018-12-21 12:50:59.665   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\WidgetFontDialog.qml
2018-12-21 12:50:59.665   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\WidgetFileDialog.qml
2018-12-21 12:50:59.665   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\WidgetColorDialog.qml
2018-12-21 12:50:59.666   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qmldir
2018-12-21 12:50:59.666   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\plugins.qmltypes
2018-12-21 12:50:59.666   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2018-12-21 12:50:59.667   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\DefaultMessageDialog.qml
2018-12-21 12:50:59.667   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\DefaultFontDialog.qml
2018-12-21 12:50:59.669   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\DefaultFileDialog.qml
2018-12-21 12:50:59.670   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\DefaultDialogWrapper.qml
2018-12-21 12:50:59.670   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\DefaultColorDialog.qml
2018-12-21 12:50:59.670   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs
2018-12-21 12:50:59.711   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll
2018-12-21 12:50:59.712   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat\qmldir
2018-12-21 12:50:59.712   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Flat
2018-12-21 12:50:59.712   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles
2018-12-21 12:50:59.713   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-12-21 12:50:59.713   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qmldir
2018-12-21 12:50:59.714   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\plugins.qmltypes
2018-12-21 12:50:59.714   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls
2018-12-21 12:50:59.714   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQuick
2018-12-21 12:50:59.715   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\qmldir
2018-12-21 12:50:59.716   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\plugins.qmltypes
2018-12-21 12:50:59.716   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2018-12-21 12:50:59.716   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2
2018-12-21 12:50:59.716   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtQml
2018-12-21 12:50:59.716   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll
2018-12-21 12:50:59.717   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmldir
2018-12-21 12:50:59.717   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\plugins.qmltypes
2018-12-21 12:50:59.717   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings
2018-12-21 12:50:59.717   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2018-12-21 12:50:59.717   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmldir
2018-12-21 12:50:59.718   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\plugins.qmltypes
2018-12-21 12:50:59.718   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel
2018-12-21 12:50:59.721   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs
2018-12-21 12:50:59.721   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\Qt
2018-12-21 12:50:59.721   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2018-12-21 12:50:59.721   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\styles
2018-12-21 12:50:59.722   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\qsgd3d12backend.dll
2018-12-21 12:50:59.722   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\scenegraph
2018-12-21 12:50:59.722   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-12-21 12:50:59.722   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\platforms
2018-12-21 12:50:59.722   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-12-21 12:50:59.723   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2018-12-21 12:50:59.723   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\imageformats
2018-12-21 12:50:59.723   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2018-12-21 12:50:59.723   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\iconengines
2018-12-21 12:50:59.723   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
2018-12-21 12:50:59.723   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qmldir
2018-12-21 12:50:59.724   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\plugins.qmltypes
2018-12-21 12:50:59.724   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras
2018-12-21 12:50:59.724   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-12-21 12:50:59.724   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-12-21 12:50:59.725   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2018-12-21 12:50:59.725   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-12-21 12:50:59.725   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-12-21 12:50:59.726   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-12-21 12:50:59.726   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-12-21 12:50:59.727   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-12-21 12:50:59.728   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbcut.dll
2018-12-21 12:50:59.729   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbshlext_proto
2018-12-21 12:50:59.729   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbamwow.exe
2018-12-21 12:50:59.729   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
2018-12-21 12:50:59.730   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
2018-12-21 12:50:59.730   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
2018-12-21 12:50:59.731   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
2018-12-21 12:50:59.733   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\suhlpr.dll
2018-12-21 12:50:59.735   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\changes.txt
2018-12-21 12:50:59.736   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\config
2018-12-21 12:50:59.736   Failed to delete directory (145). Will retry later.
2018-12-21 12:50:59.736   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\logs
2018-12-21 12:50:59.736   Failed to delete directory (145). Will retry later.
2018-12-21 12:50:59.736   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService
2018-12-21 12:50:59.736   Failed to delete directory (145). Will retry later.
2018-12-21 12:50:59.736   Deleting directory: C:\ProgramData\Malwarebytes
2018-12-21 12:50:59.736   Failed to delete directory (145). Will retry later.
2018-12-21 12:50:59.736   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware
2018-12-21 12:50:59.736   Failed to delete directory (145). Will retry later.
2018-12-21 12:50:59.736   Deleting directory: C:\Program Files\Malwarebytes
2018-12-21 12:50:59.736   Failed to delete directory (145). Will retry later.
2018-12-21 12:50:59.736   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\AeDetections
2018-12-21 12:50:59.737   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\ARW\ARWFI.dat
2018-12-21 12:50:59.737   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ARW
2018-12-21 12:50:59.737   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ArwDetections
2018-12-21 12:50:59.737   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\clean.mbdb
2018-12-21 12:50:59.738   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
2018-12-21 12:50:59.738   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json.bak
2018-12-21 12:50:59.738   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
2018-12-21 12:50:59.739   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json.bak
2018-12-21 12:50:59.739   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
2018-12-21 12:50:59.739   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json.bak
2018-12-21 12:50:59.739   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
2018-12-21 12:50:59.740   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak
2018-12-21 12:50:59.740   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
2018-12-21 12:50:59.740   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json.bak
2018-12-21 12:50:59.740   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
2018-12-21 12:50:59.741   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
2018-12-21 12:50:59.741   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json.bak
2018-12-21 12:50:59.741   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
2018-12-21 12:50:59.741   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json.bak
2018-12-21 12:50:59.742   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
2018-12-21 12:50:59.742   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json.bak
2018-12-21 12:50:59.742   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
2018-12-21 12:50:59.742   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json.bak
2018-12-21 12:50:59.742   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
2018-12-21 12:50:59.742   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json.bak
2018-12-21 12:50:59.743   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
2018-12-21 12:50:59.743   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
2018-12-21 12:50:59.743   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
2018-12-21 12:50:59.743   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
2018-12-21 12:50:59.743   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
2018-12-21 12:50:59.744   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\config
2018-12-21 12:50:59.746   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ctlrpkg
2018-12-21 12:50:59.747   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\staging\Actions.dll
2018-12-21 12:50:59.747   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\staging\BrowserSDKDLL.dll
2018-12-21 12:50:59.748   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\staging\MBAMCore.dll
2018-12-21 12:50:59.748   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\staging
2018-12-21 12:50:59.815   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate
2018-12-21 12:50:59.815   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbmanifest.dat
2018-12-21 12:50:59.815   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbmanifest2.dat
2018-12-21 12:50:59.816   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dbupdate.log
2018-12-21 12:50:59.816   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\dynconfig.dat
2018-12-21 12:50:59.816   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\exclusions.txt
2018-12-21 12:50:59.816   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\HubbleCache
2018-12-21 12:50:59.816   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\lkg_db
2018-12-21 12:50:59.817   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log
2018-12-21 12:50:59.817   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-protector.xpe
2018-12-21 12:50:59.817   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG
2018-12-21 12:50:59.817   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\logs
2018-12-21 12:50:59.818   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\mbdigsig.dat
2018-12-21 12:50:59.821   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\mbdigsig2.dat
2018-12-21 12:50:59.821   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections
2018-12-21 12:50:59.821   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\prot.mbdb
2018-12-21 12:50:59.821   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0dd6f700-0548-11e9-81fe-0022686a6c65.data
2018-12-21 12:50:59.822   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\0dd6f700-0548-11e9-81fe-0022686a6c65.quar
2018-12-21 12:50:59.822   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\2c4f734a-0414-11e9-9d2c-0022686a6c65.data
2018-12-21 12:50:59.822   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\2c4f734a-0414-11e9-9d2c-0022686a6c65.quar
2018-12-21 12:50:59.823   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\2c912abe-0410-11e9-86d4-0022686a6c65.data
2018-12-21 12:50:59.823   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\2c912abe-0410-11e9-86d4-0022686a6c65.quar
2018-12-21 12:50:59.824   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\32fcfd84-0414-11e9-8851-0022686a6c65.data
2018-12-21 12:50:59.824   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\32fcfd84-0414-11e9-8851-0022686a6c65.quar
2018-12-21 12:50:59.857   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\3df4285c-0414-11e9-9ae9-0022686a6c65.data
2018-12-21 12:50:59.857   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\3df4285c-0414-11e9-9ae9-0022686a6c65.quar
2018-12-21 12:50:59.858   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\40c5bc0c-0410-11e9-9c02-0022686a6c65.data
2018-12-21 12:50:59.859   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\40c5bc0c-0410-11e9-9c02-0022686a6c65.quar
2018-12-21 12:50:59.859   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\40fece3f-0410-11e9-a406-0022686a6c65.data
2018-12-21 12:50:59.859   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\40fece3f-0410-11e9-a406-0022686a6c65.quar
2018-12-21 12:50:59.859   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\412c2078-0410-11e9-b265-0022686a6c65.data
2018-12-21 12:50:59.860   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\412c2078-0410-11e9-b265-0022686a6c65.quar
2018-12-21 12:50:59.860   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\41496ce6-0410-11e9-8ca9-0022686a6c65.data
2018-12-21 12:50:59.860   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\414cc850-0410-11e9-a7d4-0022686a6c65.data
2018-12-21 12:50:59.860   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\414cc850-0410-11e9-a7d4-0022686a6c65.quar
2018-12-21 12:50:59.865   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6117fb1e-0410-11e9-95f0-0022686a6c65.data
2018-12-21 12:50:59.866   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6117fb1e-0410-11e9-95f0-0022686a6c65.quar
2018-12-21 12:50:59.866   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\679affbe-0414-11e9-aabc-0022686a6c65.data
2018-12-21 12:50:59.866   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\679affbe-0414-11e9-aabc-0022686a6c65.quar
2018-12-21 12:50:59.867   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6852370a-0410-11e9-8d54-0022686a6c65.data
2018-12-21 12:50:59.867   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6852370a-0410-11e9-8d54-0022686a6c65.quar
2018-12-21 12:50:59.868   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6a625a16-0410-11e9-aef6-0022686a6c65.data
2018-12-21 12:50:59.868   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6a625a16-0410-11e9-aef6-0022686a6c65.quar
2018-12-21 12:50:59.869   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6aa382b6-0410-11e9-9a82-0022686a6c65.data
2018-12-21 12:50:59.869   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6aa382b6-0410-11e9-9a82-0022686a6c65.quar
2018-12-21 12:50:59.870   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6d5a9698-0410-11e9-9979-0022686a6c65.data
2018-12-21 12:50:59.870   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6d5a9698-0410-11e9-9979-0022686a6c65.quar
2018-12-21 12:50:59.871   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6df99806-0410-11e9-9e3b-0022686a6c65.data
2018-12-21 12:50:59.871   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6df99806-0410-11e9-9e3b-0022686a6c65.quar
2018-12-21 12:50:59.871   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6f9cec58-04a6-11e9-9717-0022686a6c65.data
2018-12-21 12:50:59.871   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\6f9cec58-04a6-11e9-9717-0022686a6c65.quar
2018-12-21 12:50:59.889   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\798dc6ec-04a6-11e9-ab7f-0022686a6c65.data
2018-12-21 12:50:59.889   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\798dc6ec-04a6-11e9-ab7f-0022686a6c65.quar
2018-12-21 12:50:59.890   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7cd5faea-0410-11e9-bfdf-0022686a6c65.data
2018-12-21 12:50:59.890   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\Quarantine\7cd5faea-0410-11e9-bfdf-0022686a6c65.quar
2018-12-21 12:50:59.903   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\Quarantine
2018-12-21 12:50:59.903   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\rdefs.mbdb
2018-12-21 12:50:59.904   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\RtpDetections
2018-12-21 12:50:59.904   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\rules.mbdb
2018-12-21 12:50:59.908   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\scan.mbdb
2018-12-21 12:50:59.908   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\ScanResults\287ed4fe-0414-11e9-99d0-0022686a6c65.json
2018-12-21 12:50:59.909   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\ScanResults\2a210bfa-0410-11e9-ba45-0022686a6c65.json
2018-12-21 12:50:59.909   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\ScanResults\42349216-04a6-11e9-8079-0022686a6c65.json
2018-12-21 12:50:59.910   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\ScanResults\b496bf86-0547-11e9-b0f4-0022686a6c65.json
2018-12-21 12:50:59.910   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\ScanResults
2018-12-21 12:50:59.911   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\tids.mbdb
2018-12-21 12:50:59.912   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService\tmp
2018-12-21 12:50:59.912   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\wprot.mbdb
2018-12-21 12:50:59.921   Deleting file: C:\ProgramData\Malwarebytes\MBAMService\wprot2.mbdb
2018-12-21 12:50:59.923   Deleting directory: C:\ProgramData\Malwarebytes\MBAMService
2018-12-21 12:50:59.933   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
2018-12-21 12:50:59.934   Deleting file: C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak
2018-12-21 12:50:59.934   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware\IrisPlugins
2018-12-21 12:50:59.935   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware
2018-12-21 12:50:59.935   Failed to delete directory (145). Will retry later.
2018-12-21 12:50:59.935   Deleting Uninstall data files.
2018-12-21 12:51:00.544   Deleting directory: C:\ProgramData\Malwarebytes
2018-12-21 12:51:00.544   Deleting directory: C:\Program Files\Malwarebytes\Anti-Malware
2018-12-21 12:51:00.545   Deleting directory: C:\Program Files\Malwarebytes
2018-12-21 12:51:00.575   Uninstallation process succeeded.
2018-12-21 12:51:00.575   Removed all? Yes
2018-12-21 12:51:00.575   Need to restart Windows? No
2018-12-21 12:51:00.590   Log closed.
2018-12-21 12:51:04.805   --------END OF LOG FILE ----------

ahora los resultados de MB-AR o anti-rootkit:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.520000 GHz
Memory total: 2950881280, free: 1696690176

Downloaded database version: v2018.12.21.05
Downloaded database version: v2018.12.21.05
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/21/2018 12:56:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\AmUStor.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\2567936B.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2018.12.21.05
  rootkit: v2018.12.21.05

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80030ae4f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80030af040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80030ae4f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002f8c520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002f73060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C12ACD25

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 277417984
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 277421760  Numsec = 210969360
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80030af700, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80030b0040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80030af700, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002f6d520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002f89680, DeviceName: \Device\Ide\IdeDeviceP1T1L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BD2C32A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 312494080
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 160000000000 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8003360690, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8002c377a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003360690, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003ddc050, DeviceName: \Device\0000006b\, DriverName: \Driver\AmUStor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8003dce060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003364890, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003dce060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80041dd050, DeviceName: \Device\0000006c\, DriverName: \Driver\AmUStor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80033c4060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80033c4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80033c4060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045ee050, DeviceName: \Device\0000006d\, DriverName: \Driver\AmUStor\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa80033c5060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80033c5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80033c5060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80049ef050, DeviceName: \Device\0000006e\, DriverName: \Driver\AmUStor\
------------ End ----------
Infected: HKU\S-1-5-21-446505234-209791776-530350210-1000\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} --> [Trojan.Agent]
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D8FC1F7AF71A43B09D8C294CDBD3FB5FBE43E871.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D8FC1F7AF71A43B09D8C294CDBD3FB5FBE43E871.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D8FC1F7AF71A43B09D8C294CDBD3FB5FBE43E871.bin.83" is compressed (flags = 1)
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Explorer --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

y una pequeña pregunta, la infeccion era la causante de la lentiitud y el uso exesivo de mi ram?. espero tu respuesta, adiooos.

#23

Hola @Santiago_Penaranda:

MbAr deja dos reportes en el escritorio:

Mbar-log.txt y System-log.txt, revisa si tienes el otro.

Salu2.