hola, ya termine con los escaneos, a continuacion sus resultados
resultados de FSS.EXE:
Farbar Service Scanner Version: 27-01-2016
Ran by santiago (administrator) on 19-12-2018 at 23:36:16
Running from "C:\Users\santiago\Desktop"
Microsoft Windows 7 Enterprise (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
resultados de malwarebytes:
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 19/12/18
Hora del análisis: 23:31
Archivo de registro: 2a210bfa-0410-11e9-ba45-0022686a6c65.json
-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.8401
Licencia: Prueba
-Información del sistema-
SO: Windows 7
CPU: x64
Sistema de archivos: NTFS
Usuario: santiago-PC\santiago
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 212190
Amenazas detectadas: 21
Amenazas en cuarentena: 17
Tiempo transcurrido: 2 min, 40 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 2
Backdoor.Bot, C:\WINDOWS\SYSTEM\EXPLORER.EXE, En cuarentena, [866], [207664],1.0.8401
Trojan.Agent, C:\WINDOWS\SYSTEM\SVCHOST.EXE, En cuarentena, [407], [196488],1.0.8401
Módulo: 2
Backdoor.Bot, C:\WINDOWS\SYSTEM\EXPLORER.EXE, En cuarentena, [866], [207664],1.0.8401
Trojan.Agent, C:\WINDOWS\SYSTEM\SVCHOST.EXE, En cuarentena, [407], [196488],1.0.8401
Clave del registro: 2
Trojan.Gosys, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}, Sin acciones por parte del usuario, [4132], [199097],1.0.8401
Trojan.Gosys, HKU\S-1-5-21-446505234-209791776-530350210-1000\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}, Se eliminará al reiniciar, [4132], [199097],1.0.8401
Valor del registro: 2
Backdoor.Bot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Explorer, Sin acciones por parte del usuario, [866], [207664],1.0.8401
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SVCHOST, Se eliminará al reiniciar, [407], [196488],1.0.8401
Datos del registro: 1
Backdoor.Bot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, Sin acciones por parte del usuario, [866], [207664],1.0.8401
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 12
Backdoor.Bot, C:\WINDOWS\SYSTEM\EXPLORER.EXE, Se eliminará al reiniciar, [866], [207664],1.0.8401
Trojan.Gosys, C:\USERS\SANTIAGO\APPDATA\ROAMING\MRSYS.EXE, Se eliminará al reiniciar, [4132], [199097],1.0.8401
RiskWare.HeuristicsReservedWordExploit, C:\WINDOWS\SYSTEM\SPOOLSV.EXE, Se eliminará al reiniciar, [5724], [293552],1.0.8401
Trojan.Agent, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Se eliminará al reiniciar, [407], [196488],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\DOWNLOADS\VC_REDIST.X64 (1).EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\DOWNLOADS\CCSETUP551.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\DOWNLOADS\ADWCLEANER_7.2.5.0.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\DOWNLOADS\DOLPHIN-X64-5.0.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\APPDATA\LOCAL\STSYS.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\APPDATA\LOCAL\ICSYS.ICN.EXE, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, C:\USERS\SANTIAGO\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\MWow64 - Acceso directo.lnk, Se eliminará al reiniciar, [5753], [355551],1.0.8401
Backdoor.Agent.Generic, D:\WOW\7.1.5 RUN&PLAY\MWOW64.EXE, Sin acciones por parte del usuario, [5753], [355551],1.0.8401
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
espero que sea de ayuda.