Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-04-2019
Ran by Familia (03-05-2019 23:14:39)
Running from C:\Users\Familia\Downloads
Microsoft Windows 10 Pro Version 1809 17763.437 (X86) (2019-04-18 13:45:08)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1752543460-1099992655-1078261646-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1752543460-1099992655-1078261646-503 - Limited - Disabled)
Familia (S-1-5-21-1752543460-1099992655-1078261646-1001 - Administrator - Enabled) => C:\Users\Familia
Invitado (S-1-5-21-1752543460-1099992655-1078261646-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1752543460-1099992655-1078261646-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
ATI Catalyst Install Manager (HKLM\...\{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
ccc-core-static (HKLM\...\{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}) (Version: 2010.0210.2339.42455 - Nombre de su organización) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x86 es-ES) (HKLM\...\Mozilla Firefox 66.0.3 (x86 es-ES)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
Opera Stable 60.0.3255.70 (HKU\S-1-5-21-1752543460-1099992655-1078261646-1001\...\Opera 60.0.3255.70) (Version: 60.0.3255.70 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Skins (HKLM\...\{B04D5DA5-11DA-830C-85C6-0FF9185787E7}) (Version: 2010.0210.2339.42455 - ATI) Hidden
UsbFix Anti-Malware Premium (HKLM\...\Usbfix) (Version: 11.0.1.4 - SOSVirus (SOSVirus.Net))
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 9.0.24.49 - Webroot)
Zemana AntiMalware versión 3.1.66 (HKLM\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.66 - Zemana)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Familia\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Familia\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Familia\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-1752543460-1099992655-1078261646-1001_Classes\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\localserver32 -> C:\Users\Familia\AppData\Local\Programs\Opera\60.0.3255.70\notification_helper.exe (Opera Software AS -> The Chromium Authors)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-05-03] (Webroot Inc. -> Webroot)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-02-11] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-05-03] (Webroot Inc. -> Webroot)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-1752543460-1099992655-1078261646-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1752543460-1099992655-1078261646-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 01:08 - 2018-09-15 01:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1752543460-1099992655-1078261646-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
HKLM\...\StartupApproved\Run: => "StartCCC"
HKU\S-1-5-21-1752543460-1099992655-1078261646-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{73BF1A92-AEEA-493C-98BB-AB5F48F32ED2}] => (Allow) C:\Windows\KMS-R@1n.exe No File
FirewallRules: [{478C5FF4-907B-44CE-B30C-C4FE93B70F73}] => (Allow) C:\Windows\KMS-R@1n.exe No File
FirewallRules: [{70338860-8D6B-48B5-9177-24BC45DF3EF4}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [{90AB4E0A-F1E0-4C84-8257-E4FB245F5CB2}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{0DB1CE24-DDD0-4328-B290-4A55A1DAFF3C}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{27976C82-A46C-4A62-9B45-8E72365607E4}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{C7302490-8092-4A35-9CC6-06F23A32F6FC}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{DB6EB6F6-AACD-46C6-A00F-C2C2E316462B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{15022C63-4ED4-4E62-8556-F25C4033C493}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8FA2C789-9FD1-41E9-B944-A30951F9D6B7}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{A65ED078-3188-429D-A744-D2CEB0DFB038}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [TCP Query User{05A81DC0-42A7-47C2-BD72-211E56C63F9B}C:\program files\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files\youwave android\vb\vboxsdl.exe No File
FirewallRules: [UDP Query User{A99CEAED-6F3A-43D0-A6CA-8C3CBD2A3B63}C:\program files\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files\youwave android\vb\vboxsdl.exe No File
FirewallRules: [{EFE9DB85-CB5B-4B4A-9D78-C64995A8589E}] => (Allow) D:\Program Files\Nox\bin\Nox.exe No File
FirewallRules: [{A634F0F7-6187-462F-9E7D-C9983827FFF7}] => (Allow) C:\Program Files\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe No File

==================== Restore Points =========================

18-04-2019 10:09:06 Inicio
19-04-2019 12:04:29 Instalador de Módulos de Windows
28-04-2019 13:49:54 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2019 07:23:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Los Servicios de cifrado no pudieron inicializar el objeto "System Writer" de la copia de seguridad de VSS.

Details:
Could not query the status of the EventSystem service.

System Error:
Se está cerrando el sistema.
.

Error: (05/03/2019 06:20:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (05/03/2019 06:16:23 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (05/03/2019 06:16:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/03/2019 06:15:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/03/2019 04:08:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa ZHPCleaner.exe (versión 2019.5.2.59) dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible sobre el problema, comprueba el historial de problemas en el panel de control de seguridad y mantenimiento.

Id. de proceso: c10

Hora de Inicio: 01d501e8a5845e02

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Users\Familia\AppData\Local\Microsoft\Windows\INetCache\IE\LX1FR9A2\ZHPCleaner.exe

Id. de informe: 0ea1081d-bf20-4210-86a8-3223e10e6b8f

Nombre completo del paquete con errores: 

Id. de la aplicación relativa al paquete con errores: 

Tipo de bloqueo: Top level window is idle

Error: (05/03/2019 01:22:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (05/03/2019 01:21:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.


System errors:
=============
Error: (05/03/2019 11:15:59 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-A3HBPL2)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2019 11:15:51 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "No disponible" para ejecutar el servidor:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/03/2019 11:14:39 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-A3HBPL2)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2019 11:14:03 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-A3HBPL2)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2019 11:13:17 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-A3HBPL2)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2019 11:13:08 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-A3HBPL2)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2019 11:13:01 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-A3HBPL2)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/03/2019 11:12:46 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-A3HBPL2)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
===================================
Date: 2019-04-19 19:28:50.245
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {534FC7BC-AA3B-40FC-BB0B-3ED8904477FB}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-19 19:07:59.373
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F93FE14D-A480-4FCB-9C7E-CAEF3F397FCE}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-04-18 10:47:49.608
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\KMS-R@1nHook.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\NETWORK SERVICE
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.273.933.0, AS: 1.273.933.0, NIS: 1.273.933.0
Versión de motor: AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2019-04-18 10:47:46.948
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\KMS-R@1nHook.exe; imagefileexecoptions:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSppSvc.exe; imagefileexecoptions:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OSppSvc.exe; regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\NETWORK SERVICE
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.273.933.0, AS: 1.273.933.0, NIS: 1.273.933.0
Versión de motor: AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2019-04-18 10:47:27.416
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\KMS-R@1nHook.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\NETWORK SERVICE
Nombre de proceso: C:\Windows\System32\svchost.exe
Versión de firma: AV: 1.273.933.0, AS: 1.273.933.0, NIS: 1.273.933.0
Versión de motor: AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2019-04-18 10:39:13.397
Description: 
Antivirus de Windows Defender encontró un error al intentar restaurar un elemento de la cuarentena.
Para obtener más información, consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill!rfn&threatid=2147692452&enterprise=0
Nombre: HackTool:Win32/Wpakill!rfn
Id.: 2147692452
Gravedad: Alta
Categoría: Herramienta
Usuario: DESKTOP-A3HBPL2\Familia
Código de error: 0x80508014
Descripción del error: No se puede restaurar el elemento en cuarentena. 
Versión de firma: AV: 1.273.933.0, AS: 1.273.933.0
Versión de motor: 1.1.15100.1

Date: 2019-04-18 10:39:02.441
Description: 
Antivirus de Windows Defender encontró un error al intentar restaurar un elemento de la cuarentena.
Para obtener más información, consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Wpakill!rfn&threatid=2147692452&enterprise=0
Nombre: HackTool:Win32/Wpakill!rfn
Id.: 2147692452
Gravedad: Alta
Categoría: Herramienta
Usuario: DESKTOP-A3HBPL2\Familia
Código de error: 0x80508014
Descripción del error: No se puede restaurar el elemento en cuarentena. 
Versión de firma: AV: 1.273.933.0, AS: 1.273.933.0
Versión de motor: 1.1.15100.1

CodeIntegrity:
===================================

Date: 2019-05-02 13:11:05.133
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2019-04-20 21:09:54.315
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\atiumdag.dll that did not meet the Store signing level requirements.

Date: 2019-04-20 21:09:54.277
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\atiumdag.dll that did not meet the Store signing level requirements.

Date: 2019-04-20 21:09:54.239
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\atiumdag.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 14:34:46.532
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\atiumdag.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 14:34:46.443
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\atiumdag.dll that did not meet the Store signing level requirements.

Date: 2019-04-19 14:34:46.386
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\atiumdag.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. V5.2 05/10/2007
Motherboard: Micro-Star MS-7255 V2.0
Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 2046.43 MB
Available physical RAM: 1102.09 MB
Total Virtual: 3902.43 MB
Available Virtual: 3138.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.91 GB) (Free:28.88 GB) NTFS
Drive d: (MULTIVAC) (Fixed) (Total:90.14 GB) (Free:20.27 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: F16ECFC1)
Partition 1: (Not Active) - (Size=58.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=90.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================