Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 26-07-2020 Ejecutado por administrador (administrador) sobre TERMINAL (VMware, Inc. VMware Virtual Platform) (27-07-2020 09:30:24) Ejecutado desde C:\TEC\ANTIVIRUS\spyforo Perfiles cargados: enzo.prieto & nicolas.castro & administrador Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) Idioma: Español (España, internacional) Internet Explorer Versión 11 (Navegador predeterminado: FF) Modo de Inicio: Normal Tutorial para Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesos (Lista blanca) ================= (Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.) () [Archivo no firmado] C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamtray.exe <3> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE <2> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe <3> (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe <3> (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <12> (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <3> (Software America S.A.) [Archivo no firmado] [El archivo está en uso] \\server01\AMERICA\Stock\Stock.exe (Software América S.A.) [Archivo no firmado] [El archivo está en uso] \\server01\America\Visualizador\Visualizador.exe (Software América S.A.) [Archivo no firmado] C:\Users\Public\Desktop\ACCESONET\Accesos.exe <2> (Software America) [Archivo no firmado] [El archivo está en uso] \\server01\America\VENTAS\VENTAS.EXE <2> (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe <3> (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe <3> (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe <3> (VMware, Inc. -> VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (VMware, Inc.) [Archivo no firmado] C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe ==================== Registro (Lista blanca) =================== (Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.) HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [83944 2017-09-14] (VMware, Inc. -> VMware, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation) HKLM\...\Policies\Explorer: [ShowSuperHidden] 1 HKLM\...\Windows x64\Print Processors\tpwinprn: C:\Windows\System32\spool\prtprocs\x64\TPWinPrn.dll [994032 2017-09-14] (ThinPrint GmbH -> ThinPrint GmbH) HKLM\...\Print\Monitors\CutePDF Writer Monitor v3.2: C:\Windows\system32\cpwmon64_v32.dll [90096 2017-05-26] (Acro Software Inc -> ) HKLM\...\Print\Monitors\ThinPrint Print Port Monitor for VMWare: C:\Windows\system32\TPVMMon.dll [2412560 2017-09-14] (Cortado AG -> ThinPrint GmbH) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2018-09-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\System32\iesetup.dll [2018-09-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\SysWOW64\iesetup.dll [2018-09-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> C:\Windows\SysWOW64\iesetup.dll [2018-09-12] (Microsoft Windows -> Microsoft Corporation) Lsa: [Notification Packages] scecli rassfm AlternateShell: ==================== Tareas programadas (Lista blanca) ============ (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [152064 2009-07-13] (Microsoft Windows -> Microsoft Corporation) Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [252416 2010-11-21] (Microsoft Windows -> Microsoft Corporation) Task: {6A7AFCB3-1DF7-40B4-8E8F-E5A9A0A7ED05} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.) Task: {75829346-81E5-4491-A32B-48D911ECE5AE} - System32\Tasks\Reinicio servidor => C:\Windows\System32\shutdown.exe [34304 2009-07-13] (Microsoft Windows -> Microsoft Corporation) Task: {7AC32A55-5BE7-4EBA-876D-287A6791F4BA} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [48128 2018-08-13] (Microsoft Windows -> Microsoft Corporation) Task: {8AF1207C-5A15-47FB-8B7B-9D57FE8601F5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [39424 2010-11-21] (Microsoft Windows -> Microsoft Corporation) Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [252416 2010-11-21] (Microsoft Windows -> Microsoft Corporation) (Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.) ==================== Internet (Lista blanca) ==================== (Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.) Tcpip\..\Interfaces\{52B473D1-FDAF-40C7-84BA-2B5D166A1323}: [NameServer] 192.168.105.6,192.168.105.1 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.105.1,-1] Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3085492447-3805188665-1496049133-1127\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp HKU\S-1-5-21-3085492447-3805188665-1496049133-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-07-20] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-07-20] (Oracle America, Inc. -> Oracle Corporation) FireFox: ======== FF DefaultProfile: tmet2lu5.default-1525975227299 FF ProfilePath: C:\Users\administrador.MACAFRAN\AppData\Roaming\Mozilla\Firefox\Profiles\tmet2lu5.default-1525975227299 [2020-07-27] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_314.dll [2020-01-14] (Adobe Inc. -> ) FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-07-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-07-20] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_314.dll [2020-01-14] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-12-21] (Adobe Systems, Inc.) [Archivo no firmado] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.) ==================== Servicios (Lista blanca) =================== (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-13] (Microsoft Windows -> Microsoft Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-13] (Microsoft Windows -> Microsoft Corporation) S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-13] (Microsoft Windows -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13105680 2020-07-02] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 TermServLicensing; C:\Windows\System32\lserver.dll [694784 2010-11-21] (Microsoft Windows -> Microsoft Corporation) S3 TPAutoConnSvc; C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe [3186976 2017-09-14] (Cortado AG -> ThinPrint GmbH) S3 TPVCGateway; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2498744 2017-09-14] (Cortado AG -> Cortado AG) R2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [163840 2017-09-14] (VMware, Inc.) [Archivo no firmado] R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [540136 2017-09-14] (VMware, Inc. -> VMware, Inc.) S3 VMwareCAFCommAmqpListener; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe [67584 2017-09-14] () [Archivo no firmado] R2 VMwareCAFManagementAgentHost; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe [60928 2017-09-14] () [Archivo no firmado] S4 7396101; %SystemRoot%\7396101.exe [X] S2 87815989; %SystemRoot%\87815989.exe [X] ===================== Controladores (Lista blanca) =================== (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Microsoft Windows -> Intel Corporation) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2020-07-27] (Malwarebytes Corporation -> Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) R1 MpKslDrv; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB9B0C37-927F-475A-A40F-67989CD47794}\MpKslDrv.sys [43232 2020-07-27] (Microsoft Windows -> Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-13] (Microsoft Windows -> Microsoft Corporation) U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [67480 2017-08-23] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R2 VMMemCtl; C:\Windows\System32\DRIVERS\vmmemctl.sys [42456 2017-09-14] (VMware, Inc. -> VMware, Inc.) R1 vmrawdsk; C:\Windows\System32\DRIVERS\vmrawdsk.sys [73792 2017-09-14] (VMware, Inc. -> VMware, Inc.) R3 vmusbmouse; C:\Windows\System32\DRIVERS\vmusbmouse.sys [34880 2017-09-14] (VMware, Inc. -> VMware, Inc.) R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2017-09-14] (VMware, Inc. -> VMware, Inc.) ==================== NetSvcs (Lista blanca) =================== (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.) NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) ==================== Un mes (creado) =================== (Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.) 2020-07-27 09:30 - 2020-07-27 09:31 - 000000000 ____D C:\FRST 2020-07-27 09:25 - 2020-07-27 09:25 - 000014316 _____ C:\Users\enzo.prieto\Documents\FOCOS ULTIMA SEM DE JULIO.xlsx 2020-07-27 09:25 - 2020-07-27 09:25 - 000000165 ____H C:\Users\enzo.prieto\Documents\~$FOCOS ULTIMA SEM DE JULIO.xlsx 2020-07-27 09:17 - 2020-07-27 09:17 - 000000165 ____H C:\Users\enzo.prieto\Documents\~$CONCURSO SELECCION.xlsx 2020-07-27 04:01 - 2020-07-27 04:01 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-07-24 14:08 - 2020-07-24 14:08 - 000094449 _____ C:\Users\enzo.prieto\Desktop\Prieto Certificado Dirección de Ventas y Equipos Virtuales.pdf 2020-07-23 19:04 - 2020-07-23 19:04 - 000010240 _____ C:\Users\luciano.zabaloy\Downloads\VentasArcor (2).xls 2020-07-20 16:09 - 2020-07-20 16:09 - 006116864 _____ C:\Users\nicolas.castro\Desktop\Copia de BOLSAS INCREMENTALES JULIO.xls 2020-07-20 12:25 - 2020-07-20 12:25 - 000193704 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2020-07-20 12:25 - 2020-07-20 12:25 - 000000013 _____ C:\Users\administrador.MACAFRAN\AppData\Local\Temp\jawshtml.html 2020-07-20 12:25 - 2020-07-20 12:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2020-07-20 12:24 - 2020-07-20 12:24 - 000000000 ____D C:\Program Files\Java 2020-07-20 12:16 - 2020-07-20 12:17 - 083038856 _____ (Oracle Corporation) C:\Users\administrador.MACAFRAN\Downloads\jre-8u261-windows-x64.exe 2020-07-20 10:28 - 2020-07-20 10:49 - 005634560 _____ C:\Users\nicolas.castro\Desktop\BOLSAS INCREMENTALES JULIO VER.xls 2020-07-10 08:46 - 2020-07-10 08:46 - 000058179 _____ C:\Users\nicolas.castro\Downloads\CTA CTE REFINERIA.pdf 2020-07-09 22:11 - 2020-07-11 04:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2020-07-08 10:34 - 2020-07-13 14:36 - 000012992 _____ C:\Users\enzo.prieto\Documents\CONCURSO SELECCION.xlsx 2020-07-07 10:27 - 2020-07-07 10:27 - 000015599 _____ C:\Users\enzo.prieto\Desktop\IAE EXCEL CASO MILFORD.xlsx 2020-07-06 16:05 - 2020-07-06 16:37 - 000013095 _____ C:\Users\enzo.prieto\Documents\concurso top line julio.xlsx 2020-07-06 12:02 - 2020-07-06 12:01 - 000062976 _____ C:\Users\enzo.prieto\Downloads\Milford. Impresión para clase. Preparación equipos (2).xls 2020-07-05 21:47 - 2020-07-06 18:00 - 000013710 _____ C:\Users\enzo.prieto\Documents\IAE EXCEL CASO MILFORD.xlsx 2020-07-04 19:42 - 2020-07-04 19:46 - 000019456 _____ C:\Users\nicolas.castro\Desktop\master larrañaga.xls 2020-07-04 11:27 - 2020-07-04 11:26 - 000131700 _____ C:\Users\enzo.prieto\Desktop\502S06-PDF-SPA.pdf 2020-07-04 11:25 - 2020-07-04 11:25 - 000019716 _____ C:\Users\enzo.prieto\Desktop\EXCEL CLASE MARTES 7 DE JULIO.xlsx 2020-07-03 12:40 - 2020-07-03 12:40 - 006517760 _____ C:\Users\enzo.prieto\Downloads\OBJ JULIO2020 por canal ok ok.xls 2020-07-03 12:32 - 2020-07-03 12:32 - 006517760 _____ C:\Users\enzo.prieto\Downloads\OBJ JULIO2020 por canal ok.xls 2020-07-02 11:55 - 2020-07-02 11:55 - 000000367 _____ C:\Users\nicolas.castro\Documents\Favoritos - Acceso directo.lnk 2020-07-02 11:25 - 2020-07-02 11:25 - 000241664 _____ C:\Users\nicolas.castro\Desktop\venta 2019 julio.xls 2020-07-02 11:06 - 2020-07-02 17:08 - 006517760 _____ C:\Users\nicolas.castro\Desktop\OBJ JULIO2020 por canal....xls 2020-06-30 19:06 - 2020-06-30 19:06 - 000702464 _____ C:\Users\matias.saiz\Desktop\sug 30062020.xls 2020-06-28 23:03 - 2020-06-28 23:52 - 001206986 _____ C:\Users\nicolas.castro\Desktop\simul cierre cuenta corriente JUNIO.xlsx ==================== Un mes (modificado) ================== (Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.) 2020-07-27 09:31 - 2018-09-20 11:51 - 000000000 ____D C:\Users\administrador.MACAFRAN\AppData\Local\Temp\3 2020-07-27 09:25 - 2009-07-14 01:49 - 000027216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-07-27 09:25 - 2009-07-14 01:49 - 000027216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-07-27 09:24 - 2017-11-01 15:59 - 000000000 ____D C:\TEC 2020-07-27 09:19 - 2017-11-01 15:50 - 000000000 ____D C:\Users\administrador.MACAFRAN\AppData\LocalLow\Mozilla 2020-07-27 09:15 - 2019-09-30 15:49 - 000000000 ____D C:\Users\enzo.prieto\AppData\Local\Temp\4 2020-07-27 09:10 - 2018-05-10 11:32 - 000000000 ____D C:\Users\enzo.prieto 2020-07-27 09:09 - 2017-11-01 14:17 - 000000128 _____ C:\Windows\system32\config\netlogon.ftl 2020-07-27 09:08 - 2019-10-08 11:07 - 000000000 ____D C:\Users\nicolas.castro\AppData\Local\Temp\2 2020-07-27 08:59 - 2017-11-03 12:53 - 000000000 ____D C:\Users\nicolas.castro\AppData\LocalLow\Mozilla 2020-07-27 04:09 - 2010-11-21 05:16 - 000790884 _____ C:\Windows\system32\perfh00A.dat 2020-07-27 04:09 - 2010-11-21 05:16 - 000176844 _____ C:\Windows\system32\perfc00A.dat 2020-07-27 04:09 - 2009-07-14 02:10 - 001788160 _____ C:\Windows\system32\PerfStringBackup.INI 2020-07-27 04:09 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf 2020-07-27 04:01 - 2017-11-02 11:24 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-07-27 04:01 - 2017-11-01 13:41 - 000000000 ____D C:\Windows\system32\lserver 2020-07-27 04:01 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\Registration 2020-07-27 04:00 - 2009-07-14 02:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-07-26 10:00 - 2019-10-03 08:16 - 000000000 ____D C:\Users\enzo.prieto\AppData\Local\Temp\2 2020-07-24 23:48 - 2019-10-14 10:41 - 000000000 ____D C:\Users\matias.saiz\AppData\Local\Temp\2 2020-07-24 22:34 - 2019-10-01 11:56 - 000000000 ____D C:\Users\enzo.prieto\AppData\Local\Temp\5 2020-07-24 20:57 - 2019-09-17 13:55 - 000000000 ____D C:\Users\luciano.zabaloy\AppData\Local\Temp\3 2020-07-24 20:56 - 2019-08-13 14:09 - 000000000 ____D C:\Users\luciano.zabaloy 2020-07-24 17:32 - 2019-10-02 17:19 - 000000000 ____D C:\Users\enzo.prieto\AppData\Local\Temp\6 2020-07-24 13:59 - 2020-06-24 20:53 - 000000000 ____D C:\Users\luciano.zabaloy\AppData\Local\Temp\5 2020-07-24 12:23 - 2019-10-04 11:32 - 000000000 ____D C:\Users\nicolas.castro\AppData\Local\Temp\3 2020-07-24 11:42 - 2019-09-06 16:05 - 000000000 ____D C:\Users\luciano.zabaloy\AppData\Local\Temp\4 2020-07-24 10:32 - 2018-05-22 10:12 - 000000000 ____D C:\Visualizador 2020-07-24 10:19 - 2017-11-02 14:54 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2020-07-24 10:19 - 2017-11-01 14:49 - 000000000 ____D C:\Users\nicolas.castro 2020-07-24 09:52 - 2017-11-03 12:56 - 000000000 ____D C:\Users\matias.saiz\AppData\LocalLow\Mozilla 2020-07-23 20:10 - 2019-09-10 11:56 - 000000000 ____D C:\Users\enzo.prieto\AppData\Local\Temp\3 2020-07-23 18:59 - 2019-10-03 10:17 - 000000000 ____D C:\Users\nicolas.castro\AppData\Local\Temp\4 2020-07-23 17:23 - 2019-10-01 12:04 - 000000000 ____D C:\Users\matias.saiz\AppData\Local\Temp\6 2020-07-21 19:34 - 2019-10-01 13:56 - 000000000 ____D C:\Users\matias.saiz\AppData\Local\Temp\5 2020-07-21 18:14 - 2019-09-09 11:19 - 000000000 ____D C:\Users\luciano.zabaloy\AppData\Local\Temp\2 2020-07-21 09:36 - 2019-10-02 00:12 - 000000000 ____D C:\Users\matias.saiz\AppData\Local\Temp\3 2020-07-20 13:06 - 2020-02-06 11:51 - 000000000 ____D C:\Users\matias.saiz\AppData\Local\Temp\4 2020-07-20 12:57 - 2018-06-15 10:20 - 000000000 ____D C:\Users\administrador.MACAFRAN\AppData\Local\Temp\1 2020-07-20 12:57 - 2018-06-15 08:56 - 000000000 ____D C:\Users\administrador.MACAFRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubiquiti UniFi 2020-07-20 12:57 - 2017-11-01 14:19 - 000000000 ____D C:\Users\administrador.MACAFRAN 2020-07-20 12:25 - 2019-09-30 16:33 - 000000000 ____D C:\Users\administrador.MACAFRAN\AppData\Local\Temp\hsperfdata_administrador 2020-07-20 12:08 - 2017-11-22 15:26 - 000000000 ____D C:\Users\administrador.MACAFRAN\AppData\Local\Temp\TeamViewer 2020-07-17 17:03 - 2017-11-03 09:55 - 000000000 ____D C:\Users\matias.saiz 2020-07-15 18:03 - 2020-04-11 17:50 - 000000000 ____D C:\Users\silvana.fatutta\AppData\Local\Temp\3 2020-07-15 17:54 - 2017-11-08 16:31 - 000000000 ____D C:\Users\silvana.fatutta 2020-07-14 12:05 - 2020-06-22 20:15 - 000000000 ____D C:\Users\luciano.zabaloy\AppData\Local\Temp\TeamViewer 2020-07-14 12:04 - 2020-06-22 13:52 - 000000000 ____D C:\Users\enzo.prieto\AppData\Local\Temp\TeamViewer 2020-07-13 21:47 - 2019-12-16 18:09 - 000000000 ____D C:\Users\luciano.zabaloy\AppData\Local\Temp\7 2020-07-13 18:47 - 2019-11-27 16:01 - 000000000 ____D C:\Users\nicolas.castro\AppData\Local\Temp\8 2020-07-11 04:00 - 2018-05-10 15:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-07-10 12:18 - 2019-10-03 21:21 - 000000000 ____D C:\Users\nicolas.castro\AppData\Local\Temp\5 2020-07-08 09:55 - 2017-12-01 14:39 - 000000000 ____D C:\Users\administrador.MACAFRAN\AppData\Local\Temp\4 2020-07-07 09:31 - 2020-03-19 14:52 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2020-07-07 09:31 - 2018-08-16 12:04 - 000002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-07-03 21:44 - 2019-10-02 19:35 - 000000000 ____D C:\Users\nicolas.castro\AppData\Local\Temp\6 2020-06-29 18:48 - 2019-09-30 15:45 - 000000000 ____D C:\Users\luciano.zabaloy\AppData\Local\Temp\6 ==================== Archivos en la raíz de algunos directorios ======== 2019-10-04 15:27 - 2019-10-04 15:27 - 000079696 _____ () C:\Users\administrador.MACAFRAN\AppData\Local\ars.cache 2019-10-04 15:27 - 2019-10-04 15:27 - 000134803 _____ () C:\Users\administrador.MACAFRAN\AppData\Local\census.cache 2019-10-16 12:06 - 2019-10-16 12:06 - 000552694 _____ () C:\Users\administrador.MACAFRAN\AppData\Local\dd_ReportViewerMSI6648.txt 2019-10-16 12:06 - 2019-10-16 12:07 - 000438070 _____ () C:\Users\administrador.MACAFRAN\AppData\Local\dd_ReportViewerUI6648.txt 2019-10-04 15:05 - 2019-10-04 15:05 - 000000036 _____ () C:\Users\administrador.MACAFRAN\AppData\Local\housecall.guid.cache 2018-09-24 11:58 - 2018-09-24 11:58 - 000000017 _____ () C:\Users\administrador.MACAFRAN\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (No existe una corrección automática para los archivos que no pasan la verificación.) LastRegBack: 2020-07-26 00:20 ==================== Final de FRST.txt ========================