Título: tengo un troyano? Publicado por: MRx86 en 2 Enero 2017, 00:26 am hola, estaba merodeando por los archivos de windows y de repente encuentro un archivo con un nombre raro, era algo como "teamviewer__logon" o algo asi... no pense que teamviewer guardara datos en archivos tan profundos... asi que lo abri, y me impresiono su contenido:
2016/12/31 14:05:04.065 6936 4072 G1!! CSettings::LoadAll() load from storage exception: Couldn't find Registry Key 2016/12/31 14:05:04.559 6936 4072 G1 Monitors: HP vp15 LCD Monitor, \\.\DISPLAY1, 1024x600, flags=3 2016/12/31 14:05:12.306 6936 4072 G1!! ElevateIfRequired() exception: CProcess::ElevateProcess(): ShellExecuteEx, Errorcode=1223 2016/12/31 14:05:12.835 6936 4072 G1!! CSettings::LoadAll() load from storage exception: Couldn't find Registry Key 2016/12/31 14:05:12.836 6936 4072 G1 UpdateOnlineState newOnlineValue 0 2016/12/31 14:05:12.873 6936 4072 G1!! CGlobalSettings::SetFun_AlwaysOnline() write P_AUTOSTART_GUI exception: CRegOpenKey(): RegCreateKeyEx() failed, Errorcode=5 2016/12/31 14:05:12.934 6936 4072 G1 CGlobalSettings::LoadAll() fallback to HKEY_CURRENT_USER 2016/12/31 14:05:12.944 6936 4072 G1 UpdateOnlineState newOnlineValue 0 2016/12/31 14:05:12.946 6936 4072 G1!! CGlobalSettings::SetFun_AlwaysOnline() write P_AUTOSTART_GUI exception: CRegOpenKey(): RegCreateKeyEx() failed, Errorcode=5 2016/12/31 14:05:13.006 6936 4072 G1 Generating new RSA private/public key pair 2016/12/31 14:05:13.390 6936 4072 G1 QueryVPNRegKey: Subkey 'SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\Configuration' (18) has no 'MatchingDeviceID' entry. Continuing... 2016/12/31 14:05:13.391 6936 4072 G1!! QueryVPNRegKey: RegOpenKeyEx: SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\Properties 2016/12/31 14:05:13.634 6936 4072 G1 MachineHooks: Initialized Shm 2016/12/31 14:05:13.634 6936 4072 G1 MachineHooks: refcount = 1 2016/12/31 14:05:13.638 6936 4072 G1 MachineHooks: w32 Loader is starting Start: 2016/12/31 14:05:20.839 Version: 7.0.43148 ID: 0 License: 0 Server: master4.teamviewer.com IC: 468927371 OS: Win_6.2.9200_W (32-bit) IP: 192.168.1.4 MID: 0x00ffac1e98e5_1d211f2fdc77bd4_1257506294 MIDv: 0 Proxy-Settings: Type=1 IP= User= IE: 9.11.14393.0 AppPath: C:\Users\Ghost\AppData\Roaming\tvlop\TeamViewer.exe UserAccount: Ghost 2016/12/31 14:05:20.927 6936 4072 G1 Using IPC-Port 6039 2016/12/31 14:05:20.930 6936 4072 G1!! CTerminalServer::Init(): set privilege SE_DEBUG_NAME exception: CToken::SetTokenPrivilege(): AdjustTokenPrivileges() returned ERROR_NOT_ALL_ASSIGNED, Errorcode=1300, Errorcode=1300 2016/12/31 14:05:20.978 6936 4072 G1 UpdateOnlineState newOnlineValue 0 2016/12/31 14:05:20.978 6936 4072 G1 Starting intra process connection 2016/12/31 14:05:20.997 6936 6168 G1 CInterProcessNetwork::SetDyngateIDforSession() id=0 session=1 ptype=2 2016/12/31 14:05:21.028 6936 6168 G1 UpdateOnlineState newOnlineValue 1 2016/12/31 14:05:21.028 6936 6168 G1 TeamViewer is going online! 2016/12/31 14:05:21.179 6936 876 G1 NetWatchdog: Internet is now connected 2016/12/31 14:05:21.189 6936 6168 G1 Received Control_InitIPC_Response processtype=1 2016/12/31 14:05:21.190 6936 6168 G1 Received Control_InitIPC_Response runningProcesses=3 2016/12/31 14:05:21.192 6936 6168 G1 Control_InitIPC_Response: all processes 3 completely initialized 2016/12/31 14:05:21.199 6936 7052 G1 KeepAliveThread started 2016/12/31 14:05:21.373 6936 7400 G1 ProxySearch: no PAC script detected via WPAD 2016/12/31 14:05:21.379 6936 7400 G1 ProxySearch: no PAC script detected via WPAD 2016/12/31 14:05:22.003 6936 6168 G1 InterProcessNetwork: Loader process started, pid = 2428 2016/12/31 14:05:22.551 2428 2692 L32 Starting Loader 2016/12/31 14:05:13.633 6936 4072 H32 Loader: SharedMem Connected (seg = 0x3500000, refcnt = 1) 2016/12/31 14:05:13.633 6936 4072 H32 teamviewer.exe: SharedMem Connected (seg = 0x3500000, refcnt = 2) 2016/12/31 14:05:23.416 6936 4072 G1 Tray created! 2016/12/31 14:05:23.418 6936 4072 G1 CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=0 ka=0 lanAllowed=0 lanOnly=0 networkState=1 2016/12/31 14:05:23.606 6936 6168 G1 CTVUpdate::StartVersionFileDownloadWithCallback(): Start download of version file... 2016/12/31 14:05:23.618 6936 4672 G1 ChangeThreadDesktop(): SetThreadDesktop to default successful 2016/12/31 14:05:23.776 6936 4072 G1 P_FORCE_WINSTATE_ONCE = WinState_Undefined 2016/12/31 14:05:24.454 6936 4072 G1 API: The API is not registered with Windows. 2016/12/31 14:05:25.063 6936 7052 G1 CT2 CT.Send.CMD_PING From=0 To=0 L=4 2016/12/31 14:05:25.250 6936 7052 G1 CT2 CT.Receive.CMD_PINGOK From=0 To=0 L=4 2016/12/31 14:05:25.486 6936 7052 G1 NetWatchdog: Ping successful! 2016/12/31 14:05:25.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:25.984 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:26.070 6936 7052 G1 CT3 CT.Send.CMD_MASTERCOMMAND From=0 To=0 L=404 2016/12/31 14:05:26.440 6936 7052 G1 CT3 CT.Receive.CMD_MASTERRESPONSE From=0 To=0 L=23 2016/12/31 14:05:26.441 6936 7052 G1 CT3 CT.Disconnect 2016/12/31 14:05:26.442 6936 7052 G1! MC.Reg f=Reg&ic=468927371&id=0&iguid={f6e32e37-fd6d-4d66-bca9-5eeb6ce42f55}&logging=1&mac=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294&mid=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294&midf=1&midhistory=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294|ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midv=0&os=Win_6.2.9200_W&rhash={3b999bfc-e8f1-43e2-2ad1-5c75ec9d8c34}&smidv=1&sro=1&v=7.0.43148 - 0#108653348:292649112+1 2016/12/31 14:05:26.486 6936 7052 G1 CInterProcessNetwork::SetDyngateIDforSession() id=108653348 session=1 ptype=2 2016/12/31 14:05:26.488 6936 4072 G1 CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=108653348 ka=0 lanAllowed=0 lanOnly=0 networkState=1 2016/12/31 14:05:26.879 6936 7052 G1 CT4 CT.Send.CMD_MASTERCOMMAND From=108653348 To=0 L=307 2016/12/31 14:05:27.280 6936 7052 G1 CT4 CT.Receive.CMD_MASTERRESPONSE From=0 To=108653348 L=4 2016/12/31 14:05:27.280 6936 7052 G1 CT4 CT.Disconnect 2016/12/31 14:05:27.686 6936 7052 G1 CT5 CT.Send.CMD_MASTERCOMMAND From=108653348 To=0 L=310 2016/12/31 14:05:28.004 6936 7052 G1 CT5 CT.Receive.CMD_MASTERRESPONSE From=0 To=108653348 L=4 2016/12/31 14:05:28.005 6936 7052 G1 CT5 CT.Disconnect 2016/12/31 14:05:28.007 6936 7052 G1 Non-Commercial use 2016/12/31 14:05:28.014 6936 7052 G1 Resource-Language:es 2016/12/31 14:05:28.179 6936 6168 G1! CWaitAtGatewayThread::Reconnect() Reconnect started. noWait = 0 2016/12/31 14:05:28.382 6936 7052 G1 CT6 CT.Send.CMD_MASTERCOMMAND From=108653348 To=0 L=611 2016/12/31 14:05:28.811 6936 7052 G1 CT6 CT.Receive.CMD_MASTERRESPONSE From=0 To=108653348 L=431 2016/12/31 14:05:28.812 6936 7052 G1 CT6 CT.Disconnect 2016/12/31 14:05:28.817 6936 7052 G1 MC.L addonchannels=0&ckaportsenabled=0&client=TV&f=Login&gw=0&gwlevel=400&hideonlinestatus=0&httpout=1&ic=292649112&id=108653348&iguid={f6e32e37-fd6d-4d66-bca9-5eeb6ce42f55}&keepalive=1&language=es&licensetype=0&logging=1&mid=ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midf=1&midhistory=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294|ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midv=1&noofactivekeepalive=0&os=Win_6.2.9200_W&port443out=0&rhash={3b999bfc-e8f1-43e2-2ad1-5c75ec9d8c34}&runtime=7&smidv=1&sro=1&supportedfeatures=244701&tcpout=1&v=7.0.43148 - 0#OK_10000_-_2__37.252.232.6:5938_33981_1_-1_0.0.0.0__178.77.120.103_178.77.120.102_0_108653348_1_0_0_0_42729257__188.172.204.19,169.55.164.166,212.27.180.180,37.252.248.74,94.16.3.143,212.81.93.226,92.51.156.90,159.122.90.121,188.172.192.6,217.146.1.43,195.81.195.52,188.172.245.6,37.252.225.68,89.202.200.132,159.8.67.136,37.252.230.22,37.252.232.52,37.252.253.60,159.122.189.39,159.8.209.221,217.146.31.62,195.149.177.3_Kf+LAgg= 2016/12/31 14:05:28.822 6936 7052 G1 CInterProcessNetwork::SetDyngateIDforSession() id=108653348 session=1 ptype=2 2016/12/31 14:05:28.825 6936 4072 G1 CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=108653348 ka=0 lanAllowed=0 lanOnly=0 networkState=1 2016/12/31 14:05:28.831 6936 7052 G1 local license differs from master license 2016/12/31 14:05:28.833 6936 7052 G1 CInterProcessNetwork::SetDyngateIDforSession() id=108653348 session=1 ptype=2 2016/12/31 14:05:28.851 6936 4072 G1 CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=108653348 ka=0 lanAllowed=0 lanOnly=0 networkState=1 2016/12/31 14:05:28.901 6936 7052 G1 CT7 CT.TM_WaitAtGateway.37.252.232.6:5938 - CT7 - S6 2016/12/31 14:05:28.902 6936 7052 G1 CT7 CT.Connect.37.252.232.6:5938 2016/12/31 14:05:28.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key, Errorcode=6 2016/12/31 14:05:28.985 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key, Errorcode=6 2016/12/31 14:05:29.267 6936 7052 G1 CT7 CT.Connected 2016/12/31 14:05:29.271 6936 2916 G1 CT7 CT.Run 2016/12/31 14:05:29.272 6936 2916 G1 CT7 CT.Send.CMD_IDENTIFY From=108653348 To=0 L=32 2016/12/31 14:05:29.273 6936 2916 G1 CT7 CT.Send.CMD_REQUESTKEEPALIVE2 From=108653348 To=0 L=24 2016/12/31 14:05:29.275 6936 2916 G1 CConnectionThread::PingRouter(): Router Ping started 2016/12/31 14:05:29.310 6936 6168 G1! CWaitAtGatewayThread::Reconnect() Reconnect started. noWait = 0 2016/12/31 14:05:29.312 6936 6168 G1 CT7 CT.Send.CMD_DISCONNECT From=108653348 To=0 L=4 2016/12/31 14:05:29.314 6936 6168 G1 CT7 CT.Disconnect 2016/12/31 14:05:29.316 6936 6168 G1!! CloseSocketSafely(): recv failed with error code: 10035, Errorcode=10035 2016/12/31 14:05:29.317 6936 6168 G1 CT.Disconnect.TM_WaitAtGateway finished 2016/12/31 14:05:29.323 6936 6168 G1 CT7 CT.Term.TM_WaitAtGateway: SendQueueThread stopped 2016/12/31 14:05:29.852 6936 2916 G1 CT7 CT.Run.LoopEnd 2016/12/31 14:05:29.854 6936 6168 G1 CT7 CT.Term.TM_WaitAtGateway: Terminated 2016/12/31 14:05:29.855 6936 7052 G1 Non-Commercial use 2016/12/31 14:05:29.862 6936 7052 G1 Resource-Language:es 2016/12/31 14:05:30.316 6936 7052 G1 CT8 CT.Send.CMD_MASTERCOMMAND From=108653348 To=0 L=615 2016/12/31 14:05:30.665 6936 7052 G1 CT8 CT.Receive.CMD_MASTERRESPONSE From=0 To=108653348 L=447 2016/12/31 14:05:30.666 6936 7052 G1 CT8 CT.Disconnect 2016/12/31 14:05:30.668 6936 7052 G1 MC.L addonchannels=0&ckaportsenabled=0&client=TV&f=Login&gw=0&gwlevel=400&hideonlinestatus=0&httpout=1&ic=292649112&id=108653348&iguid={f6e32e37-fd6d-4d66-bca9-5eeb6ce42f55}&keepalive=1&language=es&licensetype=10000&logging=1&mid=ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midf=1&midhistory=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294|ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midv=1&noofactivekeepalive=0&os=Win_6.2.9200_W&port443out=0&rhash={3b999bfc-e8f1-43e2-2ad1-5c75ec9d8c34}&runtime=9&smidv=1&sro=1&supportedfeatures=244701&tcpout=1&v=7.0.43148 - 0#OK_10000_-_2__159.122.189.39:5938_33981_1_-1_0.0.0.0__178.77.120.103_178.77.120.102_0_108653348_1_0_0_0_42729257__188.172.204.19,37.252.247.67,212.27.180.180,37.252.248.74,37.252.227.2,94.16.3.143,92.51.156.102,159.122.90.121,188.172.192.6,195.81.195.52,188.172.245.6,37.252.225.68,89.202.200.132,159.8.67.136,37.252.230.22,37.252.232.6,37.252.253.60,159.122.189.39,188.172.219.36,213.39.27.211,159.8.209.221,217.146.13.53,195.149.177.3_Kf+LAgg= 2016/12/31 14:05:30.708 6936 7052 G1 CT9 CT.TM_WaitAtGateway.159.122.189.39:5938 - CT9 - S8 2016/12/31 14:05:30.712 6936 7052 G1 CT9 CT.Connect.159.122.189.39:5938 2016/12/31 14:05:30.950 6936 7052 G1 CT9 CT.Connected 2016/12/31 14:05:30.952 6936 6392 G1 CT9 CT.Run 2016/12/31 14:05:30.953 6936 6392 G1 CT9 CT.Send.CMD_IDENTIFY From=108653348 To=0 L=32 2016/12/31 14:05:30.954 6936 6392 G1 CT9 CT.Send.CMD_REQUESTKEEPALIVE2 From=108653348 To=0 L=24 2016/12/31 14:05:30.956 6936 6392 G1 CConnectionThread::PingRouter(): Router Ping started 2016/12/31 14:05:31.377 6936 6392 G1 CT9 Activating support for ccmdV2 2016/12/31 14:05:31.378 6936 6392 G1 CT9 CT.Receive.CMD_SESSIONID From=0 To=108653348 L=8 2016/12/31 14:05:31.379 6936 6392 G1 CT9 CT.Receive.CMD_IDENTIFY From=0 To=108653348 L=32 2016/12/31 14:05:31.380 6936 6392 G1 CT9 CConnectionThread::CmdPingRouter(): Router Pong Received with following Hops: 108653348 780858732 2016/12/31 14:05:31.381 6936 6392 G1 CKeepAliveThreadServer::SyncClients(): Clients: 2016/12/31 14:05:31.382 6936 6392 G1 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=74 2016/12/31 14:05:31.407 6936 6168 G1 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38 2016/12/31 14:05:31.408 6936 6168 G1 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38 2016/12/31 14:05:31.409 6936 6168 G1 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38 2016/12/31 14:05:31.410 6936 6168 G1 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38 2016/12/31 14:05:31.411 6936 6168 G1 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38 2016/12/31 14:05:31.794 6936 6392 G1 CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38 2016/12/31 14:05:31.794 6936 6392 G1 MessageLayer: Received and saved message with ID 7 2016/12/31 14:05:31.824 6936 6392 G1 CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38 2016/12/31 14:05:31.826 6936 6392 G1 MessageLayer: Received and saved message with ID 1 2016/12/31 14:05:31.844 6936 6392 G1 CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38 2016/12/31 14:05:31.846 6936 6392 G1 MessageLayer: Received and saved message with ID 4 2016/12/31 14:05:31.847 6936 6392 G1 CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38 2016/12/31 14:05:31.849 6936 6392 G1 MessageLayer: Received and saved message with ID 5 2016/12/31 14:05:31.863 6936 6392 G1 CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38 2016/12/31 14:05:31.863 6936 6392 G1 MessageLayer: Received and saved message with ID 40 2016/12/31 14:05:31.866 6936 5032 G1 LoadfromURL: using proxy ':56' 2016/12/31 14:05:31.981 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:31.982 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:33.323 6936 6436 G1 EnumComputers.0 2016/12/31 14:05:34.981 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:34.982 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:37.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:37.984 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:40.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:40.984 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:43.982 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:43.985 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:46.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:46.984 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:49.984 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:49.985 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:52.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:52.984 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:55.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:55.984 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:05:58.980 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:05:58.981 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:01.984 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:01.985 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:04.981 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:04.983 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:07.981 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:07.982 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:10.982 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:10.983 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:13.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:13.984 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:16.985 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:16.986 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:19.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:19.985 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:22.984 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:22.986 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:25.983 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:25.984 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:28.982 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:28.983 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:31.982 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:31.983 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:34.981 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key 2016/12/31 14:06:34.982 6936 4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key 2016/12/31 14:06:37.982 6936 4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key y creanme, este es como el 7% de todo el archivo, creen que sea como el "diario" del troyano? como un archivo que usa el atacante para llevar el control de lo que hace? esto es lo que mas creo, ya que en uno de los troyanos que cree se me ocurrio hacer esto... si lo leen completo pueden ver que en una de las partes dice "NetWatchDog", en muchas otras "SendBCommandToMaster"... es inquietante enserio. help me please :-\... saludos Título: Re: tengo un troyano? Publicado por: Poyoncio en 2 Enero 2017, 00:51 am Simplemente será los logs de teamviewer, seguramente lo tienes instalado o lo has instalado.
Título: Re: tengo un troyano? Publicado por: apuromafo CLS en 2 Enero 2017, 06:10 am son logs de teamviewer, antes que lo desinstales , date una vuelta a conocer un poco de la teoria y la práctica
todo programa que corre en windows, debe tener permisos para ejecutar...si usas modo admin , de seguro dejas que todo tenga permiso por otro lado, para acceder a internet tienes las opciones de navegador...y los programas con permisos...existe algo llamado firewall el mas simple y manejable que te aconsejo es este: https://tinywall.pados.hu/ pero la advertencia es que si la instalas, debes configurar el acceso a internet, porque por defecto al iniciar te bloqueará todo acceso a internet entonces si le colocas que le das permisos a tu navegador o al programa que necesite internet(conocido por ti) por mucho que tengan 100 troyanos, no podrán acceder a internet, a menos que la aplicacion le de las reglas de firewall de acceso... Saludos Apuromafo pd: https://www.teamviewer.com/es/uninstall/ Título: Re: tengo un troyano? Publicado por: MRx86 en 2 Enero 2017, 06:32 am Gracias xd
|