tengo un troyano?

Iniciado por MRx86, 2 Enero 2017, 00:26 AM

0 Miembros y 1 Visitante están viendo este tema.

MRx86

hola, estaba merodeando por los archivos de windows y de repente encuentro un archivo con un nombre raro, era algo como "teamviewer__logon" o algo asi... no pense que teamviewer guardara datos en archivos tan profundos... asi que lo abri, y me impresiono su contenido:

2016/12/31 14:05:04.065  6936  4072 G1!! CSettings::LoadAll() load from storage exception: Couldn't find Registry Key
2016/12/31 14:05:04.559  6936  4072 G1   Monitors: HP vp15 LCD Monitor, \\.\DISPLAY1, 1024x600, flags=3
2016/12/31 14:05:12.306  6936  4072 G1!! ElevateIfRequired() exception: CProcess::ElevateProcess(): ShellExecuteEx, Errorcode=1223
2016/12/31 14:05:12.835  6936  4072 G1!! CSettings::LoadAll() load from storage exception: Couldn't find Registry Key
2016/12/31 14:05:12.836  6936  4072 G1   UpdateOnlineState newOnlineValue 0
2016/12/31 14:05:12.873  6936  4072 G1!! CGlobalSettings::SetFun_AlwaysOnline() write P_AUTOSTART_GUI exception: CRegOpenKey(): RegCreateKeyEx() failed, Errorcode=5
2016/12/31 14:05:12.934  6936  4072 G1   CGlobalSettings::LoadAll() fallback to HKEY_CURRENT_USER
2016/12/31 14:05:12.944  6936  4072 G1   UpdateOnlineState newOnlineValue 0
2016/12/31 14:05:12.946  6936  4072 G1!! CGlobalSettings::SetFun_AlwaysOnline() write P_AUTOSTART_GUI exception: CRegOpenKey(): RegCreateKeyEx() failed, Errorcode=5
2016/12/31 14:05:13.006  6936  4072 G1   Generating new RSA private/public key pair
2016/12/31 14:05:13.390  6936  4072 G1   QueryVPNRegKey: Subkey 'SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\Configuration' (18) has no 'MatchingDeviceID' entry. Continuing...
2016/12/31 14:05:13.391  6936  4072 G1!! QueryVPNRegKey: RegOpenKeyEx: SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\Properties
2016/12/31 14:05:13.634  6936  4072 G1   MachineHooks: Initialized Shm
2016/12/31 14:05:13.634  6936  4072 G1   MachineHooks: refcount = 1
2016/12/31 14:05:13.638  6936  4072 G1   MachineHooks: w32 Loader is starting
                   
                   
                   
Start:              2016/12/31 14:05:20.839
Version:            7.0.43148
ID:                 0
License:            0
Server:             master4.teamviewer.com
IC:                 468927371
OS:                 Win_6.2.9200_W (32-bit)
IP:                 192.168.1.4
MID:                0x00ffac1e98e5_1d211f2fdc77bd4_1257506294
MIDv:               0
Proxy-Settings:     Type=1 IP= User=
IE:                 9.11.14393.0
AppPath:            C:\Users\Ghost\AppData\Roaming\tvlop\TeamViewer.exe
UserAccount:        Ghost

2016/12/31 14:05:20.927  6936  4072 G1   Using IPC-Port 6039
2016/12/31 14:05:20.930  6936  4072 G1!! CTerminalServer::Init(): set privilege SE_DEBUG_NAME exception: CToken::SetTokenPrivilege(): AdjustTokenPrivileges() returned ERROR_NOT_ALL_ASSIGNED, Errorcode=1300, Errorcode=1300
2016/12/31 14:05:20.978  6936  4072 G1   UpdateOnlineState newOnlineValue 0
2016/12/31 14:05:20.978  6936  4072 G1   Starting intra process connection
2016/12/31 14:05:20.997  6936  6168 G1   CInterProcessNetwork::SetDyngateIDforSession() id=0 session=1 ptype=2
2016/12/31 14:05:21.028  6936  6168 G1   UpdateOnlineState newOnlineValue 1
2016/12/31 14:05:21.028  6936  6168 G1   TeamViewer is going online!
2016/12/31 14:05:21.179  6936   876 G1   NetWatchdog: Internet is now connected
2016/12/31 14:05:21.189  6936  6168 G1   Received Control_InitIPC_Response processtype=1
2016/12/31 14:05:21.190  6936  6168 G1   Received Control_InitIPC_Response runningProcesses=3
2016/12/31 14:05:21.192  6936  6168 G1   Control_InitIPC_Response: all processes 3 completely initialized
2016/12/31 14:05:21.199  6936  7052 G1   KeepAliveThread started
2016/12/31 14:05:21.373  6936  7400 G1   ProxySearch: no PAC script detected via WPAD
2016/12/31 14:05:21.379  6936  7400 G1   ProxySearch: no PAC script detected via WPAD
2016/12/31 14:05:22.003  6936  6168 G1   InterProcessNetwork: Loader process started, pid = 2428
2016/12/31 14:05:22.551  2428  2692 L32  Starting Loader
2016/12/31 14:05:13.633  6936  4072 H32  Loader: SharedMem Connected (seg = 0x3500000, refcnt = 1)
2016/12/31 14:05:13.633  6936  4072 H32  teamviewer.exe: SharedMem Connected (seg = 0x3500000, refcnt = 2)
2016/12/31 14:05:23.416  6936  4072 G1   Tray created!
2016/12/31 14:05:23.418  6936  4072 G1   CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=0 ka=0 lanAllowed=0 lanOnly=0 networkState=1
2016/12/31 14:05:23.606  6936  6168 G1   CTVUpdate::StartVersionFileDownloadWithCallback(): Start download of version file...
2016/12/31 14:05:23.618  6936  4672 G1   ChangeThreadDesktop(): SetThreadDesktop to default successful
2016/12/31 14:05:23.776  6936  4072 G1   P_FORCE_WINSTATE_ONCE = WinState_Undefined
2016/12/31 14:05:24.454  6936  4072 G1   API: The API is not registered with Windows.
2016/12/31 14:05:25.063  6936  7052 G1   CT2 CT.Send.CMD_PING From=0 To=0 L=4
2016/12/31 14:05:25.250  6936  7052 G1   CT2 CT.Receive.CMD_PINGOK From=0 To=0 L=4
2016/12/31 14:05:25.486  6936  7052 G1   NetWatchdog: Ping successful!
2016/12/31 14:05:25.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:25.984  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:26.070  6936  7052 G1   CT3 CT.Send.CMD_MASTERCOMMAND From=0 To=0 L=404
2016/12/31 14:05:26.440  6936  7052 G1   CT3 CT.Receive.CMD_MASTERRESPONSE From=0 To=0 L=23
2016/12/31 14:05:26.441  6936  7052 G1   CT3 CT.Disconnect
2016/12/31 14:05:26.442  6936  7052 G1!  MC.Reg f=Reg&ic=468927371&id=0&iguid={f6e32e37-fd6d-4d66-bca9-5eeb6ce42f55}&logging=1&mac=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294&mid=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294&midf=1&midhistory=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294|ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midv=0&os=Win_6.2.9200_W&rhash={3b999bfc-e8f1-43e2-2ad1-5c75ec9d8c34}&smidv=1&sro=1&v=7.0.43148 - 0#108653348:292649112+1
2016/12/31 14:05:26.486  6936  7052 G1   CInterProcessNetwork::SetDyngateIDforSession() id=108653348 session=1 ptype=2
2016/12/31 14:05:26.488  6936  4072 G1   CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=108653348 ka=0 lanAllowed=0 lanOnly=0 networkState=1
2016/12/31 14:05:26.879  6936  7052 G1   CT4 CT.Send.CMD_MASTERCOMMAND From=108653348 To=0 L=307
2016/12/31 14:05:27.280  6936  7052 G1   CT4 CT.Receive.CMD_MASTERRESPONSE From=0 To=108653348 L=4
2016/12/31 14:05:27.280  6936  7052 G1   CT4 CT.Disconnect
2016/12/31 14:05:27.686  6936  7052 G1   CT5 CT.Send.CMD_MASTERCOMMAND From=108653348 To=0 L=310
2016/12/31 14:05:28.004  6936  7052 G1   CT5 CT.Receive.CMD_MASTERRESPONSE From=0 To=108653348 L=4
2016/12/31 14:05:28.005  6936  7052 G1   CT5 CT.Disconnect
2016/12/31 14:05:28.007  6936  7052 G1   Non-Commercial use
2016/12/31 14:05:28.014  6936  7052 G1   Resource-Language:es
2016/12/31 14:05:28.179  6936  6168 G1!  CWaitAtGatewayThread::Reconnect() Reconnect started. noWait = 0
2016/12/31 14:05:28.382  6936  7052 G1   CT6 CT.Send.CMD_MASTERCOMMAND From=108653348 To=0 L=611
2016/12/31 14:05:28.811  6936  7052 G1   CT6 CT.Receive.CMD_MASTERRESPONSE From=0 To=108653348 L=431
2016/12/31 14:05:28.812  6936  7052 G1   CT6 CT.Disconnect
2016/12/31 14:05:28.817  6936  7052 G1   MC.L addonchannels=0&ckaportsenabled=0&client=TV&f=Login&gw=0&gwlevel=400&hideonlinestatus=0&httpout=1&ic=292649112&id=108653348&iguid={f6e32e37-fd6d-4d66-bca9-5eeb6ce42f55}&keepalive=1&language=es&licensetype=0&logging=1&mid=ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midf=1&midhistory=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294|ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midv=1&noofactivekeepalive=0&os=Win_6.2.9200_W&port443out=0&rhash={3b999bfc-e8f1-43e2-2ad1-5c75ec9d8c34}&runtime=7&smidv=1&sro=1&supportedfeatures=244701&tcpout=1&v=7.0.43148 - 0#OK_10000_-_2__37.252.232.6:5938_33981_1_-1_0.0.0.0__178.77.120.103_178.77.120.102_0_108653348_1_0_0_0_42729257__188.172.204.19,169.55.164.166,212.27.180.180,37.252.248.74,94.16.3.143,212.81.93.226,92.51.156.90,159.122.90.121,188.172.192.6,217.146.1.43,195.81.195.52,188.172.245.6,37.252.225.68,89.202.200.132,159.8.67.136,37.252.230.22,37.252.232.52,37.252.253.60,159.122.189.39,159.8.209.221,217.146.31.62,195.149.177.3_Kf+LAgg=
2016/12/31 14:05:28.822  6936  7052 G1   CInterProcessNetwork::SetDyngateIDforSession() id=108653348 session=1 ptype=2
2016/12/31 14:05:28.825  6936  4072 G1   CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=108653348 ka=0 lanAllowed=0 lanOnly=0 networkState=1
2016/12/31 14:05:28.831  6936  7052 G1   local license differs from master license
2016/12/31 14:05:28.833  6936  7052 G1   CInterProcessNetwork::SetDyngateIDforSession() id=108653348 session=1 ptype=2
2016/12/31 14:05:28.851  6936  4072 G1   CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=108653348 ka=0 lanAllowed=0 lanOnly=0 networkState=1
2016/12/31 14:05:28.901  6936  7052 G1   CT7 CT.TM_WaitAtGateway.37.252.232.6:5938 - CT7 - S6
2016/12/31 14:05:28.902  6936  7052 G1   CT7 CT.Connect.37.252.232.6:5938
2016/12/31 14:05:28.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key, Errorcode=6
2016/12/31 14:05:28.985  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key, Errorcode=6
2016/12/31 14:05:29.267  6936  7052 G1   CT7 CT.Connected
2016/12/31 14:05:29.271  6936  2916 G1   CT7 CT.Run
2016/12/31 14:05:29.272  6936  2916 G1   CT7 CT.Send.CMD_IDENTIFY From=108653348 To=0 L=32
2016/12/31 14:05:29.273  6936  2916 G1   CT7 CT.Send.CMD_REQUESTKEEPALIVE2 From=108653348 To=0 L=24
2016/12/31 14:05:29.275  6936  2916 G1   CConnectionThread::PingRouter(): Router Ping started
2016/12/31 14:05:29.310  6936  6168 G1!  CWaitAtGatewayThread::Reconnect() Reconnect started. noWait = 0
2016/12/31 14:05:29.312  6936  6168 G1   CT7 CT.Send.CMD_DISCONNECT From=108653348 To=0 L=4
2016/12/31 14:05:29.314  6936  6168 G1   CT7 CT.Disconnect
2016/12/31 14:05:29.316  6936  6168 G1!! CloseSocketSafely(): recv failed with error code: 10035, Errorcode=10035
2016/12/31 14:05:29.317  6936  6168 G1   CT.Disconnect.TM_WaitAtGateway finished
2016/12/31 14:05:29.323  6936  6168 G1   CT7 CT.Term.TM_WaitAtGateway: SendQueueThread stopped
2016/12/31 14:05:29.852  6936  2916 G1   CT7 CT.Run.LoopEnd
2016/12/31 14:05:29.854  6936  6168 G1   CT7 CT.Term.TM_WaitAtGateway: Terminated
2016/12/31 14:05:29.855  6936  7052 G1   Non-Commercial use
2016/12/31 14:05:29.862  6936  7052 G1   Resource-Language:es
2016/12/31 14:05:30.316  6936  7052 G1   CT8 CT.Send.CMD_MASTERCOMMAND From=108653348 To=0 L=615
2016/12/31 14:05:30.665  6936  7052 G1   CT8 CT.Receive.CMD_MASTERRESPONSE From=0 To=108653348 L=447
2016/12/31 14:05:30.666  6936  7052 G1   CT8 CT.Disconnect
2016/12/31 14:05:30.668  6936  7052 G1   MC.L addonchannels=0&ckaportsenabled=0&client=TV&f=Login&gw=0&gwlevel=400&hideonlinestatus=0&httpout=1&ic=292649112&id=108653348&iguid={f6e32e37-fd6d-4d66-bca9-5eeb6ce42f55}&keepalive=1&language=es&licensetype=10000&logging=1&mid=ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midf=1&midhistory=0x00ffac1e98e5_1d211f2fdc77bd4_1257506294|ub7b32a00f4c2384ea973e89a8f71e6e6e89a8f71e6e6c188f4f5ff670a177cb798f345a646e3&midv=1&noofactivekeepalive=0&os=Win_6.2.9200_W&port443out=0&rhash={3b999bfc-e8f1-43e2-2ad1-5c75ec9d8c34}&runtime=9&smidv=1&sro=1&supportedfeatures=244701&tcpout=1&v=7.0.43148 - 0#OK_10000_-_2__159.122.189.39:5938_33981_1_-1_0.0.0.0__178.77.120.103_178.77.120.102_0_108653348_1_0_0_0_42729257__188.172.204.19,37.252.247.67,212.27.180.180,37.252.248.74,37.252.227.2,94.16.3.143,92.51.156.102,159.122.90.121,188.172.192.6,195.81.195.52,188.172.245.6,37.252.225.68,89.202.200.132,159.8.67.136,37.252.230.22,37.252.232.6,37.252.253.60,159.122.189.39,188.172.219.36,213.39.27.211,159.8.209.221,217.146.13.53,195.149.177.3_Kf+LAgg=
2016/12/31 14:05:30.708  6936  7052 G1   CT9 CT.TM_WaitAtGateway.159.122.189.39:5938 - CT9 - S8
2016/12/31 14:05:30.712  6936  7052 G1   CT9 CT.Connect.159.122.189.39:5938
2016/12/31 14:05:30.950  6936  7052 G1   CT9 CT.Connected
2016/12/31 14:05:30.952  6936  6392 G1   CT9 CT.Run
2016/12/31 14:05:30.953  6936  6392 G1   CT9 CT.Send.CMD_IDENTIFY From=108653348 To=0 L=32
2016/12/31 14:05:30.954  6936  6392 G1   CT9 CT.Send.CMD_REQUESTKEEPALIVE2 From=108653348 To=0 L=24
2016/12/31 14:05:30.956  6936  6392 G1   CConnectionThread::PingRouter(): Router Ping started
2016/12/31 14:05:31.377  6936  6392 G1   CT9 Activating support for ccmdV2
2016/12/31 14:05:31.378  6936  6392 G1   CT9 CT.Receive.CMD_SESSIONID From=0 To=108653348 L=8
2016/12/31 14:05:31.379  6936  6392 G1   CT9 CT.Receive.CMD_IDENTIFY From=0 To=108653348 L=32
2016/12/31 14:05:31.380  6936  6392 G1   CT9 CConnectionThread::CmdPingRouter(): Router Pong Received with following Hops: 108653348 780858732
2016/12/31 14:05:31.381  6936  6392 G1   CKeepAliveThreadServer::SyncClients(): Clients:
2016/12/31 14:05:31.382  6936  6392 G1   CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=74
2016/12/31 14:05:31.407  6936  6168 G1   CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2016/12/31 14:05:31.408  6936  6168 G1   CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2016/12/31 14:05:31.409  6936  6168 G1   CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2016/12/31 14:05:31.410  6936  6168 G1   CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2016/12/31 14:05:31.411  6936  6168 G1   CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2016/12/31 14:05:31.794  6936  6392 G1   CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38
2016/12/31 14:05:31.794  6936  6392 G1   MessageLayer: Received and saved message with ID 7
2016/12/31 14:05:31.824  6936  6392 G1   CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38
2016/12/31 14:05:31.826  6936  6392 G1   MessageLayer: Received and saved message with ID 1
2016/12/31 14:05:31.844  6936  6392 G1   CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38
2016/12/31 14:05:31.846  6936  6392 G1   MessageLayer: Received and saved message with ID 4
2016/12/31 14:05:31.847  6936  6392 G1   CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38
2016/12/31 14:05:31.849  6936  6392 G1   MessageLayer: Received and saved message with ID 5
2016/12/31 14:05:31.863  6936  6392 G1   CConnectionThread::ProcessBuddyCommandClient: CC=3 CT=38
2016/12/31 14:05:31.863  6936  6392 G1   MessageLayer: Received and saved message with ID 40
2016/12/31 14:05:31.866  6936  5032 G1   LoadfromURL: using proxy ':56'
2016/12/31 14:05:31.981  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:31.982  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:33.323  6936  6436 G1   EnumComputers.0
2016/12/31 14:05:34.981  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:34.982  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:37.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:37.984  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:40.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:40.984  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:43.982  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:43.985  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:46.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:46.984  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:49.984  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:49.985  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:52.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:52.984  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:55.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:55.984  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:05:58.980  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:05:58.981  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:01.984  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:01.985  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:04.981  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:04.983  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:07.981  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:07.982  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:10.982  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:10.983  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:13.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:13.984  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:16.985  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:16.986  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:19.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:19.985  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:22.984  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:22.986  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:25.983  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:25.984  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:28.982  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:28.983  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:31.982  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:31.983  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:34.981  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key
2016/12/31 14:06:34.982  6936  4072 G1!! GetWindowsRegistrationOrganization exception: Couldn't find Registry Key
2016/12/31 14:06:37.982  6936  4072 G1!! GetWindowsRegistrationName exception: Couldn't find Registry Key

y creanme, este es como el 7% de todo el archivo, creen que sea como el "diario" del troyano? como un archivo que usa el atacante para llevar el control de lo que hace? esto es lo que mas creo, ya que en uno de los troyanos que cree se me ocurrio hacer esto...

si lo leen completo pueden ver que en una de las partes dice "NetWatchDog", en muchas otras "SendBCommandToMaster"... es inquietante enserio.

help me please  :-\...

saludos
"Tengo una pregunta que a veces me tortura: ¿Estoy loco
yo, o los locos son los demas?"
- Albert Einstein

Poyoncio

Simplemente será los logs de teamviewer, seguramente lo tienes instalado o lo has instalado.
Curso de ensamblador desde cero

apuromafo CLS

son logs de teamviewer, antes que lo desinstales , date una vuelta a conocer un poco de la teoria y la práctica

todo programa que corre en windows, debe tener permisos para ejecutar...si usas modo admin , de seguro dejas que todo tenga permiso

por otro lado, para acceder a internet tienes las opciones de navegador...y los programas con permisos...existe algo llamado firewall
el mas simple y manejable que te aconsejo es este:
https://tinywall.pados.hu/

pero la advertencia es que si la instalas, debes configurar el acceso a internet, porque por defecto al iniciar te bloqueará todo acceso a internet

entonces si le colocas que le das permisos a tu navegador o al programa que necesite internet(conocido por ti)
por mucho que tengan 100 troyanos, no podrán acceder a internet, a menos que la aplicacion le de las reglas de firewall de acceso...

Saludos Apuromafo

pd: https://www.teamviewer.com/es/uninstall/


MRx86

"Tengo una pregunta que a veces me tortura: ¿Estoy loco
yo, o los locos son los demas?"
- Albert Einstein