Foros de daboweb

SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc => Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware => Mensaje iniciado por: Slan en 29 de Marzo de 2006, 04:12:33 pm

Título: Log Autoruns -¿Troyanos?
Publicado por: Slan en 29 de Marzo de 2006, 04:12:33 pm

Hola a todos. llevo 10 dias con problemas de conexion y pienso qe pueden ser troyanos asi qe me he bajado el Autoruns y lo he pasado en modo seguro me gustaria qe le dierais un repaso aver si hay algo raro.
He estado cambiando de antivirus, pasando scaner online y no aparece nada.
Gracias y hasta luego.

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms         
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup         

HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup         

HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup         

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon         

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit         

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell         

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell         

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run         

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run         

+ pccguide.exe   PCCGuide   (Not verified) Trend Micro Incorporated.   c:\archivos de programa\trend micro\internet security 2006\pccguide.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx         

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce         

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio         

C:\Documents and Settings\Roberto\Menú Inicio\Programas\Inicio         

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load         

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run         

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run         

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run         

HKCU\Software\Microsoft\Windows\CurrentVersion\Run         

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce         

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce         

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx         

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run         

HKLM\SOFTWARE\Classes\Protocols\Filter         

HKLM\SOFTWARE\Classes\Protocols\Handler         

+ msnim   MSN Messenger Protocol Handler   (Not verified) Microsoft Corporation   c:\archivos de programa\msn messenger\msgrapp.dll

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components         

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components         

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler         

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad         

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad         

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks         

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved         

+ Extensión de paneo de pantalla del Panel de control         File not found: deskpan.dll

+ OpenOffice.org Column Handler      (Not verified) Sun Microsystems, Inc.   c:\archivos de programa\openoffice.org 2.0\program\shlxthdl.dll

+ OpenOffice.org Infotip Handler      (Not verified) Sun Microsystems, Inc.   c:\archivos de programa\openoffice.org 2.0\program\shlxthdl.dll

+ OpenOffice.org Property Sheet Handler      (Not verified) Sun Microsystems, Inc.   c:\archivos de programa\openoffice.org 2.0\program\shlxthdl.dll

+ OpenOffice.org Thumbnail Viewer      (Not verified) Sun Microsystems, Inc.   c:\archivos de programa\openoffice.org 2.0\program\shlxthdl.dll

+ TMD Shell Extension   Tmdshell Module   (Not verified) Trend Micro Incorporated.   c:\archivos de programa\trend micro\internet security 2006\tmdshell.dll

+ VBPropSheet   VBProp Module   (Not verified) Trend Micro Incorporated.   c:\archivos de programa\trend micro\internet security 2006\vbprop.dll

+ WinRAR shell extension         c:\archivos de programa\winrar\rarext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved         

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers         

+ PDF Shell Extension   PDF Shell Extension   (Not verified) Adobe Systems, Inc.   c:\archivos de programa\adobe\acrobat 7.0\activex\pdfshell.dll

+ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}      (Not verified) Sun Microsystems, Inc.   c:\archivos de programa\openoffice.org 2.0\program\shlxthdl.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects         

+ AcroIEHlprObj Class   Adobe Acrobat IE Helper Version 7.0 for ActiveX   (Verified) Adobe Systems, Incorporated   c:\archivos de programa\adobe\acrobat 7.0\activex\acroiehelper.dll

+ EpsonToolBandKicker Class   EPSON Web-To-Page   (Not verified) SEIKO EPSON CORPORATION   c:\archivos de programa\epson\epson web-to-page\epson web-to-page.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks         

HKLM\Software\Microsoft\Internet Explorer\Toolbar         

+ epson web-to-page.dll   EPSON Web-To-Page   (Not verified) SEIKO EPSON CORPORATION   c:\archivos de programa\epson\epson web-to-page\epson web-to-page.dll

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars         

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars         

HKCU\Software\Microsoft\Internet Explorer\Extensions         

HKLM\Software\Microsoft\Internet Explorer\Extensions         

Task Scheduler         

HKLM\System\CurrentControlSet\Services         

+ ATI Smart   ATI Smart      c:\windows\system32\ati2sgag.exe

+ PcCtlCom   Manages the Trend Micro PC-cillin components.   (Not verified) Trend Micro Incorporated.   c:\archivos de programa\trend micro\internet security 2006\pcctlcom.exe

+ Tmntsrv   Enables scanning in real time.   (Not verified) Trend Micro Incorporated.   c:\archivos de programa\trend micro\internet security 2006\tmntsrv.exe

+ tmproxy   Manages the Trend Micro Proxy.   (Not verified) Trend Micro Inc.   c:\archivos de programa\trend micro\internet security 2006\tmproxy.exe

HKLM\System\CurrentControlSet\Services         

+ drwebnet   SpIDer Guard On-Access Anti-Virus Monitor      File not found: C:\WINDOWS\system32\drivers\drwebnet.sys

+ Pcouffin         File not found: System32\Drivers\Pcouffin.sys

+ Tmfilter   Post Filter For XP   (Verified) Trend Micro, Inc.   c:\windows\system32\drivers\tmxpflt.sys

+ Tmpreflt   Pre-Filter For XP   (Verified) Trend Micro, Inc.   c:\windows\system32\drivers\tmpreflt.sys

+ tmtdi   Trend Micro TDI Driver (i386-fre)   (Not verified) Trend Micro Inc.   c:\windows\system32\drivers\tmtdi.sys

+ Vsapint   VsapiNT    (Verified) Trend Micro, Inc.   c:\windows\system32\drivers\vsapint.sys

+ vsdatant         File not found: System32\vsdatant.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute         

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options         

HKLM\SOFTWARE\Microsoft\Command Processor\Autorun         

HKCU\SOFTWARE\Microsoft\Command Processor\Autorun         

HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls         

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL         

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman         

HKCU\Control Panel\Desktop\Scrnsave.exe         

+ none         File not found: none

HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName         

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9         

+ DrwebSP.MSAFD Tcpip [TCP/IP]   DrWeb (R) SpIDer Mail [Home Edition] Hook for Windows   (Not verified) Doctor Web Ltd.   c:\windows\system32\drwebsp.dll

+ DrwebSP.MSAFD Tcpip [UDP/IP]   DrWeb (R) SpIDer Mail [Home Edition] Hook for Windows   (Not verified) Doctor Web Ltd.   c:\windows\system32\drwebsp.dll

+ DrwebSP.RSVP TCP Service Provider   DrWeb (R) SpIDer Mail [Home Edition] Hook for Windows   (Not verified) Doctor Web Ltd.   c:\windows\system32\drwebsp.dll

+ DrwebSP.RSVP UDP Service Provider   DrWeb (R) SpIDer Mail [Home Edition] Hook for Windows   (Not verified) Doctor Web Ltd.   c:\windows\system32\drwebsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors         

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages         

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages         

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages