|  | 
| 
 | |||||||
| Log-Analyse und Auswertung: Hilfe!!! Unrecognized attempt blocked fromWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. | 
|  | 
|  24.06.2008, 10:18 | #1 | 
|  |   Hilfe!!! Unrecognized attempt blocked from Hallo, habe da ein paar probleme mit mein internet....habe ein laptop und ein desktop an ein d-link DI-524.Nun wird dieser seid ein paar tagen angegriffen(zumindest denk ich das).Hier mal die log vom router: ------------------------------------------------- System Logs ------------------------------------------------- Tue Jun 24 10:49:20 2008 Set Device Time to: Mon Dec 31 23:59:29 2007 Tue Jun 24 10:49:24 2008 TX TCP reset for 192.168.0.4(1193) -> 192.168.0.1(80) Tue Jun 24 10:49:28 2008 Syn time: Tue Jun 24 10:49:27 2008 Tue Jun 24 10:49:29 2008 Syn time: Tue Jun 24 10:49:29 2008 Tue Jun 24 10:49:39 2008 Unrecognized attempt blocked from 84.62.10.93:16693 to 84.62.147.102 TCP:135Tue Jun 24 10:49:40 2008 Unrecognized attempt blocked from 84.62.10.93:16713 to 84.62.147.102 TCP:135 Tue Jun 24 10:49:45 2008 PPPoE start to hang-up Tue Jun 24 10:49:45 2008 PADT sent Tue Jun 24 10:49:47 2008 DOD:TCP trigger from 192.168.0.3:3284 to 208.78.69.70:80 Tue Jun 24 10:49:47 2008 PPPoE start to dial-up Tue Jun 24 10:49:47 2008 PADI sent arcor Tue Jun 24 10:49:48 2008 PADR sent Tue Jun 24 10:49:50 2008 PPP3: TX LCP Request Tue Jun 24 10:49:50 2008 PPP3: Rx LCP Request Tue Jun 24 10:49:50 2008 PPP3: TX LCP ACK Tue Jun 24 10:49:50 2008 PPP3: Rx LCP ACK Tue Jun 24 10:49:51 2008 CHAP3: CHAP authentication success, unit 13297 Tue Jun 24 10:49:51 2008 PPP3: Tx IPCP Reguest Tue Jun 24 10:49:51 2008 PPP3: Rx IPCP Request Tue Jun 24 10:49:51 2008 PPP3: Rx IPCP NACK/REJECT Tue Jun 24 10:49:51 2008 IPCP3: IP is 84.62.157.166 Tue Jun 24 10:49:51 2008 IPCP3: DNS0 is 195.50.140.114 Tue Jun 24 10:49:51 2008 IPCP3: DNS1 is 195.50.140.252 Tue Jun 24 10:49:51 2008 PPP3: Tx IPCP Reguest Tue Jun 24 10:49:51 2008 PPP3: Rx IPCP ACK Tue Jun 24 10:50:02 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086 Tue Jun 24 10:50:03 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086 Tue Jun 24 10:50:04 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086 Tue Jun 24 10:50:06 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086 Tue Jun 24 10:50:11 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086 Tue Jun 24 10:50:21 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086 Tue Jun 24 10:50:25 2008 TX TCP reset for 192.168.0.4(1316) -> 192.168.0.1(80) Tue Jun 24 10:52:07 2008 Unrecognized attempt blocked from 84.62.140.202:50749 to 84.62.157.166 TCP:135 Tue Jun 24 10:52:32 2008 Unrecognized attempt blocked from 92.227.202.13:28759 to 84.62.157.166 TCP:135 Tue Jun 24 10:54:26 2008 Unrecognized attempt blocked from 84.62.11.69:3877 to 84.62.157.166 TCP:445 Tue Jun 24 10:54:30 2008 Unrecognized attempt blocked from 77.12.125.189:59292 to 84.62.157.166 UDP:52777 Tue Jun 24 10:56:21 2008 Unrecognized attempt blocked from 84.62.11.69:4539 to 84.62.157.166 TCP:135 Tue Jun 24 10:56:50 2008 Unrecognized attempt blocked from 61.164.148.109:12200 to 84.62.157.166 TCP:7212 Tue Jun 24 10:56:51 2008 Unrecognized attempt blocked from 61.164.148.109:12200 to 84.62.157.166 TCP:9788 Tue Jun 24 10:57:03 2008 Unrecognized attempt blocked from 84.62.196.150:3297 to 84.62.157.166 TCP:135 Tue Jun 24 10:57:25 2008 Unrecognized attempt blocked from 84.62.158.192:5102 to 84.62.157.166 TCP:135 Tue Jun 24 10:57:36 2008 Unrecognized attempt blocked from 77.12.125.189:59292 to 84.62.157.166 UDP:52777 Tue Jun 24 10:57:42 2008 Unrecognized attempt blocked from 92.227.202.13:51630 to 84.62.157.166 TCP:135 Tue Jun 24 10:57:51 2008 Unrecognized attempt blocked from 77.12.125.189:59292 to 84.62.157.166 UDP:52777 Tue Jun 24 10:58:31 2008 Unrecognized attempt blocked from 88.65.209.154:34828 to 84.62.157.166 UDP:52777 Tue Jun 24 10:58:35 2008 Unrecognized attempt blocked from 88.65.209.154:34828 to 84.62.157.166 UDP:52777 Tue Jun 24 10:58:56 2008 Unrecognized attempt blocked from 92.227.202.13:8119 to 84.62.157.166 TCP:135 Tue Jun 24 11:01:41 2008 Unrecognized attempt blocked from 77.12.125.189:59292 to 84.62.157.166 UDP:52777 Tue Jun 24 11:03:16 2008 Unrecognized attempt blocked from 84.62.44.26:40286 to 84.62.157.166 TCP:135 Tue Jun 24 11:05:06 2008 Unrecognized attempt blocked from 88.65.209.154:34554 to 84.62.157.166 UDP:52777 Tue Jun 24 11:05:16 2008 Admin from 192.168.0.4 login successful Hab auch schon mit das programm hijack logs von den rechnern gemacht: 1(laptop): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:54:16, on 24.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\OEM02Mon.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe C:\Programme\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\KADxMain.exe C:\Programme\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Digital Line Detect\DLG.exe C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\taskmgr.exe C:\Dokumente und Einstellungen\Joerg\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080425 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de-smb R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080425 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080425 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dscactivate] "C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/micr...?1209478831421 O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Programme\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - Unknown owner - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (file missing) O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8219 bytes 2(desktop): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:08, on 24.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\VIA\RAID\raid_tool.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\SPAMfighter\SFAgent.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\SPAMfighter\sfus.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Opera\Opera.exe C:\Programme\Outlook Express\msimn.exe C:\WINDOWS\system32\java.exe C:\Programme\Zylom Games\Da Vinci's Secret Deluxe\davincissecret.exe C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://s4.bitefight.de/bite/uebersicht.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll O4 - HKLM\..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programme\SPAMfighter\sfus.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (file missing) -- End of file - 5656 bytes Leider kann ich mit den ganzen logs nicht viel anfangen,und bin auf eure hilfe angewiesen.Wär echt super wenn mir jemand helfen könnte....teilweise geht mein internet für ein paar minuten garnichtmehr.... m.f.g. | 
|  24.06.2008, 10:59 | #2 | 
| /// AVZ-Toolkit Guru      |   Hilfe!!! Unrecognized attempt blocked from Hallo tummy.__________________ Das sind alles Arcor Adressen. Also kein Grund zur Sorge. Deine logs sind sauber. Allerdings solltest du am Desktop mal auf das Sevie Pack 3 updaten!! Hattest du am Desktop das Game C:\Programme\Zylom Games\Da Vinci's Secret Deluxe\davincissecret.exe am Laufen während du den HJT Scan gemacht hast? 
				__________________ | 
|  24.06.2008, 12:29 | #3 | 
|  |   Hilfe!!! Unrecognized attempt blocked from Hallo,__________________ ja das spiel war gerade am laufen. Hatte das service pack3 auch schonmal aufn desktop,nur leider musste ich es wieder löschen weil der rechner immerwieder eingefroren ist. m.f.g. | 
|  24.06.2008, 20:06 | #4 | 
|  |   Hilfe!!! Unrecognized attempt blocked from Hallo, jetzt habe ich ein neues problem,un zwar dieses: Log aus dem router: Tue Jun 24 20:58:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:14 2008 Unrecognized attempt blocked from 84.63.133.147:63456 to 84.63.150.174 TCP:135 Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:22 2008 Unrecognized attempt blocked from 84.63.95.195:31983 to 84.63.150.174 TCP:135 Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1 Tue Jun 24 21:01:46 2008 PPPoE start to hang-up Tue Jun 24 21:01:46 2008 PADT sent Tue Jun 24 21:01:51 2008 DOD:triggered internally Tue Jun 24 21:01:51 2008 PPPoE start to dial-up Tue Jun 24 21:01:51 2008 PADI sent arcor Tue Jun 24 21:01:51 2008 PADR sent Tue Jun 24 21:01:54 2008 PPP3: TX LCP Request Tue Jun 24 21:01:54 2008 PPP3: Rx LCP Request Tue Jun 24 21:01:54 2008 PPP3: TX LCP ACK Tue Jun 24 21:01:54 2008 PPP3: Rx LCP ACK Tue Jun 24 21:01:54 2008 CHAP3: CHAP authentication success, unit 12293 Tue Jun 24 21:01:54 2008 PPP3: Tx IPCP Reguest Tue Jun 24 21:01:54 2008 PPP3: Rx IPCP Request Tue Jun 24 21:01:54 2008 PPP3: Rx IPCP NACK/REJECT Tue Jun 24 21:01:54 2008 IPCP3: IP is 84.62.174.95 Tue Jun 24 21:01:54 2008 IPCP3: DNS0 is 195.50.140.114 Tue Jun 24 21:01:54 2008 IPCP3: DNS1 is 195.50.140.252 Tue Jun 24 21:01:54 2008 PPP3: Tx IPCP Reguest Tue Jun 24 21:01:54 2008 PPP3: Rx IPCP ACK Tue Jun 24 21:02:01 2008 ICMP: type 3 code 13 from 84.62.128.1 Tue Jun 24 21:02:01 2008 ICMP: type 3 code 13 from 84.62.128.1 hat es da vielleicht einer auf mich abgesehn??? Die ip ist von arcor,und der anschluss irgendwo in oberhausen. Mein router macht dauernd trennung und das inet ist nurnoch am lahmen...... m.f.g. | 
|  | 
| Themen zu Hilfe!!! Unrecognized attempt blocked from | 
| administrator, adobe, bho, browser, desktop, einstellungen, error, explorer, firefox, helfen, hijack, hijackthis, hilfe!!, hilfe!!!, hkus\s-1-5-18, internet explorer, monitor, mozilla, mozilla firefox, outlook express, programm, registry, rundll, software, super, system, tcp, temp, tuneup.defrag, udp, windows, windows xp, windows xp sp3, xp sp3 |