Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe!!! Unrecognized attempt blocked from (https://www.trojaner-board.de/54622-hilfe-unrecognized-attempt-blocked-from.html)

tummy 24.06.2008 10:18

Hilfe!!! Unrecognized attempt blocked from
 
Hallo,
habe da ein paar probleme mit mein internet....habe ein laptop und ein desktop an ein d-link DI-524.Nun wird dieser seid ein paar tagen angegriffen(zumindest denk ich das).Hier mal die log vom router:

-------------------------------------------------
System Logs
-------------------------------------------------
Tue Jun 24 10:49:20 2008 Set Device Time to: Mon Dec 31 23:59:29 2007
Tue Jun 24 10:49:24 2008 TX TCP reset for 192.168.0.4(1193) -> 192.168.0.1(80)
Tue Jun 24 10:49:28 2008 Syn time: Tue Jun 24 10:49:27 2008
Tue Jun 24 10:49:29 2008 Syn time: Tue Jun 24 10:49:29 2008
Tue Jun 24 10:49:39 2008 Unrecognized attempt blocked from 84.62.10.93:16693 to 84.62.147.102 TCP:135Tue Jun 24 10:49:40 2008 Unrecognized attempt blocked from 84.62.10.93:16713 to 84.62.147.102 TCP:135
Tue Jun 24 10:49:45 2008 PPPoE start to hang-up
Tue Jun 24 10:49:45 2008 PADT sent
Tue Jun 24 10:49:47 2008 DOD:TCP trigger from 192.168.0.3:3284 to 208.78.69.70:80
Tue Jun 24 10:49:47 2008 PPPoE start to dial-up
Tue Jun 24 10:49:47 2008 PADI sent arcor
Tue Jun 24 10:49:48 2008 PADR sent
Tue Jun 24 10:49:50 2008 PPP3: TX LCP Request
Tue Jun 24 10:49:50 2008 PPP3: Rx LCP Request
Tue Jun 24 10:49:50 2008 PPP3: TX LCP ACK
Tue Jun 24 10:49:50 2008 PPP3: Rx LCP ACK
Tue Jun 24 10:49:51 2008 CHAP3: CHAP authentication success, unit 13297
Tue Jun 24 10:49:51 2008 PPP3: Tx IPCP Reguest
Tue Jun 24 10:49:51 2008 PPP3: Rx IPCP Request
Tue Jun 24 10:49:51 2008 PPP3: Rx IPCP NACK/REJECT
Tue Jun 24 10:49:51 2008 IPCP3: IP is 84.62.157.166
Tue Jun 24 10:49:51 2008 IPCP3: DNS0 is 195.50.140.114
Tue Jun 24 10:49:51 2008 IPCP3: DNS1 is 195.50.140.252
Tue Jun 24 10:49:51 2008 PPP3: Tx IPCP Reguest
Tue Jun 24 10:49:51 2008 PPP3: Rx IPCP ACK
Tue Jun 24 10:50:02 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086
Tue Jun 24 10:50:03 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086
Tue Jun 24 10:50:04 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086
Tue Jun 24 10:50:06 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086
Tue Jun 24 10:50:11 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086
Tue Jun 24 10:50:21 2008 Unrecognized attempt blocked from 89.136.48.69:62589 to 84.62.157.166 TCP:1086

Tue Jun 24 10:50:25 2008 TX TCP reset for 192.168.0.4(1316) -> 192.168.0.1(80)
Tue Jun 24 10:52:07 2008 Unrecognized attempt blocked from 84.62.140.202:50749 to 84.62.157.166 TCP:135
Tue Jun 24 10:52:32 2008 Unrecognized attempt blocked from 92.227.202.13:28759 to 84.62.157.166 TCP:135
Tue Jun 24 10:54:26 2008 Unrecognized attempt blocked from 84.62.11.69:3877 to 84.62.157.166 TCP:445
Tue Jun 24 10:54:30 2008 Unrecognized attempt blocked from 77.12.125.189:59292 to 84.62.157.166 UDP:52777
Tue Jun 24 10:56:21 2008 Unrecognized attempt blocked from 84.62.11.69:4539 to 84.62.157.166 TCP:135
Tue Jun 24 10:56:50 2008 Unrecognized attempt blocked from 61.164.148.109:12200 to 84.62.157.166 TCP:7212
Tue Jun 24 10:56:51 2008 Unrecognized attempt blocked from 61.164.148.109:12200 to 84.62.157.166 TCP:9788
Tue Jun 24 10:57:03 2008 Unrecognized attempt blocked from 84.62.196.150:3297 to 84.62.157.166 TCP:135
Tue Jun 24 10:57:25 2008 Unrecognized attempt blocked from 84.62.158.192:5102 to 84.62.157.166 TCP:135
Tue Jun 24 10:57:36 2008 Unrecognized attempt blocked from 77.12.125.189:59292 to 84.62.157.166 UDP:52777
Tue Jun 24 10:57:42 2008 Unrecognized attempt blocked from 92.227.202.13:51630 to 84.62.157.166 TCP:135
Tue Jun 24 10:57:51 2008 Unrecognized attempt blocked from 77.12.125.189:59292 to 84.62.157.166 UDP:52777
Tue Jun 24 10:58:31 2008 Unrecognized attempt blocked from 88.65.209.154:34828 to 84.62.157.166 UDP:52777
Tue Jun 24 10:58:35 2008 Unrecognized attempt blocked from 88.65.209.154:34828 to 84.62.157.166 UDP:52777
Tue Jun 24 10:58:56 2008 Unrecognized attempt blocked from 92.227.202.13:8119 to 84.62.157.166 TCP:135
Tue Jun 24 11:01:41 2008 Unrecognized attempt blocked from 77.12.125.189:59292 to 84.62.157.166 UDP:52777
Tue Jun 24 11:03:16 2008 Unrecognized attempt blocked from 84.62.44.26:40286 to 84.62.157.166 TCP:135
Tue Jun 24 11:05:06 2008 Unrecognized attempt blocked from 88.65.209.154:34554 to 84.62.157.166 UDP:52777

Tue Jun 24 11:05:16 2008 Admin from 192.168.0.4 login successful

Hab auch schon mit das programm hijack logs von den rechnern gemacht:
1(laptop):


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:16, on 24.06.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Programme\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Programme\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Dokumente und Einstellungen\Joerg\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080425
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de-smb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080425
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=2080425
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/micr...?1209478831421
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Programme\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8219 bytes


2(desktop):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:08, on 24.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\VIA\RAID\raid_tool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\SPAMfighter\SFAgent.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SPAMfighter\sfus.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Opera\Opera.exe
C:\Programme\Outlook Express\msimn.exe
C:\WINDOWS\system32\java.exe
C:\Programme\Zylom Games\Da Vinci's Secret Deluxe\davincissecret.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://s4.bitefight.de/bite/uebersicht.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RaidTool] C:\Programme\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programme\SPAMfighter\sfus.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (file missing)

--
End of file - 5656 bytes


Leider kann ich mit den ganzen logs nicht viel anfangen,und bin auf eure hilfe angewiesen.Wär echt super wenn mir jemand helfen könnte....teilweise geht mein internet für ein paar minuten garnichtmehr....


m.f.g.

undoreal 24.06.2008 10:59

Hallo tummy.

Das sind alles Arcor Adressen. Also kein Grund zur Sorge.

Deine logs sind sauber. Allerdings solltest du am Desktop mal auf das Sevie Pack 3 updaten!!

Hattest du am Desktop das Game C:\Programme\Zylom Games\Da Vinci's Secret Deluxe\davincissecret.exe am Laufen während du den HJT Scan gemacht hast?

tummy 24.06.2008 12:29

Hallo,
ja das spiel war gerade am laufen.
Hatte das service pack3 auch schonmal aufn desktop,nur leider musste ich es wieder löschen weil der rechner immerwieder eingefroren ist.

m.f.g.

tummy 24.06.2008 20:06

Hallo,
jetzt habe ich ein neues problem,un zwar dieses:
Log aus dem router:

Tue Jun 24 20:58:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:58:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 20:59:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:14 2008 Unrecognized attempt blocked from 84.63.133.147:63456 to 84.63.150.174 TCP:135
Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:22 2008 Unrecognized attempt blocked from 84.63.95.195:31983 to 84.63.150.174 TCP:135
Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:00:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:01 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:16 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:31 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:46 2008 ICMP: type 3 code 13 from 84.63.128.1
Tue Jun 24 21:01:46 2008 PPPoE start to hang-up
Tue Jun 24 21:01:46 2008 PADT sent
Tue Jun 24 21:01:51 2008 DOD:triggered internally
Tue Jun 24 21:01:51 2008 PPPoE start to dial-up
Tue Jun 24 21:01:51 2008 PADI sent arcor
Tue Jun 24 21:01:51 2008 PADR sent
Tue Jun 24 21:01:54 2008 PPP3: TX LCP Request
Tue Jun 24 21:01:54 2008 PPP3: Rx LCP Request
Tue Jun 24 21:01:54 2008 PPP3: TX LCP ACK
Tue Jun 24 21:01:54 2008 PPP3: Rx LCP ACK
Tue Jun 24 21:01:54 2008 CHAP3: CHAP authentication success, unit 12293
Tue Jun 24 21:01:54 2008 PPP3: Tx IPCP Reguest
Tue Jun 24 21:01:54 2008 PPP3: Rx IPCP Request
Tue Jun 24 21:01:54 2008 PPP3: Rx IPCP NACK/REJECT
Tue Jun 24 21:01:54 2008 IPCP3: IP is 84.62.174.95
Tue Jun 24 21:01:54 2008 IPCP3: DNS0 is 195.50.140.114
Tue Jun 24 21:01:54 2008 IPCP3: DNS1 is 195.50.140.252
Tue Jun 24 21:01:54 2008 PPP3: Tx IPCP Reguest
Tue Jun 24 21:01:54 2008 PPP3: Rx IPCP ACK
Tue Jun 24 21:02:01 2008 ICMP: type 3 code 13 from 84.62.128.1
Tue Jun 24 21:02:01 2008 ICMP: type 3 code 13 from 84.62.128.1


hat es da vielleicht einer auf mich abgesehn???
Die ip ist von arcor,und der anschluss irgendwo in oberhausen.
Mein router macht dauernd trennung und das inet ist nurnoch am lahmen......


m.f.g.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132