HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.

Sputnik2 · 29.12.2010, 16:23

Hallo,

ich poste nun nochmal mein HiJack-Logfile sowie ein GMER-Logfile.

Vielleicht koennte sich mal jemand die Prozesse ansehen. Ich hatte schon mal gepostet allerdings hat niemand mehr geantwortet.

Ich habe zuletzt noch festgestellt, dass Kerio seid geraumer Zeit immer Backdoor-Angriffe anzeigt, die mein Internet lahmlegen und auch Skype ungewoehnliche Verbindungen nach aussen ahn, was dann auch dazu fuehrt, dass sich das Programm nicht verbinden kann.

Da ich schon super viele Scans gemacht habe und selber nichts finde waere es gut wenn sich jeamand die Files ansehen koennte.

Vielen Dank

HiJack
-------------------------------------------------------------------------------------HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:40:42 AM, on 12/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Simone\My Documents\Downloads\HiJackThis204.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - - (no file)
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
 
--
End of file - 10157 bytes

--- --- ---

GMER
-------------------------------------------------------------------------------------GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2010-12-22 17:22:09
Windows 5.1.2600 Service Pack 3
 
 
---- System - GMER 1.0.15 ----
 
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9ECB6AE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9EA9A96]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9EA9D5E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9ECC04C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9ECC3D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9ECA8EC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB59C26C0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9ECC91A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9ECBA50]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB59C2770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB59C2810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB59C28B0]
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes JMP EA9D5EB9 
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[600] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
 
---- User IAT/EAT - GMER 1.0.15 ----
 
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 
Device \Driver\BTHUSB \Device\000000a0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
 
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 
Device \Driver\BTHUSB \Device\000000a2 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
 
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001ec2948f29 
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001ec2948f29 
 
---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 30.12.2010, 17:41

Zitat:

dass Kerio seid geraumer Zeit immer Backdoor-Angriffe anzeigt

Jaja die "tollen" Personal Firewalls, auch als bunte Desktop-Discos bekannt, melden so ziemlich jeden ungefährlichen Furz aus dem Internet. Poste mal die genaue Meldung, dann sehen wir weiter.
Kerio kannst du getrost in die Tonne treten, PFWs sind kontraproduktiv, besser einen DSL-Router in Kombination mit der Windows-Firewall verwenden.

Sputnik2 · 30.12.2010, 17:56

Ja ja ich habe schon gelesen, dass du ein totaler Gegner von den Firewalls bist.

Aber was heisst DSL-Router in Kombination mit Windows?

Aber super, dass sich hier jemand meldet. Danke.

cosinus · 30.12.2010, 17:59

Zitat:

Aber was heisst DSL-Router in Kombination mit Windows?

Windows-Firewall

Wo ist die genaue Meldung dieser Blödsinns-Software?

Sputnik2 · 30.12.2010, 18:25

Ja aus dieser bloedsinns Software laesst sich kein Log von der Seite mit den Angriffen erstellen.

Falls du eine Idee hast wie oder wo ich das finde, dann schicke ich es dir gerne!

Gruesse

Sputnik2 · 30.12.2010, 18:39

[25/Sep/2010 18:57:48] "Ids" action = 'detected', raddr = '74.125.77.99', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[28/Sep/2010 00:52:39] "Ids" action = 'detected', raddr = '81.169.145.247', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[28/Sep/2010 15:02:56] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:02:59] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:03:05] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:03:17] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:03:41] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:04:29] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 15:06:05] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:23:01] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:23:02] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:23:04] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:23:10] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[28/Sep/2010 20:55:50] "Ids" action = 'detected', raddr = '81.169.145.247', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[28/Sep/2010 20:56:11] "Ids" action = 'detected', raddr = '81.169.145.247', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[07/Oct/2010 10:58:20] "Ids" action = 'detected', raddr = '212.34.180.28', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[12/Oct/2010 16:50:22] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:50:25] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:50:31] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:50:43] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:51:07] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:51:55] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[12/Oct/2010 16:53:31] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[13/Oct/2010 23:03:27] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 03:08:55] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 03:08:59] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 06:50:46] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 06:50:49] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[14/Oct/2010 10:10:14] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[15/Oct/2010 10:47:28] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:00:45] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:00:48] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:00:54] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:01:06] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:01:29] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:02:18] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 17:03:54] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:39:42] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:39:46] Last message repeated 3 times
[17/Oct/2010 20:39:54] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:40:03] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:40:27] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:41:15] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Oct/2010 20:42:51] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[27/Oct/2010 13:34:09] "Ids" action = 'detected', raddr = '217.72.192.84', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[27/Oct/2010 13:35:14] "Ids" action = 'deny', raddr = '217.72.204.230', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[27/Oct/2010 13:35:19] Last message repeated 7 times
[27/Oct/2010 13:35:20] "Ids" action = 'deny', raddr = '217.72.204.230', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[27/Oct/2010 13:35:45] "Ids" action = 'detected', raddr = '217.72.192.84', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[27/Oct/2010 13:36:28] "Ids" action = 'detected', raddr = '192.67.198.33', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[27/Oct/2010 13:36:49] "Ids" action = 'detected', raddr = '192.67.198.33', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[27/Oct/2010 13:37:51] "Ids" action = 'detected', raddr = '192.67.198.33', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[02/Nov/2010 21:29:12] "Ids" action = 'detected', raddr = '72.21.211.171', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[17/Nov/2010 12:45:26] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:28] Last message repeated 12 times
[17/Nov/2010 12:45:28] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:34] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:34] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:42] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:45:52] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[17/Nov/2010 12:46:02] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:37:00] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:37:04] Last message repeated 5 times
[23/Nov/2010 13:37:09] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:37:21] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:37:44] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 13:38:33] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:04:49] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:04:52] Last message repeated 9 times
[23/Nov/2010 17:04:53] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:04:58] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:05:03] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:05:19] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:05:46] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:06:44] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[23/Nov/2010 17:08:38] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:01] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:04] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:10] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:22] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:02:46] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:03:34] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[25/Nov/2010 18:05:10] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 00:06:01] "Ids" action = 'detected', raddr = '192.168.1.66', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[07/Dec/2010 11:48:16] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:48:19] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:48:25] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:48:37] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:49:01] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:49:49] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[07/Dec/2010 11:51:25] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium
[10/Dec/2010 01:07:14] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:17] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:43] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:45] "Ids" action = 'deny', raddr = '142.68.93.148', msg = 'BACKDOOR trojan active theprayer1', url = 'hxxp://www.whitehats.com/info/IDS48', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:46] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:48] "Ids" action = 'deny', raddr = '142.68.93.148', msg = 'BACKDOOR trojan active theprayer1', url = 'hxxp://www.whitehats.com/info/IDS48', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:50] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:54] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:54] "Ids" action = 'deny', raddr = '142.68.93.148', msg = 'BACKDOOR trojan active theprayer1', url = 'hxxp://www.whitehats.com/info/IDS48', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:07:56] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:08:05] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:08:08] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:08:50] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:19] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:22] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:26] Last message repeated 3 times
[10/Dec/2010 01:09:29] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:32] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:41] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:09:44] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:05] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:08] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:34] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:38] Last message repeated 3 times
[10/Dec/2010 01:13:41] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:44] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:50] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:13:56] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[10/Dec/2010 01:14:02] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:43:15] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:43:18] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:43:24] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:45:08] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:45:11] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:45:17] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:49:58] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:50:06] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:50:09] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[12/Dec/2010 22:50:15] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:21:32] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:21:35] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:21:41] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:22:38] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:22:41] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:22:47] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:23:19] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:23:23] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:23:28] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:24:24] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:24:29] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:24:33] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:28:12] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:28:17] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:28:21] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:29:06] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:29:11] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:29:15] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:30:34] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:30:37] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:30:43] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:32:31] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:32:35] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[13/Dec/2010 00:32:40] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high
[15/Dec/2010 18:37:44] "Ids" action = 'detected', raddr = '95.101.182.161', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[15/Dec/2010 18:38:22] "Ids" action = 'detected', raddr = '95.101.182.161', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[20/Dec/2010 17:07:57] "Ids" action = 'detected', raddr = '2.20.30.161', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan
[21/Dec/2010 18:14:02] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:06] Last message repeated 3 times
[21/Dec/2010 18:14:07] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:12] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:13] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:18] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:26] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:30] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:50] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:14:54] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:15:38] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 18:15:42] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:14] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:15] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:16] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:16] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:17] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:19] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:19] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:23] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:23] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:25] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:25] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:31] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[21/Dec/2010 21:47:32] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[28/Dec/2010 17:33:43] "Ids" action = 'detected', raddr = '209.85.229.118', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan

cosinus · 30.12.2010, 18:48

Code:

ATTFilter

[21/Dec/2010 21:47:32] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high
[28/Dec/2010 17:33:43] "Ids" action = 'detected', raddr = '209.85.229.118', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan

Was Kerio da macht ist mir schleierhaft.
ich seh da nur eine IP-Nummer plus zugehörige URL dazu, aber was das ganze mit "BACKDOOR" zu tun haben soll ergibt sich so nicht. Und genau das hast du immer wieder bei PFWs, da ist das Interpretieren der Logs schon eine Wissenschaft für sich, selbst wenn man Protokoll- und Netzwerkkenntnisse hat.

Portscans sind völlig harmlos. Warum eine PFW das meldet hab ich auch nicht begfriffen, ich kann mir nur erklären, dass die sich oberwichtig machen will, um dem User, der so Bezahl-PFW gekauft hat, das schöne Gefühl bekommt das Geld gut investiert zu haben

Ich würde diesen Kerio-Schrott ersatzlos streichen. Aktiviere die fest im Betriebssystem verankerte Windows-Firewall.

Lies auch nochmal hier warum PFWs nicht zu empfehlen sind, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de
NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de
microsoft.public.de.security.heimanwender FAQ

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?

Sputnik2 · 30.12.2010, 19:01

Ja ich habe das im Vorfeld schon alles gelesen.

Trotzdem bleibt mein Problem, dass seid einem Jahr irgendwo ein Fehler in meinem System sein muss - wurde mehrfach darauf hingewiesen.

Ich habe auch schon den Rechner neu bespielt und diverse Programme laufen lassen. Kerio war eher eine moegliche Info fuer die Helfer hier.

Schoene Gruesse

cosinus · 30.12.2010, 19:11

Die Interverbindungsprobleme sind auch auf einem frischen XP mit allen Updates - ohne Kerio oder andere sinnfreie PFW?

Sputnik2 · 30.12.2010, 19:20

Nein, das mit dem lahm gelegten Internet ist eher neu.

cosinus · 30.12.2010, 19:34

Lässt sich das zeitlich eingrenzen? Oder eine Programminstallation / Systemänderung als mögliche Ursache zu benennen?

Sputnik2 · 30.12.2010, 19:44

Genau sagen kann ich das nicht, dass meine Emails irgendwie public waren (und immer noch sind) liegt ungefaehr ein knappes Jahr zurueck - rueckblickend kann es aber auch sein, dass mein System schon davor veraendert wurde.

Den Computer neu aufgesetzt habe ich im Juni oder Juli - sowohl OsX als auch Windows.

cosinus · 30.12.2010, 19:56

So ohne Anhaltspunkte wird es schwierig bis unmöglich die Ursache ausfindig zu machen.

Sputnik2 · 30.12.2010, 20:06

Tja, Anhaltspunkte.

Ich habe die Festplatte nicht komplett platt gemacht also, will heissen der Name der alten Windowspartition taucht immer noch in Manchen Prozessen auf.

Ich kann es nicht sagen - wie was wo, ob Desktop Mirror oder Remoteueberwachung oder sonstiges? Bios Virus....eingebautes Mikro.........

cosinus · 30.12.2010, 20:26

Du hast nicht formatiert??

30.12.2010, 19:11	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. Die Interverbindungsprobleme sind auch auf einem frischen XP mit allen Updates - ohne Kerio oder andere sinnfreie PFW? __________________ Logfiles bitte immer in CODE-Tags posten

30.12.2010, 19:34	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. Lässt sich das zeitlich eingrenzen? Oder eine Programminstallation / Systemänderung als mögliche Ursache zu benennen? __________________ Logfiles bitte immer in CODE-Tags posten

30.12.2010, 19:56	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. So ohne Anhaltspunkte wird es schwierig bis unmöglich die Ursache ausfindig zu machen. __________________ Logfiles bitte immer in CODE-Tags posten

30.12.2010, 20:26	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. Du hast nicht formatiert?? __________________ Logfiles bitte immer in CODE-Tags posten

HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.

Log-Analyse und Auswertung: HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.