Unrecognized attempt blocked from... immer im Router Log und Internet verlangsamt.

just4accs · 08.12.2008, 12:25

Hallo,

seit ca. 3 Tagen verlangsamt sich mein Internet ab und zu, von 12 MBit/s gehts runter auf 2 MBit/s. Da kam ich auf die Idee mal in den Router(D-Link DI-524) Einstellungen nachzuschauen ob sich jemand in mein W-Lan eingehackt hat. Da konnte ich nichts erkennen. Jedoch unter Status im Log des Routers waren sehr viele einträge die geblockt wurden:

Montag December 08, 2008 09:24:30 Unrecognized attempt blocked from 77.20.5.142:4166 to 77.20.69.143 TCP:445
Montag December 08, 2008 09:27:34 Unrecognized attempt blocked from 77.20.44.113:2626 to 77.20.69.143 TCP:445
Montag December 08, 2008 09:27:36 Unrecognized attempt blocked from 77.20.14.10:4261 to 77.20.69.143 TCP:445
Montag December 08, 2008 09:27:37 Unrecognized attempt blocked from 77.20.44.113:2626 to 77.20.69.143 TCP:445
Montag December 08, 2008 09:27:39 Unrecognized attempt blocked from 77.20.14.10:4261 to 77.20.69.143 TCP:445
Montag December 08, 2008 09:29:55 Unrecognized attempt blocked from 77.20.77.100:1337 to 77.20.69.143 TCP:445
Montag December 08, 2008 09:29:58 Unrecognized attempt blocked from 77.20.77.100:1337 to 77.20.69.143 TCP:445
Montag December 08, 2008 09:32:12 Unrecognized attempt blocked from 77.20.5.142:1401 to 77.20.69.143 TCP:445
Montag December 08, 2008 09:32:15 Unrecognized attempt blocked from 77.20.5.142:1401 to 77.20.69.143 TCP:445
Montag December 08, 2008 09:32:36 Unrecognized attempt blocked from 77.20.14.10:1293 to 77.20.69.143 TCP:445

und das ca. 40 mal (Seiten)

Ich weiß nicht was los ist. Antivir findet nix. Spybot auch nix.

Ich hab mal hier ein HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:46, on 08.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Saiko\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer3\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7592 bytes

Ich hoffe ihr könnt mir helfen. Danke.

just4accs · 08.12.2008, 18:44

Helft mir bitte die angriffe gehen immernoch weiter.

Montag December 08, 2008 18:36:25 Unrecognized attempt blocked from 91.67.37.227:4438 to 91.67.59.180 TCP:445
Montag December 08, 2008 18:36:42 Unrecognized attempt blocked from 91.67.37.227:1420 to 91.67.59.180 TCP:445
Montag December 08, 2008 18:36:45 Unrecognized attempt blocked from 91.67.37.227:1420 to 91.67.59.180 TCP:445
Montag December 08, 2008 18:37:52 Unrecognized attempt blocked from 91.66.43.160:4131 to 91.67.59.180 TCP:445
Montag December 08, 2008 18:37:55 Unrecognized attempt blocked from 91.66.43.160:4131 to 91.67.59.180 TCP:445
Montag December 08, 2008 18:40:34 Unrecognized attempt blocked from 91.67.68.193:3106 to 91.67.59.180 TCP:445
Montag December 08, 2008 18:40:37 Unrecognized attempt blocked from 91.67.68.193:3106 to 91.67.59.180 TCP:445
Montag December 08, 2008 18:41:22 Unrecognized attempt blocked from 91.67.178.17:4090 to 91.67.59.180 TCP:445
Montag December 08, 2008 18:41:25 Unrecognized attempt blocked from 91.67.178.17:4090 to 91.67.59.180 TCP:445
Montag December 08, 2008 18:41:42 Unrecognized attempt blocked from 91.67.251.66:1352 to 91.67.59.180 TCP:445

die log ist zu groß um sie zu posten und zu groß um sie als anhang zu posten xD

just4accs · 08.12.2008, 21:29

durch suchen und suchen und suchen habe ich herausgefunden dass es irgendwie an meinem provider kabel deutschland liegt dass die ganze zeit zugriffe über tcp 445 geloggt werden und wäre 99% ungefählich und sollte ignoriert werden. was meint ihr dazu. sorry wegen tripplepost aber man kann nach ner gewissen zeit hier keinen beitrag editieren.

KarlKarl · 08.12.2008, 22:38

Hi,

da steht "attempt blocked". Also egal, was dahinter steckt (und das müssen keine bösen Absichten sein), es wirkt sowieso nicht. Also kannst du es einfach vergessen. Es wurde bemerkt und blockiert. Sorgen macht man sich wegen der Sachen, die nicht bemerkt werden, die stehen dann aber natürlich auch in keinem Log

das sind ein bis zwei Pakete pro Minute, das ist verdammt wenig. Es gibt Netzabschnitte, da prasselt ein vielfaches auf jeden angeschlossenen Rechner rein.

Gruß, Karl

just4accs · 09.12.2008, 09:30

ok danke

Unrecognized attempt blocked from... immer im Router Log und Internet verlangsamt.

Log-Analyse und Auswertung: Unrecognized attempt blocked from... immer im Router Log und Internet verlangsamt.