|
HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. Hallo, ich poste nun nochmal mein HiJack-Logfile sowie ein GMER-Logfile. Vielleicht koennte sich mal jemand die Prozesse ansehen. Ich hatte schon mal gepostet allerdings hat niemand mehr geantwortet. Ich habe zuletzt noch festgestellt, dass Kerio seid geraumer Zeit immer Backdoor-Angriffe anzeigt, die mein Internet lahmlegen und auch Skype ungewoehnliche Verbindungen nach aussen ahn, was dann auch dazu fuehrt, dass sich das Programm nicht verbinden kann. Da ich schon super viele Scans gemacht habe und selber nichts finde waere es gut wenn sich jeamand die Files ansehen koennte. Vielen Dank HiJack -------------------------------------------------------------------------------------HiJackthis Logfile: Code: Logfile of Trend Micro HijackThis v2.0.4GMER -------------------------------------------------------------------------------------GMER Logfile: Code: GMER 1.0.15.14966 - hxxp://www.gmer.net |
Zitat:
Jaja die "tollen" Personal Firewalls, auch als bunte Desktop-Discos bekannt, melden so ziemlich jeden ungefährlichen Furz aus dem Internet. Poste mal die genaue Meldung, dann sehen wir weiter. Kerio kannst du getrost in die Tonne treten, PFWs sind kontraproduktiv, besser einen DSL-Router in Kombination mit der Windows-Firewall verwenden. |
Ja ja ich habe schon gelesen, dass du ein totaler Gegner von den Firewalls bist. Aber was heisst DSL-Router in Kombination mit Windows? Aber super, dass sich hier jemand meldet. Danke. |
Zitat:
Wo ist die genaue Meldung dieser Blödsinns-Software? |
Ja aus dieser bloedsinns Software laesst sich kein Log von der Seite mit den Angriffen erstellen. Falls du eine Idee hast wie oder wo ich das finde, dann schicke ich es dir gerne! Gruesse |
[25/Sep/2010 18:57:48] "Ids" action = 'detected', raddr = '74.125.77.99', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [28/Sep/2010 00:52:39] "Ids" action = 'detected', raddr = '81.169.145.247', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [28/Sep/2010 15:02:56] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 15:02:59] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 15:03:05] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 15:03:17] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 15:03:41] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 15:04:29] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 15:06:05] "Ids" action = 'deny', raddr = '62.245.164.236', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 20:23:01] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 20:23:02] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 20:23:04] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 20:23:10] "Ids" action = 'deny', raddr = '213.235.255.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [28/Sep/2010 20:55:50] "Ids" action = 'detected', raddr = '81.169.145.247', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [28/Sep/2010 20:56:11] "Ids" action = 'detected', raddr = '81.169.145.247', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [07/Oct/2010 10:58:20] "Ids" action = 'detected', raddr = '212.34.180.28', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [12/Oct/2010 16:50:22] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [12/Oct/2010 16:50:25] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [12/Oct/2010 16:50:31] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [12/Oct/2010 16:50:43] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [12/Oct/2010 16:51:07] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [12/Oct/2010 16:51:55] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [12/Oct/2010 16:53:31] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [13/Oct/2010 23:03:27] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [14/Oct/2010 03:08:55] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [14/Oct/2010 03:08:59] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [14/Oct/2010 06:50:46] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [14/Oct/2010 06:50:49] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [14/Oct/2010 10:10:14] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [15/Oct/2010 10:47:28] "Ids" action = 'deny', raddr = '85.214.137.94', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 17:00:45] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 17:00:48] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 17:00:54] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 17:01:06] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 17:01:29] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 17:02:18] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 17:03:54] "Ids" action = 'deny', raddr = '92.122.217.40', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 20:39:42] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 20:39:46] Last message repeated 3 times [17/Oct/2010 20:39:54] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 20:40:03] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 20:40:27] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 20:41:15] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Oct/2010 20:42:51] "Ids" action = 'deny', raddr = '68.142.234.143', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [27/Oct/2010 13:34:09] "Ids" action = 'detected', raddr = '217.72.192.84', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [27/Oct/2010 13:35:14] "Ids" action = 'deny', raddr = '217.72.204.230', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [27/Oct/2010 13:35:19] Last message repeated 7 times [27/Oct/2010 13:35:20] "Ids" action = 'deny', raddr = '217.72.204.230', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [27/Oct/2010 13:35:45] "Ids" action = 'detected', raddr = '217.72.192.84', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [27/Oct/2010 13:36:28] "Ids" action = 'detected', raddr = '192.67.198.33', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [27/Oct/2010 13:36:49] "Ids" action = 'detected', raddr = '192.67.198.33', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [27/Oct/2010 13:37:51] "Ids" action = 'detected', raddr = '192.67.198.33', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [02/Nov/2010 21:29:12] "Ids" action = 'detected', raddr = '72.21.211.171', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [17/Nov/2010 12:45:26] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Nov/2010 12:45:28] Last message repeated 12 times [17/Nov/2010 12:45:28] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Nov/2010 12:45:34] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Nov/2010 12:45:34] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Nov/2010 12:45:42] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Nov/2010 12:45:52] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [17/Nov/2010 12:46:02] "Ids" action = 'deny', raddr = '209.85.229.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 13:37:00] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 13:37:04] Last message repeated 5 times [23/Nov/2010 13:37:09] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 13:37:21] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 13:37:44] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 13:38:33] "Ids" action = 'deny', raddr = '213.165.65.100', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 17:04:49] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 17:04:52] Last message repeated 9 times [23/Nov/2010 17:04:53] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 17:04:58] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 17:05:03] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 17:05:19] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 17:05:46] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 17:06:44] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [23/Nov/2010 17:08:38] "Ids" action = 'deny', raddr = '173.194.13.86', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [25/Nov/2010 18:02:01] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [25/Nov/2010 18:02:04] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [25/Nov/2010 18:02:10] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [25/Nov/2010 18:02:22] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [25/Nov/2010 18:02:46] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [25/Nov/2010 18:03:34] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [25/Nov/2010 18:05:10] "Ids" action = 'deny', raddr = '212.34.128.216', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [07/Dec/2010 00:06:01] "Ids" action = 'detected', raddr = '192.168.1.66', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [07/Dec/2010 11:48:16] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [07/Dec/2010 11:48:19] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [07/Dec/2010 11:48:25] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [07/Dec/2010 11:48:37] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [07/Dec/2010 11:49:01] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [07/Dec/2010 11:49:49] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [07/Dec/2010 11:51:25] "Ids" action = 'deny', raddr = '217.72.204.116', msg = 'DOS MSDTC attempt', url = 'hxxp://www.securityfocus.com/bid/4006', direc = 'in', class = 'attempted-dos', priority = medium [10/Dec/2010 01:07:14] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:07:17] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:07:43] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:07:45] "Ids" action = 'deny', raddr = '142.68.93.148', msg = 'BACKDOOR trojan active theprayer1', url = 'hxxp://www.whitehats.com/info/IDS48', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:07:46] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:07:48] "Ids" action = 'deny', raddr = '142.68.93.148', msg = 'BACKDOOR trojan active theprayer1', url = 'hxxp://www.whitehats.com/info/IDS48', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:07:50] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:07:54] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:07:54] "Ids" action = 'deny', raddr = '142.68.93.148', msg = 'BACKDOOR trojan active theprayer1', url = 'hxxp://www.whitehats.com/info/IDS48', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:07:56] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:08:05] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:08:08] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:08:50] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:09:19] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:09:22] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:09:26] Last message repeated 3 times [10/Dec/2010 01:09:29] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:09:32] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:09:41] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:09:44] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:13:05] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:13:08] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:13:34] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:13:38] Last message repeated 3 times [10/Dec/2010 01:13:41] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:13:44] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:13:50] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:13:56] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [10/Dec/2010 01:14:02] "Ids" action = 'deny', raddr = '219.74.66.206', msg = 'BACKDOOR trojan active back orifice', url = 'hxxp://www.whitehats.com/info/IDS189', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:43:15] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:43:18] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:43:24] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:45:08] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:45:11] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:45:17] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:49:58] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:50:06] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:50:09] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [12/Dec/2010 22:50:15] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:21:32] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:21:35] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:21:41] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:22:38] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:22:41] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:22:47] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:23:19] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:23:23] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:23:28] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:24:24] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:24:29] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:24:33] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:28:12] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:28:17] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:28:21] "Ids" action = 'deny', raddr = '68.173.224.206', msg = 'BACKDOOR Trojan active Theunexplained', url = 'hxxp://www.whitehats.com/info/IDS44', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:29:06] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:29:11] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:29:15] "Ids" action = 'deny', raddr = '85.251.28.27', msg = 'BACKDOOR trojan active devil103', url = 'hxxp://www.whitehats.com/info/IDS104', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:30:34] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:30:37] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:30:43] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:32:31] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:32:35] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high [13/Dec/2010 00:32:40] "Ids" action = 'deny', raddr = '85.23.163.79', msg = 'BACKDOOR trojan active sennaspy', url = 'hxxp://www.whitehats.com/info/IDS61', direc = 'in', class = 'successful-user', priority = high [15/Dec/2010 18:37:44] "Ids" action = 'detected', raddr = '95.101.182.161', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [15/Dec/2010 18:38:22] "Ids" action = 'detected', raddr = '95.101.182.161', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [20/Dec/2010 17:07:57] "Ids" action = 'detected', raddr = '2.20.30.161', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan [21/Dec/2010 18:14:02] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:14:06] Last message repeated 3 times [21/Dec/2010 18:14:07] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:14:12] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:14:13] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:14:18] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:14:26] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:14:30] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:14:50] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:14:54] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:15:38] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 18:15:42] "Ids" action = 'deny', raddr = '130.117.72.126', msg = 'BACKDOOR Trojan active Whackjob', url = 'hxxp://www.whitehats.com/info/IDS37', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:14] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:15] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:16] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:16] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:17] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:19] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:19] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:23] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:23] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:25] "Ids" action = 'deny', raddr = '90.154.222.102', msg = 'BACKDOOR trojan active schwindler', url = 'hxxp://www.whitehats.com/info/IDS62', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:25] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:31] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high [21/Dec/2010 21:47:32] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = high [28/Dec/2010 17:33:43] "Ids" action = 'detected', raddr = '209.85.229.118', msg = 'PortScan', url = '', direc = 'in', class = 'network-scan', priority = portscan |
Code: [21/Dec/2010 21:47:32] "Ids" action = 'deny', raddr = '123.1.86.222', msg = 'BACKDOOR trojan active hackatak', url = 'hxxp://www.whitehats.com/info/IDS95', direc = 'in', class = 'successful-user', priority = highich seh da nur eine IP-Nummer plus zugehörige URL dazu, aber was das ganze mit "BACKDOOR" zu tun haben soll ergibt sich so nicht. Und genau das hast du immer wieder bei PFWs, da ist das Interpretieren der Logs schon eine Wissenschaft für sich, selbst wenn man Protokoll- und Netzwerkkenntnisse hat. Portscans sind völlig harmlos. Warum eine PFW das meldet hab ich auch nicht begfriffen, ich kann mir nur erklären, dass die sich oberwichtig machen will, um dem User, der so Bezahl-PFW gekauft hat, das schöne Gefühl bekommt das Geld gut investiert zu haben :balla: Ich würde diesen Kerio-Schrott ersatzlos streichen. Aktiviere die fest im Betriebssystem verankerte Windows-Firewall. Lies auch nochmal hier warum PFWs nicht zu empfehlen sind, ich denke dann sollte es etwas klarer werden: Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei? personal firewalls ? Wiki ? ubuntuusers.de NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de microsoft.public.de.security.heimanwender FAQ Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen... :rolleyes: Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar? |
Ja ich habe das im Vorfeld schon alles gelesen. Trotzdem bleibt mein Problem, dass seid einem Jahr irgendwo ein Fehler in meinem System sein muss - wurde mehrfach darauf hingewiesen. Ich habe auch schon den Rechner neu bespielt und diverse Programme laufen lassen. Kerio war eher eine moegliche Info fuer die Helfer hier. Schoene Gruesse |
Die Interverbindungsprobleme sind auch auf einem frischen XP mit allen Updates - ohne Kerio oder andere sinnfreie PFW? |
Nein, das mit dem lahm gelegten Internet ist eher neu. |
Lässt sich das zeitlich eingrenzen? Oder eine Programminstallation / Systemänderung als mögliche Ursache zu benennen? |
Genau sagen kann ich das nicht, dass meine Emails irgendwie public waren (und immer noch sind) liegt ungefaehr ein knappes Jahr zurueck - rueckblickend kann es aber auch sein, dass mein System schon davor veraendert wurde. Den Computer neu aufgesetzt habe ich im Juni oder Juli - sowohl OsX als auch Windows. |
So ohne Anhaltspunkte wird es schwierig bis unmöglich die Ursache ausfindig zu machen. :( |
Tja, Anhaltspunkte. Ich habe die Festplatte nicht komplett platt gemacht also, will heissen der Name der alten Windowspartition taucht immer noch in Manchen Prozessen auf. Ich kann es nicht sagen - wie was wo, ob Desktop Mirror oder Remoteueberwachung oder sonstiges? Bios Virus....eingebautes Mikro......... :) |
Du hast nicht formatiert?? :wtf: |
Das entwickelt sich hier zu einem netten Plaeuschchen - natuerlich habe ich formatiert. Also Windows unter Mac OsX 1. Partition aufgeloest 2. Backup von OsX gemacht 3. Nach Anleitung OsX neu aufgesetzt 4. Neue Partition erstellt 5. Windows installiert mit NTFS System formatiert Ich kann dir auch gerne mal noch den OTL Scan schicken. Vielleicht hilfts. Weitere Antworten habe ich nicht parat oder besser Ideen wo der Fehler liegt. |
Ich muss mir ein genaueres Bild machen :rolleyes: Die Internetprobleme sind nur unter Windows oder auch unter OS X? |
Naja, tendenziell unter beiden Systemen. Aber ich weiss es nicht. |
Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen. Lad dir mal sowas wie Knoppix oder Ubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon. Teste dann mal ausgiebig die Internetverbindung unter Linux und berichte ob die Verindung dort normal schnell oder auch langsam ist. |
Also ich muss hier mal kurz nochmal was klar stellen. Das Internet ist momentan nicht langsam - das war es nur parallel zu den von Kerio angezeigten 'vermeintlichen' backdoor angriffen? Gerade ist es super bzw. die ganze Zeit davor und danach. |
Hm aber kerio ist noch nicht deinstalliert? |
Doch - prompt nach deinem Rueffel gemacht :) Aber wie du ja auch gesehen hast, gab es diese Angriffe nur temporaer. Mein eigentliches Problem ist, diese Emailgeschichte und tendeziell das Problem, dass irgendjemand durch irgendetwas Zugriff auf meinen Computer hat. Das Internetproblem gab es das Jahr ueber nicht. Einzig Email, Tonuebertragung, kurz gesagt Ueberwachung oder besser gesagt aergern. |
Zitat:
Mir ist allerdings noch etwas schleierhaft wie du auf Überwachung etc. kommst, wo das System doch frisch neu aufgesetzt ist :wtf: macht sich jmd einen Spaß mit deinem Rouer, du hast doch einen? Welches Modell, Firmware up2date? |
Hm, bloede Frage: meinst du den Router von der Internet/Telefonfirma oder etwas was sich in meinem Rechner befindet? |
Ach ja das Problem ist nicht an einen Ort gebunden. Ich kann sein wo ich will und diese 'Volldeppen' hoeren auch mein Handy ab. |
Ich bin gerad am überlegen ob du dir (sorry) das Problem einbildest oder das Problem woanders ist. Surf doch mal ne zeitlang mit Ubuntu und sieh dann weiter. Erst neulich wurde dir in einem Strang ja ein sauberes Windows attestiert. :rolleyes: |
Nein ich bilde es mir nicht ein. Wie schon zu beginn gesagt. Allein schon weil Leute mich darauf hingewiesen haben, von Mails wissen von denen ich niemandem erzaehlt habe. Und zum anderen auch schon ca. 20 mal mein Passwort geaendert habe. Also versteh mich nicht falsch, ich finde es super, dass versuchst dem Problem auf die Schliche zu kommen. Aber es bleibt einfach auch die Tatsache, dass auch Ton uebertragen wird durch Skype oder what ever. Hey aber wenn du auch keine weitere Idee hast, dage ich trotzdem erstmal danke! |
Nee Idee hätte ich so nicht. Ich müsste mir das ganze erstmal Vor Ort anschauen, geht schlecht über ein Forum. Schon mal überlegt einen Dienstleister herzubestellen bzw. erstmal anzufragen? :confused: |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:49 Uhr. |
Copyright ©2000-2025, Trojaner-Board