Unauthorized Connection

kaya

Good Afternoon,

I just returned to my PC and noticed the mouse was moving around. When I touched the mouse I immediately got the disconnect notification from TeamViewer. Checked logs and saw someone had remoted into my machine whom I do not know and have never granted access to. I do have a strong password on device, and it is set for teamviewer to be off by default so not sure how teamviewer even launched to allow connection. Copy of connection logs below. Offending machine/hacker is  ID 496843438 (IP: 169.55.36.119) based off logs. Any way to backtrace who this is, as it does not seem to let me add the ID to blacklist, it wants an email address

017/12/11 10:47:35.880 3248 4088 S0 NetWatchdog: Internet is now connected
2017/12/11 10:47:35.880 3248 3296 S0 RemoteSettingsMDRelationshipWatchDog: DEVICE ISN'T A MANAGED DEVICE
2017/12/11 10:47:35.880 3248 4120 S0 RemoteSettingsStore: Cleanup all policies.
2017/12/11 10:47:35.880 3248 3296 S0 RemoteSettingsStoreListener: Establish connection.
2017/12/11 10:47:35.880 3248 3296 S0 Using IPC-Port 5939
2017/12/11 10:47:35.880 3248 3296 S0 SHMR: Initializing shared memory.
2017/12/11 10:47:35.880 3248 4120 S0 RemoteSettingsStore::LoadLastReceivedPolicies : Storage Entry Remote_Settings_TVClientSetting_Policy empty
2017/12/11 10:47:35.880 3248 4120 S0 RemoteSettingsStore::LoadLastReceivedPolicies : Storage Entry Remote_Settings_Antivirus_Policy empty
2017/12/11 10:47:35.880 3248 4120 S0 RemoteSettingsStore::LoadLastReceivedPolicies : Storage Entry Remote_Settings_Backup_Policy empty
2017/12/11 10:47:35.880 3248 4120 S0 RemoteSettingsStore::LoadLastReceivedPolicies : Storage Entry Remote_Settings_RemoteManagement_Policy empty
2017/12/11 10:47:35.880 3248 4120 S0 RemoteSettingsMDRelationshipWatchDog: DEVICE ISN'T A MANAGED DEVICE
2017/12/11 10:47:35.895 3248 3296 S0 UpdateOnlineState newOnlineValue 0
2017/12/11 10:47:35.895 3248 3320 S0 CKeepAliveClientClient::HandleStartKeepAlive: doing nothing, online state = 2
2017/12/11 10:47:35.895 3248 3320 S0 CKeepAliveClientClient::HandleStartKeepAlive: doing nothing, online state = 2
2017/12/11 10:47:35.911 3248 3296 S0 ApiServer::StartThread: Starting API server thread.
2017/12/11 10:47:35.911 3248 3296 S0 ApiServer::StartThread: Waiting for init event...
2017/12/11 10:47:35.911 3248 4152 S0 ApiServer::ApiMain: API thread started.
2017/12/11 10:47:35.911 3248 3296 S0 ApiServer::StartThread: ...init event was triggered.
2017/12/11 10:48:23.881 3248 3252 S0 SERVICE_CONTROL_SESSIONCHANGE session=1, statusCode=WTS_SESSION_LOGON
2017/12/11 10:48:23.897 3248 3252 S0 CTerminalServer::RepeatedlyCheckForUserLogin() Don't start GUI for session 1
2017/12/11 11:08:11.364 3248 3320 S0 CKeepAliveClientClient::HandleStartKeepAlive: doing nothing, online state = 2
2017/12/11 15:00:38.664 3248 3320 S0 CAcceptServer::HandleAccept: new connection from 127.0.0.1:54024
2017/12/11 15:00:38.666 3248 3324 S0 TerminalServer: ProcessConnected PID 7116 user session 1 process type 2
2017/12/11 15:00:38.675 3248 3324 S0 CInterProcessNetwork::SetDyngateIDforSession() id=221231786 session=1 ptype=2
2017/12/11 15:00:38.676 3248 3324 S0 UpdateOnlineState newOnlineValue 1
2017/12/11 15:00:38.676 3248 5620 S0 TeamViewer is going online!
2017/12/11 15:00:38.143 7116 12392 G1 Logger started.
2017/12/11 15:00:38.174 7116 12392 G1 StringCompare locale: English_United States.1252
2017/12/11 15:00:38.600 7116 12392 G1 Monitors: LCD 1600x900, \\.\DISPLAY1, 1600x900 (0,0), flags=3, dpi=96
2017/12/11 15:00:38.655 7116 12392 G1 CMain::LoadResourceDLLs(): No custom resource dll found
2017/12/11 15:00:38.655 7116 12392 G1 InterProcessBase::SecureNetwork created
2017/12/11 15:00:38.658 7116 12392 G1 AutoLogin::Login: enabled: 1
2017/12/11 15:00:38.659 7116 12392 G1 tvshared::WindowsSessionStateManager::WindowsSessionStateManager(05F80B70) state 0
2017/12/11 15:00:38.662 7116 12392 G1 InterProcessBase::StartTcpCommunicationInternal(): setting m_NetworkConnector to new TCP connector
2017/12/11 15:00:38.662 7116 12392 G1 Opening local TCP connection to 127.0.0.1:5939
2017/12/11 15:00:38.662 7116 12392 G1 Local TCP connection established
2017/12/11 15:00:38.675 7116 12392 G1 SettingsIPCReception receive a SYNCHRONISE Settings command : UserSettings
2017/12/11 15:00:38.676 7116 12392 G1 Received Control_InitIPC_Response processtype=1
2017/12/11 15:00:38.676 7116 12392 G1 Received Control_InitIPC_Response runningProcesses=3
2017/12/11 15:00:38.676 7116 12392 G1 Control_InitIPC_Response: all processes 3 completely initialized
2017/12/11 15:00:38.678 7116 12392 G1 TAF::Handler::ctor: TAF initialized. MM=40
2017/12/11 15:00:38.678 3248 3320 S0 CKeepAliveClientClient::DoReconnectInternal: doing nothing, state = 0
2017/12/11 15:00:38.680 3248 5620 S0 CAntiMalwareController::IsManagedDeviceChanged(): Machine is not a managed device anymore
2017/12/11 15:00:38.681 3248 5620 S0 CBackupController::IsManagedDeviceChanged(): Machine is not a managed device anymore
2017/12/11 15:00:38.682 7116 12392 G1 MsHtmlVersionInfo: 11.0.9600.18838
2017/12/11 15:00:38.683 7116 12392 G1 ManagerHolderStateMachine: Switching from None to NotReady
2017/12/11 15:00:38.683 7116 9016 G1 ChatManager::ChatManager: created
2017/12/11 15:00:38.683 7116 9016 G1 ChatManager::Factory: ChatManager created
2017/12/11 15:00:38.683 7116 9016 G1 IncomingBetterChatCommandHandler::IncomingBetterChatCommandHandler: created
2017/12/11 15:00:38.683 7116 9016 G1 IncomingChatCommandRegistration::Start: registering for ready state properties
2017/12/11 15:00:38.693 3248 4148 S0 BonjourDiscoveryWin::DNSServiceHandleEvents: Reloading interfaces.
2017/12/11 15:00:38.703 3248 3316 S0 Activating Router carrier
2017/12/11 15:00:38.708 7116 12392 G1 UpdateBase::CheckForAutoUpdates(): AutoUpdateMode=1, LastAutoUpdate=1512751914, AdminRights=1
2017/12/11 15:00:38.709 7116 12392 G1 DynamicPasswordUIModel::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=221231786 ka=0 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=0
2017/12/11 15:00:38.709 7116 12392 G1 DynamicPasswordUIModel::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=221231786 ka=0 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=0
2017/12/11 15:00:38.711 7116 12392 G1 IncomingChatCommandRegistration::IsTeamViewerOnlineObserver: TeamViewer-Onlinestate changed to offline
2017/12/11 15:00:38.711 7116 12392 G1 IncomingChatCommandRegistration::IsTeamViewerOnlineObserver: TeamViewer-Onlinestate changed to offline
2017/12/11 15:00:38.711 7116 12392 G1 IncomingChatCommandRegistration::IsTeamViewerOnlineObserver: TeamViewer-Onlinestate changed to offline
2017/12/11 15:00:38.711 7116 12392 G1 DynamicPasswordUIModel::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=221231786 ka=0 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=0
2017/12/11 15:00:38.714 7116 12392 G1 DynamicPasswordUIModel::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=221231786 ka=0 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=0
2017/12/11 15:00:38.715 7116 12392 G1 DynamicPasswordUIModel::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=221231786 ka=0 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=0
2017/12/11 15:00:38.716 7116 12392 G1 DynamicPasswordUIModel::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=221231786 ka=0 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=0
2017/12/11 15:00:38.746 7116 12392 G1 MachineHooks: Initialized Shm
2017/12/11 15:00:38.746 7116 12392 G1 MachineHooks: refcount = 1
2017/12/11 15:00:38.746 7116 12392 G1 MachineHooks: x64 Machine detected
2017/12/11 15:00:38.746 7116 12392 G1 MachineHooks: w32 Loader is starting
2017/12/11 15:00:38.746 7116 12392 G1 MachineHooks: x64 Loader is starting
2017/12/11 15:00:38.754 3248 3316 S0 CToken::GetSystemToken() set session 1
2017/12/11 15:00:38.763 3248 3316 S0 InterProcessNetwork: Loader process started, pid = 9008
2017/12/11 15:00:38.770 3248 3324 S0 CToken::GetSystemToken() set session 1
2017/12/11 15:00:38.775 3248 3324 S0 InterProcessNetwork: Loader process started, pid = 4716
2017/12/11 15:00:38.784 9008 11956 L32 Loader started with: "C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
2017/12/11 15:00:38.790 4716 8292 L64 Loader started with: "C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
2017/12/11 15:00:38.803 3248 3312 S0 NetWatchdog: Ping successful! Port: 5938
2017/12/11 15:00:38.814 3248 3312 S0 CKeepAliveClientClient::HandlePing(): success
2017/12/11 15:00:38.814 3248 3312 S0 Resource-Language: en
2017/12/11 15:00:38.815 3248 3312 S0 Activating Router carrier
2017/12/11 15:00:38.815 3248 3312 S0 CProcessCommandHandlerMasterConnect[2]::CreateMasterConnect(): master11.teamviewer.com:5938, Connection 2, proxy=''
2017/12/11 15:00:38.838 4716 8292 L64 Starting Loader
2017/12/11 15:00:38.838 9008 11956 L32 Starting Loader
2017/12/11 15:00:38.745 7116 12392 H32 Loader: SharedMem Connected (seg = 0xc80000, refcnt = 1)
2017/12/11 15:00:38.745 7116 12392 H32 teamviewer.exe: SharedMem Connected (seg = 0xc80000, refcnt = 2)
2017/12/11 15:00:38.841 9008 11956 H32 Loader: SharedMem Connected (seg = 0x220000, refcnt = 1)
2017/12/11 15:00:38.841 9008 11956 H32 tv_w32.exe: SharedMem Connected (seg = 0x220000, refcnt = 2)
2017/12/11 15:00:38.842 4716 8292 H64 Loader: SharedMem Connected (seg = 0x370000, refcnt = 1)
2017/12/11 15:00:38.842 4716 8292 H64 tv_x64.exe: SharedMem Connected (seg = 0x370000, refcnt = 2)
2017/12/11 15:00:38.958 3248 3312 S0 CProcessCommandHandlerMasterConnect[2]::HandleMasterConnect(): Sending MasterCommand addonchannels=0&client=TV&commercial=1&f=Login&gw=0&gwlevel=400&hideonlinestatus=0&httpout=1&ic=1117362538&id=221231786&iguid={5416443b-9b79-4ee9-b775-4060939eb235}&language=en&licensetype=34000&mid=v2be5b08153cf11cba73f9ef4c6ca9a9968f72877eabe643f7e27e95c33e4f5763b7451011a39<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~0dd0c5b4e712d7cef7750d93b4e6b006&midf=1&midhistory=0x68f72877eabe_1ca0431fd8ab1dc_549099657|u2be5b08153cf11cba73f9ef4c6ca9a9968f72877eabe643f7e27e95c33e4f5763b7451011a39|v2be5b08153cf11cba73f9ef4c6ca9a9968f72877eabe643f7e27e95c33e4f5763b7451011a39<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~0dd0c5b4e712d7cef7750d93b4e6b006&midv=2&noofactivekeepalive=0&os=Win7&port443out=0&rhash={b06bc6bd-6b4f-5ce5-e04f-c767f199182a}&runtime=0&smidv=2&sro=0&supportedfeatures=938474461&tcpout=1&usednsnames=1&v=12.0.89970
2017/12/11 15:00:39.040 7116 12392 G1! Could not register for suspend/resume notifications.
2017/12/11 15:00:39.040 7116 12392 H32 teamviewer.exe: SharedMem_SetLogLevel: 0 -> 200
2017/12/11 15:00:39.046 7116 12392 G1 ITbrainWizardController::Init(): Initialisation started
2017/12/11 15:00:39.071 7116 12392 G1 Tray created!
2017/12/11 15:00:39.071 7116 12392 G1 CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=221231786 ka=0 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=0
2017/12/11 15:00:39.072 7116 10508 G1 IDLabelContent::UpdateImpl() IDs changed: SessionID "221231786", TSUserID "0", ServerID "0"
2017/12/11 15:00:39.073 3248 3312 S0 CProcessCommandHandlerMasterConnect[2]::ReceivedMasterResponse(): Received MasterCommand OK_34000_Trial2:4_2__server18109.teamviewer.com:5938_33738_1_-1_0.0.0.0__185.188.32.15_185.188.32.5_0_221231786_1_0_0_0_2011168639__server25304.teamviewer.com,server26303.teamviewer.com,server21107.teamviewer.com,server25203.teamviewer.com,server18105.teamviewer.com,server18201.teamviewer.com,server18301.teamviewer.com,server18303.teamviewer.com,server18409.teamviewer.com_f//fd8goAIcD_
2017/12/11 15:00:39.074 3248 3312 S0! TcpCarrierBase[2]::SendCompleteQueue(): No Connections, Type_Tcp, Dir_Outgoing, Ending 0, SendQueue 1, CurrentSendQueue 0, SendCache 0
2017/12/11 15:00:39.077 3248 3312 S0! CKeepAliveClient::HandleLoginUserAnswer(): KeepAliveServer server18109.teamviewer.com:5938
2017/12/11 15:00:39.078 3248 3312 S0 Activating Router carrier
2017/12/11 15:00:39.078 3248 3312 S0 Carrier[2]::EndCarrierInternal(): ClientID: 0 SupportsEndSession: 0, SupportsCCmd2: 0, SessionType_MasterConnect, SendQueue: 0 (4 Bytes), CurrentSendQueue: 0 (0 Bytes), SendCache: 0 (0 Bytes)
2017/12/11 15:00:39.110 7116 12392 G1 ApiServer::StartThread: Starting API server thread.
2017/12/11 15:00:39.110 7116 12392 G1 ApiServer::StartThread: Waiting for init event...
2017/12/11 15:00:39.110 7116 9100 G1 ApiServer::ApiMain: API thread started.
2017/12/11 15:00:39.111 7116 12392 G1 ApiServer::StartThread: ...init event was triggered.
2017/12/11 15:00:39.144 3248 3312 S0 KeepAliveSessionOutgoing::ConnectSuccessHandler(): KeepAliveConnect to server18109.teamviewer.com successful
2017/12/11 15:00:39.225 3248 3312 S0 KeepAliveSessionOutgoing::KeepAliveChannelInitialized(): KeepAliveConnection to server18109.teamviewer.com initialized
2017/12/11 15:00:39.225 3248 3312 S0!! KeepAliveSession::KeepAliveChannelInitialized(): KeepAlive-Connection initialized with ID 496843438 (IP: 169.55.36.119), SendQueue 0 (0 Bytes), SendIndex 0, AckIndex 0, RemoteSessionID 3
2017/12/11 15:00:39.226 3248 3312 S0! KeepAliveSession::SendCompleteQueue(): SendQueue: 0 (0 Bytes), RemoteSession 3 (ClientID 496843438), Time: 0 ms
2017/12/11 15:00:39.275 3248 3312 S0 SyncManagersFunction::Start: current managerlist size: 0
2017/12/11 15:00:39.277 3248 3312 S0 TVRouterClock Schedule next request in 0 seconds
2017/12/11 15:00:39.277 3248 3312 S0 TVRouterClock Schedule next request in 0 seconds
2017/12/11 15:00:39.285 7116 9016 G1 IncomingChatCommandRegistration::IsTeamViewerOnlineObserver: TeamViewer-Onlinestate changed to online
2017/12/11 15:00:39.286 7116 9016 G1 InterProcessBase::SecureNetworkCallbackHandle created (RegistrationID: 71bb588a-1111-4a9b-a016-18802e64ebd5)
2017/12/11 15:00:39.286 7116 9016 G1 IncomingChatCommandRegistration::Register: Registered successfully for incoming commands (after 0 retries)
2017/12/11 15:00:39.286 7116 12392 G1 CMainWindow::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=221231786 ka=1 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=1
2017/12/11 15:00:39.286 7116 12148 G1 Account::UpdateState: KA = 1, active = 1
2017/12/11 15:00:39.286 3248 3324 S0 SecureNetworkIPCAdapter::RegisterSharedBCmdCallback(): CC: 25, RegistrationID: 71bb588a-1111-4a9b-a016-18802e64ebd5, DyngateID: 221231786, ProcessType: 2, SessionID: 1
2017/12/11 15:00:39.287 3248 3312 S0 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2017/12/11 15:00:39.287 7116 12392 G1 Account::SetLoginState: new state: 2
2017/12/11 15:00:39.287 7116 12392 G1 ManagerHolderStateMachine: Switching from NotReady to ReadyForLogin
2017/12/11 15:00:39.287 7116 9016 G1 InterProcessBase::SecureNetworkCallbackHandle created (RegistrationID: c6f141a1-df1f-4c99-aa33-3134e3b2d69f)
2017/12/11 15:00:39.287 3248 3312 S0 SecureNetworkIPCAdapter::RegisterSharedBCmdCallback(): CC: 30, RegistrationID: c6f141a1-df1f-4c99-aa33-3134e3b2d69f, DyngateID: 221231786, ProcessType: 2, SessionID: 1
2017/12/11 15:00:39.288 3248 3312 S0 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2017/12/11 15:00:39.289 7116 9016 G1 InterProcessBase::SecureNetworkCallbackHandle created (RegistrationID: 4d7d0732-5a1d-4f90-ade9-4843439f377e)
2017/12/11 15:00:39.289 3248 3312 S0 SecureNetworkIPCAdapter::RegisterSharedBCmdCallback(): CC: 34, RegistrationID: 4d7d0732-5a1d-4f90-ade9-4843439f377e, DyngateID: 221231786, ProcessType: 2, SessionID: 1
2017/12/11 15:00:39.289 3248 3312 S0 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2017/12/11 15:00:39.289 3248 3312 S0 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2017/12/11 15:00:39.289 7116 9016 G1 DynamicPasswordUIModel::ShouldShowDynamicPassword(): dynPw=1 allowIncoming=1 id=221231786 ka=1 lanAllowed=0 lanOnly=0 networkState=1 showDynPwd=1
2017/12/11 15:00:39.290 3248 3312 S0 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2017/12/11 15:00:39.290 3248 3320 S0 CSendCommandToMaster::SendBCommandToMaster: CC=3 CT=38
2017/12/11 15:00:39.332 3248 3324 S0 TVRouterClock: received router time: 20171211T200036.281389
2017/12/11 15:00:39.333 3248 3324 S0 TVRouterClock Schedule next request in 43200 seconds
2017/12/11 15:00:39.333 7116 11888 G1 IpcRouterClock: received router time: 20171211T200036.281389
2017/12/11 15:00:39.383 7116 14160 G1 TAF::Hander::ListRequestThreadRun: Active LT=34000
2017/12/11 15:00:39.746 3248 3324 S0 AsyncMessaging::UnregisterAtAsyncMessageProvider(): Unregister successful
2017/12/11 15:00:39.978 7116 12392 G1 ITbrainWizardController::ConfigCallback(): new configuration
2017/12/11 15:00:39.978 7116 12392 G1! ITbrainWizardConfigurationAdapter::GetPackage(): did not get configuration successfully
2017/12/11 15:00:39.993 7116 10372 G1 VoIP: AudioControl: VoIPSyncAudioControl: Available Capturing endpoints: Microphone (Realtek High Definition Audio), Standard recording device, Default Communication Device,