Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner auf Einrichtungs-CD von EWE TEL? (https://www.trojaner-board.de/20091-trojaner-einrichtungs-cd-ewe-tel.html)

phoenix1881 22.07.2005 16:59
Trojaner auf Einrichtungs-CD von EWE TEL?
 
Trojaner auf Einrichtungs-CD von EWE TEL?

---------------------------------------------

Während Firefox 1.0.6 läuft, meldet die Sygate Personal im Abstand von wenigen Sekunden ausgehende Zugriffe auf die IP-Adressen "80.228.31.23" bzw. "80.228.31.25". Die Firewall meldet jedoch kein Hijacking. Diese IP-Adressen sind auch nicht als Startseite ausgewählt. Bei einer Whois-Abfrage über die Sygate Firewall fand ich heraus, dass diese IP-Adressen zu meinem Internetprovider EWE TEL gehören. Könnte das etwas mit dem Installieren der Software, die sich auf der Einrichtungs-CD von "Ewetel" befinden? Wie kann ich dieses Problem beheben?

---------------------------------

Hier der Hijack-Log:

Logfile of HijackThis v1.99.1
Scan saved at 17:15:36, on 22.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Programme\Palm\HOTSYNC.EXE
C:\Programme\AnalogX\ITR\itrc.exe
C:\Programme\OpenOffice.org1.1.3\program\soffice.exe
C:\Programme\iTunes\iTunes.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE
O4 - Startup: ITR Client.lnk = C:\Programme\AnalogX\ITR\itrc.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Programme\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{78367800-2630-4E3E-BBA2-1C257E1C5BC0}: NameServer = 212.6.108.130 212.6.108.131
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\apachefriends\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--------------------------------
Hier die Whois-Information über die IP-Adresse "80.228.31.23":

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-pr...-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '80.228.31.16 - 80.228.31.31'

inetnum: 80.228.31.16 - 80.228.31.31
netname: AKAMAI-EWETEL-NET
descr: Akamai cachingserver farm
descr: EWE-TEL
country: DE
admin-c: NARA1-RIPE
tech-c: ETH1-RIPE
status: ASSIGNED PA
mnt-by: EWETEL-MNT
mnt-lower: EWETEL-MNT
mnt-routes: EWETEL-MNT
source: RIPE # Filtered

role: Network Architecture Role Account
address: Akamai Technologies
address: 8 Cambridge Center
address: Cambridge, MA 02142
phone: +1-617-938-3130
admin-c: NF1714-RIPE
admin-c: JP1944-RIPE
tech-c: NF1714-RIPE
tech-c: JP1944-RIPE
nic-hdl: NARA1-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

role: EWE TEL Hostmaster
address: EWE TEL GmbH
address: Cloppenburger Strasse 310
address: D-26133 Oldenburg
address: Germany
phone: +49 441 8000 0
fax-no: +49 441 8000 2799
remarks: trouble: abuse@ewetel.de
admin-c: DD488-RIPE
tech-c: FR894-RIPE
tech-c: DD488-RIPE
tech-c: JK637-RIPE
tech-c: AP11963-RIPE
tech-c: GS18770-RIPE
tech-c: GERD1-RIPE
tech-c: MJ158-RIPE
tech-c: MR20600-RIPE
tech-c: VOHA-RIPE
tech-c: JONO-RIPE
tech-c: LEBA-RIPE
tech-c: NOBY-RIPE
tech-c: TOMY-RIPE
nic-hdl: ETH1-RIPE
mnt-by: EWETEL-MNT
source: RIPE # Filtered
abuse-mailbox: abuse@ewetel.de

% Information related to 'NARA1-RIPE'

route: 80.228.0.0/16
descr: DE-EWETEL-20011218
origin: AS9145
mnt-by: EWETEL-MNT
source: RIPE # Filtered

--------------------------------
Hier die Whois-Information über die IP-Adresse "80.228.31.25":

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-pr...-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '80.228.31.16 - 80.228.31.31'

inetnum: 80.228.31.16 - 80.228.31.31
netname: AKAMAI-EWETEL-NET
descr: Akamai cachingserver farm
descr: EWE-TEL
country: DE
admin-c: NARA1-RIPE
tech-c: ETH1-RIPE
status: ASSIGNED PA
mnt-by: EWETEL-MNT
mnt-lower: EWETEL-MNT
mnt-routes: EWETEL-MNT
source: RIPE # Filtered

role: Network Architecture Role Account
address: Akamai Technologies
address: 8 Cambridge Center
address: Cambridge, MA 02142
phone: +1-617-938-3130
admin-c: NF1714-RIPE
admin-c: JP1944-RIPE
tech-c: NF1714-RIPE
tech-c: JP1944-RIPE
nic-hdl: NARA1-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

role: EWE TEL Hostmaster
address: EWE TEL GmbH
address: Cloppenburger Strasse 310
address: D-26133 Oldenburg
address: Germany
phone: +49 441 8000 0
fax-no: +49 441 8000 2799
remarks: trouble: abuse@ewetel.de
admin-c: DD488-RIPE
tech-c: FR894-RIPE
tech-c: DD488-RIPE
tech-c: JK637-RIPE
tech-c: AP11963-RIPE
tech-c: GS18770-RIPE
tech-c: GERD1-RIPE
tech-c: MJ158-RIPE
tech-c: MR20600-RIPE
tech-c: VOHA-RIPE
tech-c: JONO-RIPE
tech-c: LEBA-RIPE
tech-c: NOBY-RIPE
tech-c: TOMY-RIPE
nic-hdl: ETH1-RIPE
mnt-by: EWETEL-MNT
source: RIPE # Filtered
abuse-mailbox: abuse@ewetel.de

% Information related to 'NARA1-RIPE'

route: 80.228.0.0/16
descr: DE-EWETEL-20011218
origin: AS9145
mnt-by: EWETEL-MNT
source: RIPE # Filtered

cronos 22.07.2005 18:45
Die Meldungen deiner Firewall sind nutzlos:

http://www.trojaner-info.de/firewall/index.shtml
http://www.iks-jena.de/mitarb/lutz/usenet/Firewall.html
http://www.ntsvcfg.de/ alternativ http://www.dingens.org

Nein, auf der CD befinden sich wohl eher keine Schädlinge.
Dein Log ist soweit sauber, du solltest aber mal dein Java updaten:

http://www.java.com/de/download/help/5000020700.xml


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55