Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner auf Einrichtungs-CD von EWE TEL? (https://www.trojaner-board.de/20091-trojaner-einrichtungs-cd-ewe-tel.html)

phoenix1881 22.07.2005 16:59
Trojaner auf Einrichtungs-CD von EWE TEL?
 
Trojaner auf Einrichtungs-CD von EWE TEL?

---------------------------------------------

Während Firefox 1.0.6 läuft, meldet die Sygate Personal im Abstand von wenigen Sekunden ausgehende Zugriffe auf die IP-Adressen "80.228.31.23" bzw. "80.228.31.25". Die Firewall meldet jedoch kein Hijacking. Diese IP-Adressen sind auch nicht als Startseite ausgewählt. Bei einer Whois-Abfrage über die Sygate Firewall fand ich heraus, dass diese IP-Adressen zu meinem Internetprovider EWE TEL gehören. Könnte das etwas mit dem Installieren der Software, die sich auf der Einrichtungs-CD von "Ewetel" befinden? Wie kann ich dieses Problem beheben?

---------------------------------

Hier der Hijack-Log:

Logfile of HijackThis v1.99.1
Scan saved at 17:15:36, on 22.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Programme\Palm\HOTSYNC.EXE
C:\Programme\AnalogX\ITR\itrc.exe
C:\Programme\OpenOffice.org1.1.3\program\soffice.exe
C:\Programme\iTunes\iTunes.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: HotSync Manager.lnk = C:\Programme\Palm\HOTSYNC.EXE
O4 - Startup: ITR Client.lnk = C:\Programme\AnalogX\ITR\itrc.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Programme\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{78367800-2630-4E3E-BBA2-1C257E1C5BC0}: NameServer = 212.6.108.130 212.6.108.131
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\apachefriends\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--------------------------------
Hier die Whois-Information über die IP-Adresse "80.228.31.23":

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-pr...-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '80.228.31.16 - 80.228.31.31'

inetnum: 80.228.31.16 - 80.228.31.31
netname: AKAMAI-EWETEL-NET
descr: Akamai cachingserver farm
descr: EWE-TEL
country: DE
admin-c: NARA1-RIPE
tech-c: ETH1-RIPE
status: ASSIGNED PA
mnt-by: EWETEL-MNT
mnt-lower: EWETEL-MNT
mnt-routes: EWETEL-MNT
source: RIPE # Filtered

role: Network Architecture Role Account
address: Akamai Technologies
address: 8 Cambridge Center
address: Cambridge, MA 02142
phone: +1-617-938-3130
admin-c: NF1714-RIPE
admin-c: JP1944-RIPE
tech-c: NF1714-RIPE
tech-c: JP1944-RIPE
nic-hdl: NARA1-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

role: EWE TEL Hostmaster
address: EWE TEL GmbH
address: Cloppenburger Strasse 310
address: D-26133 Oldenburg
address: Germany
phone: +49 441 8000 0
fax-no: +49 441 8000 2799
remarks: trouble: abuse@ewetel.de
admin-c: DD488-RIPE
tech-c: FR894-RIPE
tech-c: DD488-RIPE
tech-c: JK637-RIPE
tech-c: AP11963-RIPE
tech-c: GS18770-RIPE
tech-c: GERD1-RIPE
tech-c: MJ158-RIPE
tech-c: MR20600-RIPE
tech-c: VOHA-RIPE
tech-c: JONO-RIPE
tech-c: LEBA-RIPE
tech-c: NOBY-RIPE
tech-c: TOMY-RIPE
nic-hdl: ETH1-RIPE
mnt-by: EWETEL-MNT
source: RIPE # Filtered
abuse-mailbox: abuse@ewetel.de

% Information related to 'NARA1-RIPE'

route: 80.228.0.0/16
descr: DE-EWETEL-20011218
origin: AS9145
mnt-by: EWETEL-MNT
source: RIPE # Filtered

--------------------------------
Hier die Whois-Information über die IP-Adresse "80.228.31.25":

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-pr...-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '80.228.31.16 - 80.228.31.31'

inetnum: 80.228.31.16 - 80.228.31.31
netname: AKAMAI-EWETEL-NET
descr: Akamai cachingserver farm
descr: EWE-TEL
country: DE
admin-c: NARA1-RIPE
tech-c: ETH1-RIPE
status: ASSIGNED PA
mnt-by: EWETEL-MNT
mnt-lower: EWETEL-MNT
mnt-routes: EWETEL-MNT
source: RIPE # Filtered

role: Network Architecture Role Account
address: Akamai Technologies
address: 8 Cambridge Center
address: Cambridge, MA 02142
phone: +1-617-938-3130
admin-c: NF1714-RIPE
admin-c: JP1944-RIPE
tech-c: NF1714-RIPE
tech-c: JP1944-RIPE
nic-hdl: NARA1-RIPE
mnt-by: AKAM1-RIPE-MNT
source: RIPE # Filtered

role: EWE TEL Hostmaster
address: EWE TEL GmbH
address: Cloppenburger Strasse 310
address: D-26133 Oldenburg
address: Germany
phone: +49 441 8000 0
fax-no: +49 441 8000 2799
remarks: trouble: abuse@ewetel.de
admin-c: DD488-RIPE
tech-c: FR894-RIPE
tech-c: DD488-RIPE
tech-c: JK637-RIPE
tech-c: AP11963-RIPE
tech-c: GS18770-RIPE
tech-c: GERD1-RIPE
tech-c: MJ158-RIPE
tech-c: MR20600-RIPE
tech-c: VOHA-RIPE
tech-c: JONO-RIPE
tech-c: LEBA-RIPE
tech-c: NOBY-RIPE
tech-c: TOMY-RIPE
nic-hdl: ETH1-RIPE
mnt-by: EWETEL-MNT
source: RIPE # Filtered
abuse-mailbox: abuse@ewetel.de

% Information related to 'NARA1-RIPE'

route: 80.228.0.0/16
descr: DE-EWETEL-20011218
origin: AS9145
mnt-by: EWETEL-MNT
source: RIPE # Filtered

cronos 22.07.2005 18:45
Die Meldungen deiner Firewall sind nutzlos:

http://www.trojaner-info.de/firewall/index.shtml
http://www.iks-jena.de/mitarb/lutz/usenet/Firewall.html
http://www.ntsvcfg.de/ alternativ http://www.dingens.org

Nein, auf der CD befinden sich wohl eher keine Schädlinge.
Dein Log ist soweit sauber, du solltest aber mal dein Java updaten:

http://www.java.com/de/download/help/5000020700.xml


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131