escan logs

sto`teac · 13.12.2005, 22:15

hey leute ... ich hab mir heute nachmittag den winfix 2005 eingefangen und ueber euer forum mit escan die logs erstellt ... schonmal danke fuer die anleitung dazu ...

ich hab schonmal nen blick auf die logs geworfen und zu meiner verwunderung stehen da auch dinge drin, die ich selbst installiert habe und benutzt ... zbsp das vnc tool ... daher habe ich die befuerchtung, dass bei dem recht umfangreichen log auhc dinge drin stehen, die ich besser nicht terminieren sollte ... ich wuerde mich freuen, wenn ihr mich da beraten koennt ...

zur info ... die zwei logs sind von zwei unterschiedlichen rechnern (im selben netzwerk) und beide wurden innerhalb der letzten zwei tage einem check mit adaware und antivir im abgesicherten modus unterzogen ... dennoch kommen die umfangreichen logs zustande =/
bei meinem rechner (xp3000+) liegt es wohl an dem winfix2005 ... =/

nun hier die logs:
xp3000+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Dec 13 16:33:50 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Tue Dec 13 16:33:50 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Tue Dec 13 16:33:56 2005 => System found infected with lop.com Spyware/Adware (backup.reg)! Action taken: No Action Taken.
Tue Dec 13 16:33:57 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Tue Dec 13 16:33:57 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:58 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 16:33:59 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 13 17:00:41 2005 => File C:\DOKUME~1\ADMINI~1\ANWEND~1\HoleRegs\mp3bone.exe infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus! Action Taken: No Action Taken.
Tue Dec 13 17:01:05 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Tue Dec 13 17:01:05 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Tue Dec 13 17:01:11 2005 => System found infected with lop.com Spyware/Adware (backup.reg)! Action taken: No Action Taken.
Tue Dec 13 17:01:13 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
Tue Dec 13 17:01:13 2005 => System found infected with clientman Spyware/Adware (firstrun.log)! Action taken: No Action Taken.
Tue Dec 13 17:01:13 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:13 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
Tue Dec 13 17:01:13 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 13 17:01:14 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (pop[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[1].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (ads[2].htm)! Action taken: No Action Taken.
Tue Dec 13 17:01:15 2005 => System found infected with whenu.savenow Spyware/Adware (formie[1].css)! Action taken: No Action Taken.
Tue Dec 13 17:11:54 2005 => File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\bis2FB.exe infected by "Trojan-Downloader.Win32.Swizzor.co" Virus! Action Taken: No Action Taken.
Tue Dec 13 18:34:22 2005 => Scanning Folder: C:\Programme\antivir\INFECTED\*.*
Tue Dec 13 18:40:38 2005 => File D:\DownLoads\exe\security\pccillininternetsecurity2005v12.0keygencore\mirror_plugin.exe infected by "Trojan-Downloader.Win32.INService.gen" Virus! Action Taken: No Action Taken.
Tue Dec 13 20:38:30 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

sto`teac · 13.12.2005, 22:16

Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Dec 13 16:30:12 2005 => File C:\DOKUME~1\ADMINI~1\ANWEND~1\HoleRegs\mp3bone.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken.
Tue Dec 13 16:33:09 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86.rar tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken.
Tue Dec 13 16:33:16 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86\VNCHooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken.
Tue Dec 13 16:33:17 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86\winvnc.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Tue Dec 13 16:36:52 2005 => File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\bis2FB.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken.
Tue Dec 13 17:21:56 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86.rar tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken.
Tue Dec 13 17:22:03 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86\VNCHooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.b. No Action Taken.
Tue Dec 13 17:22:04 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\tightvnc-1.2.9_x86\tightvnc-1.2.9_x86\winvnc.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Tue Dec 13 18:34:42 2005 => File C:\Recycled\Dc6.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
Tue Dec 13 18:34:43 2005 => File C:\Recycled\Dc19.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Tue Dec 13 18:40:52 2005 => File D:\DownLoads\exe\folder guard\Stealth Folder Hider Eval.exe tagged as not-a-virus:Monitor.Win32.WinSpy.a. No Action Taken.
Tue Dec 13 18:42:22 2005 => File D:\DownLoads\exe\coolscrl.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.ar". Action Taken: No Action Taken.
Tue Dec 13 19:12:30 2005 => File D:\irc quakenet\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
Tue Dec 13 19:55:29 2005 => File D:\irc gamesurge\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
Tue Dec 13 19:55:37 2005 => File D:\irc gamesurge II\Gamers.IRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Dec 13 16:33:51 2005 => Offending Key found: HKCU\Software\gnu !!!
Tue Dec 13 16:33:56 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sd4hide-skl\backup.reg
Tue Dec 13 16:33:57 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\{1068130f-17ab-11d5-9875-00105ace7734}\ebay.url
Tue Dec 13 16:33:57 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\outlook logging\firstrun.log
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\temporary internet files\content.ie5\2oq2fn7p\ads[1].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\adswrapper[1].js
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\adsend[1].js
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\ads[1].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\pop[1].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\ads[2].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\kxybo1e3\ads[1].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\kxybo1e3\ads[2].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\formie[1].css
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\pop[1].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\stylesheet[1].css
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\ads[1].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\show_ads[2].js
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\f54gt19d\ads[1].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\f54gt19d\ads[2].htm
Tue Dec 13 16:33:58 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\u723q5mb\formie[1].css
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\adswrapper[1].js
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\adsend[1].js
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\ads[1].htm
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\pop[1].htm
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\ads[2].htm
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxybo1e3\ads[1].htm
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxybo1e3\ads[2].htm
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\formie[1].css
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\pop[1].htm
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\stylesheet[1].css
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\ads[1].htm
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\show_ads[2].js
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\f54gt19d\ads[1].htm
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\f54gt19d\ads[2].htm
Tue Dec 13 16:33:59 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\u723q5mb\formie[1].css
Tue Dec 13 17:01:06 2005 => Offending Key found: HKCU\Software\gnu !!!
Tue Dec 13 17:01:11 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\sd4hide-skl\backup.reg
Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\{1068130f-17ab-11d5-9875-00105ace7734}\ebay.url
Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\outlook logging\firstrun.log
Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temp\temporary internet files\content.ie5\2oq2fn7p\ads[1].htm
Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\adswrapper[1].js
Tue Dec 13 17:01:13 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\adsend[1].js
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\ads[1].htm
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\pop[1].htm
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\9u7km4if\ads[2].htm
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\kxybo1e3\ads[1].htm
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\kxybo1e3\ads[2].htm
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\formie[1].css
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\pop[1].htm
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\stylesheet[1].css
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\ads[1].htm
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\o14rmpgj\show_ads[2].js
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\f54gt19d\ads[1].htm
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\f54gt19d\ads[2].htm
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\temporary internet files\content.ie5\u723q5mb\formie[1].css
Tue Dec 13 17:01:14 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\adswrapper[1].js
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\adsend[1].js
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\ads[1].htm
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\pop[1].htm
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\9u7km4if\ads[2].htm
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxybo1e3\ads[1].htm
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxybo1e3\ads[2].htm
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\formie[1].css
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\pop[1].htm
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\stylesheet[1].css
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\ads[1].htm
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\o14rmpgj\show_ads[2].js
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\f54gt19d\ads[1].htm
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\f54gt19d\ads[2].htm
Tue Dec 13 17:01:15 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\content.ie5\u723q5mb\formie[1].css
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Dec 13 20:38:30 2005 => Total Virus(es) Found: 50
Tue Dec 13 20:38:30 2005 => Total Errors: 2229
Tue Dec 13 20:38:30 2005 => Time Elapsed: 03:38:00
Tue Dec 13 20:38:30 2005 => Total Objects Scanned: 162294
Tue Dec 13 16:28:42 2005 => Virus Database Date: 2005/12/12
Tue Dec 13 16:55:13 2005 => Virus Database Date: 2005/12/12
Tue Dec 13 16:55:30 2005 => Virus Database Date: 2005/12/13
Tue Dec 13 17:00:08 2005 => Virus Database Date: 2005/12/13
Tue Dec 13 20:38:30 2005 => Virus Database Date: 2005/12/13
Tue Dec 13 21:39:22 2005 => Virus Database Date: 2005/12/13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

der zweite rechner:
xp2400+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Dec 13 16:42:33 2005 => Virus Database Date: 2005/12/12
Tue Dec 13 16:42:41 2005 => Virus Database Date: 2005/12/12
Tue Dec 13 16:43:13 2005 => Virus Database Date: 2005/12/13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

nun frag ich mich, warum der eine rechner clean ist, obwohl im programm selbst auch funde angezeigt wurden (ca 18stk) ...

zudem was beim ersten log (xp3000+) alles raus muss und was nicht ...

und die abschliessende frage, was die zahl hinter "error" im tool bedeutet?!?

schonmal ein grosses danke fuer eure muehe!!!

mit gruessen ...
sto`teac

ps: musste wegen maximaler laenge von 25k zeichen leider nen doppelpost machen, sry

sto`teac · 14.12.2005, 15:24

leute bitte helft mir =/ ich brauch den pc dringend wieder einsatzberiet ...

escan logs

Log-Analyse und Auswertung: escan logs

escan logs (need help -> winfix2005)

escan logs

escan logs

Ähnliche Themen: escan logs

14.12.2005, 15:24	#3
sto`teac	escan logs leute bitte helft mir =/ ich brauch den pc dringend wieder einsatzberiet ... __________________