Auswertung der "infected"-Suche vom eScan-Log
 

Hallo!

Wollte mal fragen ob es so etwas ähnliches wie hijackthis.de für Hijackthis ist, auch für die "infected"-Suche vom eScan-Log gibt. Habe nämlich keine Ahnung was damit zu tun ist. :confused:
Also hier sind meine Pfadangaben von eScan, in denen infected vorkam:

Sun Oct 17 05:11:39 2004 => File C:\windows\system32\setup_incred_2.exe infected by "TrojanDownloader.Win32.Keenval.e" Virus. Action Taken: File Deleted.
Sun Oct 17 05:17:54 2004 => File C:\Dokumente und Einstellungen\Christoph Baumhardt\Desktop\CHRISTOPH\Downloads\28712.exe infected by "not-a-virus:AdvWare.Toolbar.Quick.a" Virus. Action Taken: File Renamed.
Sun Oct 17 05:21:01 2004 => File C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Del7.tmp infected by "not-a-virus:AdvWare.180Solutions" Virus. Action Taken: File Deleted.
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~472..tmp\~7745..tmp\1710999571@TopLeft,Top1,Top2,TopRight,Left,Lef t1,Left2,Right,Right1,Middle,Middle2,Position1,Pos ition2,Frame1,Frame2,x01,x02,x03,x04,x05, possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~6367..tmp\~6354..tmp\Erste__Verabredung__inf__nur__keine_20Hemmunge n,docId=8888,backUrl=DrSommer_2FHelp_2FFit__20For_ _20Love_2FSchmetterlinge__20im__20Bauch_ possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~6367..tmp\~6367..tmp\Erste__Verabredung__ratfaq__Valentinstag__Ich_ _trau__mich__nicht,docId=8888,fid=-270523394,backUrl=DrSommer_2FHelp_2FFit__20For__20 Love_ possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~6367..tmp\~7745..tmp\Erste__Verabredung__ratfaq__Ich__wuensch__mir_ _endlich__einen__Freund,docId=8888,fid=-270523394,backUrl=DrSommer_2FHelp_2FFit__20For__20 possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~7745..tmp\~6367..tmp\adlink%7C82%7C89055%7C1%7C171%7CAdId%3D278772% 3BBnId%3D2%3Bitime%3D953713223%3Bku%3D12900%3Bkey% 3Dcomputing%2Bdesigntechnica%5Fgeneral%3 possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~7745..tmp\~7745..tmp\adlink%7C82%7C89055%7C1%7C171%7CAdId%3D278772% 3BBnId%3D2%3Bitime%3D953713223%3Bku%3D12900%3Bkey% 3Dcomputing%2Bdesigntechnica%5Fgeneral%3 possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~7745..tmp\~7745..tmp\adlink_82_89055_1_171_AdId=279141;BnId=1;itime =954450983;ku=12900;key=computing+designtechnica_g eneral;nodecode=yes;link=&Rnd=1095954452 possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~9984..tmp\~472..tmp\music;dcove=o;aff=college_m;aff=college_f;aff= teen_m;aff=teen_f;pagename=index;gateway=music;sec tion_1=downloads;sz=336x280;tile=2;ord=76 possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~9984..tmp\~6367..tmp\music;music=video;aff=college_m;aff=college_f; aff=teen_m;aff=teen_f;pagename=index;gateway=music ;section_1=video;section_2=premiere;sect possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~9984..tmp\~7745..tmp\music;music=downloads;dcopt=ist;dcove=o;aff=co llege_m;aff=college_f;aff=teen_m;aff=teen_f;pagena me=index;gateway=music;section_1=downloa possibly infected and removed by background antivirus package!
Sun Oct 17 05:23:03 2004 => C:\Dokumente und Einstellungen\Christoph Baumhardt\Lokale Einstellungen\Temp\Temporary Internet Files\~9984..tmp\~9984..tmp\music;music=video;dcopt=ist;dcove=o;aff=colleg e_m;aff=college_f;aff=teen_m;aff=teen_f;pagename=i ndex;gateway=music;section_1=video;secti possibly infected and removed by background antivirus package!
Sun Oct 17 05:24:01 2004 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sun Oct 17 05:24:01 2004 => Scanning File C:\Programme\AVPersonal\INFECTED\A0088101.EXE.VIR
Sun Oct 17 05:24:01 2004 => Scanning File C:\Programme\AVPersonal\INFECTED\BFENDTTO.EXE.VIR
Sun Oct 17 05:24:01 2004 => File C:\Programme\AVPersonal\INFECTED\BFENDTTO.EXE.VIR infected by "not-a-virus:AdvWare.Gator" Virus. Action Taken: File Renamed.

Sun Oct 17 05:24:01 2004 => Scanning File C:\Programme\AVPersonal\INFECTED\DELUPDAT.EXE.VIR
Sun Oct 17 05:24:01 2004 => File C:\Programme\AVPersonal\INFECTED\DELUPDAT.EXE.VIR infected by "TrojanDownloader.Win32.Keenval" Virus. Action Taken: File Deleted.

Sun Oct 17 05:24:01 2004 => Scanning File C:\Programme\AVPersonal\INFECTED\EZT3.EXE.VIR
Sun Oct 17 05:24:02 2004 => File C:\Programme\AVPersonal\INFECTED\EZT3.EXE.VIR infected by "not-a-virus:AdvWare.BetterInternet" Virus. Action Taken: File Renamed.

Sun Oct 17 05:24:02 2004 => Scanning File C:\Programme\AVPersonal\INFECTED\OQELDSLFC.EXE.VIR
Sun Oct 17 05:24:02 2004 => File C:\Programme\AVPersonal\INFECTED\OQELDSLFC.EXE.VIR infected by "not-a-virus:AdvWare.Gator" Virus. Action Taken: File Renamed.

Sun Oct 17 05:24:02 2004 => Scanning File C:\Programme\AVPersonal\INFECTED\SUI.EXE.VIR
Sun Oct 17 05:24:02 2004 => File C:\Programme\AVPersonal\INFECTED\SUI.EXE.VIR infected by "TrojanDownloader.Win32.Keenval" Virus. Action Taken: File Deleted.

Sun Oct 17 05:24:02 2004 => Scanning File C:\Programme\AVPersonal\INFECTED\TIPB.EXE.VIR
Sun Oct 17 05:24:02 2004 => File C:\Programme\AVPersonal\INFECTED\TIPB.EXE.VIR infected by "TrojanDownloader.Win32.Keenval.e" Virus. Action Taken: File Deleted.

Sun Oct 17 05:24:02 2004 => Scanning File C:\Programme\AVPersonal\INFECTED\WUPDATER.EXE.VIR
Sun Oct 17 05:24:03 2004 => File C:\Programme\AVPersonal\INFECTED\WUPDATER.EXE.VIR infected by "TrojanDownloader.Win32.Keenval" Virus. Action Taken: File Deleted.
Sun Oct 17 05:34:47 2004 => File C:\Programme\themexp\Themexp.org File\NNEZTA388.exe infected by "not-a-virus:AdvWare.NewDotNet" Virus. Action Taken: File Renamed.
Sun Oct 17 05:34:47 2004 => File C:\Programme\themexp\Themexp.org File\TBEZA127Q.exe infected by "not-a-virus:AdvWare.Toolbar.Quick.a" Virus. Action Taken: File Renamed.
Sun Oct 17 05:42:43 2004 => File C:\System Volume Information\_restore{7D0730E2-E46B-4585-A113-BAF338BEBD6A}\RP164\A0106616.dll infected by "not-a-virus:AdvWare.180Solutions" Virus. Action Taken: File Renamed.
Sun Oct 17 05:42:43 2004 => File C:\System Volume Information\_restore{7D0730E2-E46B-4585-A113-BAF338BEBD6A}\RP164\A0106617.exe infected by "not-a-virus:AdvWare.180Solutions" Virus. Action Taken: File Renamed.
Sun Oct 17 05:42:53 2004 => File C:\System Volume Information\_restore{7D0730E2-E46B-4585-A113-BAF338BEBD6A}\RP166\A0107815.exe infected by "TrojanDownloader.Win32.Keenval.e" Virus. Action Taken: File Deleted.
Sun Oct 17 05:42:54 2004 => File C:\System Volume Information\_restore{7D0730E2-E46B-4585-A113-BAF338BEBD6A}\RP166\A0107816.exe infected by "not-a-virus:AdvWare.Toolbar.Quick.a" Virus. Action Taken: File Renamed.
Sun Oct 17 05:42:54 2004 => File C:\System Volume Information\_restore{7D0730E2-E46B-4585-A113-BAF338BEBD6A}\RP166\A0107817.exe infected by "not-a-virus:AdvWare.NewDotNet" Virus. Action Taken: File Renamed.
Sun Oct 17 05:42:55 2004 => File C:\System Volume Information\_restore{7D0730E2-E46B-4585-A113-BAF338BEBD6A}\RP166\A0107818.exe infected by "not-a-virus:AdvWare.Toolbar.Quick.a" Virus. Action Taken: File Renamed.
Sun Oct 17 05:43:01 2004 => File C:\unzipped\backups\backup-20041011-165951-105.dll infected by "TrojanDownloader.Win32.Rameh.f" Virus. Action Taken: File Deleted.
Sun Oct 17 05:43:01 2004 => File C:\unzipped\backups\backup-20041011-165951-974.dll infected by "TrojanDownloader.Win32.Keenval.e" Virus. Action Taken: File Deleted.
Sun Oct 17 05:49:39 2004 => File C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll infected by "not-a-virus:AdvWare.Sahat.c" Virus. Action Taken: File Renamed.


Sun Oct 17 06:18:00 2004 => Total Number of Disinfected Files: 0



Mfg Moskitoman :teufel3:

Hallo Moskitoman,

hast Du ein Glück, dass Du noch den alten eScan hast! Der hat nämlich schon alles für dich gemacht. Deine Malware-Sammlung ist bereits gelöscht und umbenannt. Eine "infected"-Suche vom eScan-Log gibt es meines Wissens noch nicht, aber vielleicht dient Deine Frage als Anregung für jemanden, der seine Zeit wertvoll einsetzen möchte .. ;)

Dir möchte ich gerne ein paar Tips geben: besuche folgende Seiten und lade Dir folgende Programme runter.

1) Vorbeugung - Browserwechsel.
2) Entfernung - Ad-Aware 6 Personal & Spybot-Search &Destroy 1.3
3) PC-Sicherheit- Artikel lesen --> Virenscanner
4) Clear Prog zum leeren der Ordner TEMP, Temporary Internet Files (TIF), Cookies und Verlauf.
5) TrojanCheck, dessen Wächterfunktion kontrolliert, welches Programm mitgestartet wird und angibt, wenn sich ein Programm eintragen will ... Bedienungsanweisung lesen.

... sowie die Pflichtlektüre (von MountainKing & Cidre immer wieder empfohlen):

- www.mathematik.uni-marburg.de
- IE sicher konfigurieren: www.datenschutzzentrum.de.
- Einschränktes Benutzerkonto: www.ntsvcfg.de.
- faq.underflow.de

SD