Bisher hatte ich immer Antivir auf dem neusten Stand laufen. Hat aber beim durchsuchen nichts gefunden.

Als ich EScan hab laufen lassen kam folgendes bei raus:

Wed Apr 06 17:26:46 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Wed Apr 06 17:26:51 2005 => System found infected with DyFuCA Spyware/Adware ({40b1d454-9ca4-43cc-86aa-cb175eac52fb})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with DyFuCA Spyware/Adware ({1c01d150-91a4-4de0-9bf8-a35d1bdf1001})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with IstBAR Spyware/Adware ({5F1ABCDB-A875-46C1-8345-B72A4567E486})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with IstBAR Spyware/Adware ({7b9a715e-9d87-4c21-bf9e-f914f2fa953f})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with IstBAR Spyware/Adware ({86227d9c-0efe-4f8a-aa55-30386a3f5686})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "IstBAR Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with SideFind Spyware/Adware ({58634367-d62b-4c2c-86be-5aac45cdb671})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with SideFind Spyware/Adware ({d0288a41-9855-4a9b-8316-babe243648da})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with SideFind Spyware/Adware ({339d8aff-0b42-4260-ad82-78ce605a9543})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with SideFind Spyware/Adware ({a36a5936-cfd9-4b41-86bd-319a1931887f})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with iSearch Spyware/Adware ({6d3f5de4-e980-4407-a10f-9ac771abaae6})! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "iSearch Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => Offending value found in HKLM\Software\sidefind !!!
Wed Apr 06 17:26:51 2005 => Offending value found in HKLM\Software\microsoft\sidefind !!!
Wed Apr 06 17:26:51 2005 => System found infected with sidefind Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "sidefind Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => Offending value found in HKLM\Software\powerscan !!!
Wed Apr 06 17:26:51 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\DyFuCA !!!
Wed Apr 06 17:26:51 2005 => System found infected with DyFuCA Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => Offending value found in HKLM\Software\policies\avenue media !!!
Wed Apr 06 17:26:51 2005 => System found infected with avenue media Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:51 2005 => System found infected with text/html Spyware/Adware! Action taken: No Action Taken.
Wed Apr 06 17:26:51 2005 => File System Found infected by "text/html Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:26:52 2005 => System found infected with ezula Spyware/Adware (instsrv.exe)! Action taken: No Action Taken.
Wed Apr 06 17:26:52 2005 => File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.


Wed Apr 06 17:27:01 2005 => File C:\WINDOWS\switpa.exe infected by "not-a-virus:AdWare.Atlas.a" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:31:11 2005 => File C:\Dokumente und Einstellungen\risch\Lokale Einstellungen\Temp\iinstall.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:34:16 2005 => File C:\Dokumente und Einstellungen\risch\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XM7WPMV\offeragent[1].exe infected by "not-a-virus:AdWare.Atlas.a" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:34:26 2005 => File C:\Dokumente und Einstellungen\risch\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XM7WPMV\ysb_regular[1].cab infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:34:45 2005 => File C:\Dokumente und Einstellungen\risch\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9KKN5XK9\install[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:35:24 2005 => File C:\Dokumente und Einstellungen\risch\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AXJ49WJ6\prompt[2].php infected by "Trojan-Downloader.JS.IstBar.j" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:38:09 2005 => File C:\Dokumente und Einstellungen\risch\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K1I3KT2J\ysb[1].dll infected by "not-a-virus:AdWare.ToolBar.YourSiteBar.c" Virus. Action Taken: No Action Taken.

Wed Apr 06 17:58:32 2005 => File C:\WINDOWS\switpa.exe infected by "not-a-virus:AdWare.Atlas.a" Virus. Action Taken: No Action Taken.


Wed Apr 06 18:21:37 2005 => File E:\System Volume Information\_restore{352B8C1E-378F-42E2-B3E5-3B11624E7189}\RP152\A0042587.exe infected by "not-a-virus:AdWare.Gator.4104" Virus. Action Taken: No Action Taken.

Wed Apr 06 18:21:37 2005 => File E:\System Volume Information\_restore{352B8C1E-378F-42E2-B3E5-3B11624E7189}\RP152\A0042591.dll infected by "not-a-virus:AdWare.Altnet.c" Virus. Action Taken: No Action Taken.

Wed Apr 06 18:21:45 2005 => File E:\System Volume Information\_restore{352B8C1E-378F-42E2-B3E5-3B11624E7189}\RP160\A0044221.dll infected by "not-a-virus:AdWare.Altnet.c" Virus. Action Taken: No Action Taken.


Und hier noch meine HijackThisLogFile

Logfile of HijackThis v1.99.1
Scan saved at 18:34:30, on 06.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
d:\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\risch\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ED34ECD-226F-4232-A4D6-83C8BCCA73D0}: NameServer = 195.50.140.252 145.253.2.203
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe


Wie bekomme ich mein System wieder sauber und auch dauherhaft relativ Sicher???
Hab bisher immer Service Pack 2, die integrierte Firewall und Antivir Guard am laufen gehabt.
Need Help!

Hallo!

*AdAware (free)
http://www.lavasoft.de/support/download/
*VOR jedem Scanvorgang das Programm Updaten!
*WÄHREND des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!

Lade und nutze folgendes Tool:
http://download.lavasoft.de.edgesuite.net/public/plvx2cleaner.exe

Fixe folgenden Eintrag mit HJT (Häckchen setzen und "fix checked" anklicken)

O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll

-------------------------


Du solltest eine MS unabhängige Firewall wie Zonealarm nutzen, Ausserdem noch regelmässig adaware se laufen lassen und programme wie clear prog und cleanmngr nutzen:

////////////////////
#Lade dir die neueste Version von ClaerProg
http://www.clearprog.de/downloads.php
*Saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:


1) Cookies
2) Verlauf
3)Temporäre Internetfiles (Cache)

#Datenträgerbereinigung: und Löschen der Temporary-Dateien
(durch Windows)
*[Start] --> [Ausführen] --> cleanmgr eingeben.
*Bestätigen

loesche nur:
*Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
*Click:Temporäre Dateien, o.k
//////////////////

MfG,