TR/Agent.cys.3

Methos

so hier meine Daten.
Hijack-Logfile:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:07, on 09.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
d:\Programme\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
F:\abc123.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {370E1240-6B4D-41E7-8630-0420DBDCCCF5} - C:\WINDOWS\system32\awvvt.dll
O2 - BHO: (no name) - {4884B8A6-0CC4-42D1-8344-6E76A1E6012E} - (no file)
O2 - BHO: (no name) - {B2D2D370-1406-4BA9-8702-0BD96CBD4CBD} - C:\WINDOWS\system32\opnkiig.dll
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Verknüpfung mit ZoneAlarm Security.lnk = C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O20 - Winlogon Notify: opnkiig - C:\WINDOWS\SYSTEM32\opnkiig.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 2762 bytes


und dann noch virustotal :AhnLab-V3 2007.12.8.0 2007.12.07 -
AntiVir 7.6.0.40 2007.12.07 TR/Agent.cys.3
Authentium 4.93.8 2007.12.08 -
Avast 4.7.1098.0 2007.12.08 -
AVG 7.5.0.503 2007.12.09 Obfustat.AASN
BitDefender 7.2 2007.12.09 -
CAT-QuickHeal 9.00 2007.12.08 Trojan.Agent.cys
ClamAV 0.91.2 2007.12.09 -
DrWeb 4.44.0.09170 2007.12.09 Trojan.Virtumod.244
eSafe 7.0.15.0 2007.12.06 -
eTrust-Vet 31.3.5361 2007.12.08 -
Ewido 4.0 2007.12.09 -
FileAdvisor 1 2007.12.09 -
Fortinet 3.14.0.0 2007.12.09 -
F-Prot 4.4.2.54 2007.12.08 -
F-Secure 6.70.13030.0 2007.12.09 Trojan.Win32.Agent.cys
Ikarus T3.1.1.12 2007.12.09 Trojan.Win32.Agent.cys
Kaspersky 7.0.0.125 2007.12.09 Trojan.Win32.Agent.cys
McAfee 5181 2007.12.08 -
Microsoft 1.3007 2007.12.09 -
NOD32v2 2711 2007.12.07 -
Norman 5.80.02 2007.12.07 W32/Agent.DKSH
Panda 9.0.0.4 2007.12.09 -
Prevx1 V2 2007.12.09 Trojan.DoS.Win32.Opdos
Rising 20.21.42.00 2007.12.07 -
Sophos 4.24.0 2007.12.09 Mal/Generic-A
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.09 -
TheHacker 6.2.9.153 2007.12.07 Trojan/Agent.cys
VBA32 3.12.2.5 2007.12.07 Trojan.Win32.Agent.cys
VirusBuster 4.3.26:9 2007.12.08 Adware.Vundo.V.Gen
Webwasher-Gateway 6.6.2 2007.12.08 Trojan.Agent.cys.3

mfg methos