TR/Agent.cmn.1 wie bekomme ich den weg??

#1 Hallo hab mir irgendwie was eingefangen weiß aber nicht wie man so en ding löscht??
Habs über Antivir versucht auf löschen aber findet immer wieder den Trojaner!

Wär über Hilfe sehr erfreut!

#2 Hallo Salva

1.
erstelle bitte laut Anleitung ein Log vom HijackThis + poste hier das Log
http://virus-protect.org/hjtkurz.html

Beim Erststart:
Do a system scan and save a logfile - es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und hier mit rechtem Mausklick "einfügen"

2.
scanne noch mal mit Antivirus und kopiere den scanreport hier.
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hier meine Hijack Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:05, on 22.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 4746 bytes


Und hier der Virusreport




Avira AntiVir Personal
Report file date: Dienstag, 22. April 2008 12:41

Scanning for 1227160 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: TEUFEL

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09.04.2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 14.04.2008 17:42:51
AVSCAN.DLL : 8.1.1.0 53505 Bytes 14.04.2008 17:42:51
LUKE.DLL : 8.1.2.9 151809 Bytes 14.04.2008 17:42:51
LUKERES.DLL : 8.1.2.1 12033 Bytes 14.04.2008 17:42:51
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 20:19:21
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 19:22:23
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11.04.2008 17:25:23
ANTIVIR3.VDF : 7.0.3.194 463360 Bytes 21.04.2008 15:18:14
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 14.04.2008 17:42:51
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 19.04.2008 13:26:50
AESCN.DLL : 8.1.0.14 119156 Bytes 19.04.2008 13:26:48
AERDL.DLL : 8.1.0.19 418164 Bytes 14.04.2008 17:42:51
AEPACK.DLL : 8.1.1.2 364917 Bytes 19.04.2008 13:26:47
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19.04.2008 13:26:43
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 14.04.2008 17:42:51
AEHELP.DLL : 8.1.0.14 115063 Bytes 19.04.2008 13:26:41
AEGEN.DLL : 8.1.0.17 299380 Bytes 19.04.2008 13:26:40
AEEMU.DLL : 8.1.0.5 430450 Bytes 14.04.2008 17:42:51
AECORE.DLL : 8.1.0.27 168310 Bytes 19.04.2008 13:26:37
AVWINLL.DLL : 1.0.0.7 14593 Bytes 14.04.2008 17:42:51
AVPREF.DLL : 8.0.0.1 25857 Bytes 14.04.2008 17:42:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 14.04.2008 17:42:51
AVARKT.DLL : 1.0.0.23 307457 Bytes 14.04.2008 17:42:50
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 14.04.2008 17:42:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 14.04.2008 17:42:51
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 14.04.2008 17:42:51
NETNT.DLL : 8.0.0.1 7937 Bytes 14.04.2008 17:42:51
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 14.04.2008 17:42:47
RCTEXT.DLL : 8.0.32.0 86273 Bytes 14.04.2008 17:42:47

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programme\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Dienstag, 22. April 2008 12:41

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'WLanNetService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: Dienstag, 22. April 2008 12:56
Used time: 14:45 min

The scan has been done completely.

4046 Scanning directories
175189 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
175189 Files not concerned
1134 Archives were scanned
2 Warnings
0 Notes

#4 Boot sector 'C:\'
[INFO] No virus was found!
der Treiber wird nicht gescannt - sptd.sys...ist kein Virus
__________
MfG Sabina

rund um die PC-Sicherheit

#5 muss dazusagen hab ihn gelöscht!! Als ich ihn bei Av gescannt habe hier dr alte Scanreport!

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Dokumente und Einstellungen\Salvatore\Desktop\Heruntergeladene Songs\Clone DVD v2.9.1.0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

#6 ist gut, ist gut zweimal muss ich das nicht sehen (hab den letzten Beitrag rausgelöscht, war ja der gleiche)
ist ja alles wieder o.k.
Du kannst noch einen Onlinescan mit Bitdefender machen
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Also hier findet er eine infected File!!

Poste hier sicherheitshalber ganz vorsichtig die Log File!

BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 10:34:05 23/04/2008
Log path : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bitdefender\Desktop\Profiles\Logs\quick_scan\1208939645_1_01.xml

Scan Pathsath0000: C:\WINDOWS
Path0001: C:\Programme


Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : No


Target selection options:Scan registry keys : No
Scan cookies : No
Scan boot sectors : No
Scan memory processes : No
Scan archives : No
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 1175597
Archive plugins : 42
Email plugins : 6
Scan plugins : 12
Archive plugins : 42
System plugins : 4
Unpack plugins : 7


Overall scan summaryScanned items : 61946
Infected items : 1
Suspicious items : 0
Resolved items : 1
Individual viruses found : 1
Scanned directories : 1665
Scanned boot sectors : 0
Scanned archives : 389
Input-output errors : 1
Scan time : 00:00:13:20
Files per second : 77


Scanned processes summaryScanned : 0
Infected : 0


Scanned registry keys summaryScanned : 0
Infected : 0


Scanned cookies summaryScanned : 0
Infected : 0


Remaining issues:Object Name Threat Name Final Status


Resolved issues:Object Name Threat Name Final Status
C:\Programme\DAEMON Tools\SetupDTSB.exe Application.Adware.Savenow.G Moved to Quarantine


Objects that were not scanned:Object Name Reason Final Status

#8 deinstalliere C:\Programme\DAEMON Tools (ist kein Virus, ist Adware) , dann ist alles wieder sauber.
__________
MfG Sabina

rund um die PC-Sicherheit