Malware verschickt sich selbst, das übliche eben

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7465

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.08.2011 21:09:17
mbam-log-2011-08-14 (21-09-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 268737
Laufzeit: 1 Stunde(n), 34 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\Users\Chris\Cache\igfxcf32.exe (Rootkit.0Access.XGen) -> 456 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Intel Driver Control (Rootkit.0Access.XGen) -> Value: Intel Driver Control -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Chris\Cache\igfxcf32.exe (Rootkit.0Access.XGen) -> Delete on reboot.
c:\$RECYCLE.BIN\s-1-5-21-2660551533-2105653681-1586402070-1000\$R66GB2V\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> Quarantined and deleted successfully.
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
         

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7465

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.08.2011 21:17:40
mbam-log-2011-08-14 (21-17-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 181175
Laufzeit: 6 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 43

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Medion\downloads\installer_counter-strike_1_6_english_-_russian_deutsch.exe (PUP.SmsPay.PGen) -> Not selected for removal.
c:\Users\Chris\AppData\Local\Temp\0160501.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\0881406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\1148477.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\1861003.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\2021974.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\2513178.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\2516844.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\2590346.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\3105502.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\3891229.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\4076213.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\4201745.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\4839828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\4858707.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5153270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5237915.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5390823.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5547791.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5575083.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5677685.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5780810.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5871600.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5891380.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\5951912.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\6493336.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\6963787.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\7033223.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\7046007.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\7091548.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\7282261.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\7699881.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\7777742.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\8049545.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\8251086.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\8631433.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\8717799.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\9208277.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\9255678.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\9284693.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\9536480.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\9843615.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully.
         

19:33:46	Chris	MESSAGE	Protection started successfully
19:33:51	Chris	MESSAGE	IP Protection started successfully
19:35:43	Chris	DETECTION	C:\USERS\CHRIS\CACHE\IGFXCF32.EXE	Rootkit.0Access.XGen	QUARANTINE
19:36:04	Chris	DETECTION	C:\Users\Chris\Cache\igfxcf32.exe	Rootkit.0Access.XGen	DENY
19:45:11	Chris	DETECTION	C:\USERS\CHRIS\CACHE\IGFXCF32.EXE	Rootkit.0Access.XGen	DENY
19:51:46	Chris	DETECTION	C:\USERS\CHRIS\CACHE\IGFXCF32.EXE	Rootkit.0Access.XGen	DENY
20:34:51	Chris	DETECTION	C:\USERS\CHRIS\CACHE\IGFXCF32.EXE	Rootkit.0Access.XGen	DENY
20:55:23	Chris	DETECTION	C:\USERS\CHRIS\CACHE\IGFXCF32.EXE	Rootkit.0Access.XGen	DENY
22:25:45	Chris	DETECTION	C:\USERS\CHRIS\CACHE\IGFXCF32.EXE	Rootkit.0Access.XGen	DENY