Trojaner-Board - Malware.Packer.Gen nach Skype Installation

Habe heute nochmal vollständige Scans laufen lassen.
Kann da mal jemand drüber schauen und mir sagen ob noch was veranlasst ist?

Vielen Dank schon mal!

HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:08:44, on 30.09.2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\BisonCam\BisonHK.exe

C:\Windows\BisonCam\BsMnt.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\\***\\Downloads\HiJackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [BsMnt] C:\Windows\BisonCam\BsMnt.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix: 

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
 

--

End of file - 3581 bytes

--- --- ---

GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-09-30 18:05:06

Windows 6.1.7600 

Running: bz92b7wv.exe; Driver: C:\Users\\***\\AppData\Local\Temp\uwldapow.sys
 
 

---- System - GMER 1.0.15 ----
 

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C45AF8

INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C45104

INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C453F4

INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C2D634

INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C2D898

INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C451DC

INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C45958

INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C456F8

INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C45F2C

INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                82C461A8
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                         8285E599 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                  82882F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                section is writeable [0x91A1F000, 0x2D5378, 0xE8000020]

.text           peauth.sys                                                                                              9D240C9D 28 Bytes  [04, 86, 3D, 64, C3, 93, 83, ...]

.text           peauth.sys                                                                                              9D240CC1 28 Bytes  [04, 86, 3D, 64, C3, 93, 83, ...]

PAGE            peauth.sys                                                                                              9D24702C 102 Bytes  [90, CA, 2B, 0F, 88, 4A, FF, ...]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1640] kernel32.dll!SetUnhandledExceptionFilter      76BA3162 4 Bytes  [C2, 04, 00, 00]
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\ACPI_HAL \Device\00000048                                                                       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId  33

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\34                             

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\34@CrawlType                   2

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\34@InProgress                  1

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\34@DoneAddingCrawlSeeds        1

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\34@IsCatalogLevel              0

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\34@LogStartAddId               2

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberInProgress    34
 

---- EOF - GMER 1.0.15 ----

--- --- ---

SUPERAntiSpyware Scan Log

Code:

hxxp://www.superantispyware.com
 

Generated 09/30/2010 at 05:54 PM
 

Application Version : 4.43.1000
 

Core Rules Database Version : 5609

Trace Rules Database Version: 3421
 

Scan type       : Complete Scan

Total Scan Time : 00:28:24
 

Memory items scanned      : 337

Memory threats detected   : 0

Registry items scanned    : 7292

Registry threats detected : 0

File items scanned        : 62454

File threats detected     : 6
 

Adware.Tracking Cookie

    C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\\***\@ad.yieldmanager[2].txt

    C:\Users\\***\\AppData\Roaming\Microsoft\Windows\Cookies\Low\\***\@atdmt[1].txt

    C:\Users\\***\\AppData\Roaming\Microsoft\Windows\Cookies\Low\\***\@fastclick[1].txt

    C:\Users\\***\\AppData\Roaming\Microsoft\Windows\Cookies\Low\\***\@interclick[1].txt

    C:\Users\\***\\AppData\Roaming\Microsoft\Windows\Cookies\Low\\***\@msnportal.112.2o7[1].txt

    C:\Users\\***\\AppData\Roaming\Microsoft\Windows\Cookies\Low\\***\@tradedoubler[2].txt