Trojaner-Board - Sirefef.xx, Conedex.B, Patched.B.Gen, Agent.BA

Hallo zusammen,

wie im Titel aufgeführt, habe ich abwechselnd die Meldungen von ESET NOD Antivirus 4 über

Sirefef.AP
Sirefef.AD
Sirefef.FD
Sirefef.EZ
Conedex.B
Patched.B.Gen
Agent.BA

Das ganze auf Win 7 64bit.

Ich habe mir dazu http://www.trojaner-board.de/121625-...-1-minute.html durchgelesen und unter OTLPE gescannt. Hier der Inhalt von OTL.Txt:

OTL logfile created on: 8/14/2012 12:39:27 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 8.73 Gb Total Space | 3.37 Gb Free Space | 38.53% Space Free | Partition Type: NTFS
Drive D: | 229.70 Gb Total Space | 9.31 Gb Free Space | 4.05% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/21 12:48:14 | 000,283,648 | ---- | M] (IDT, Inc.) [Auto] -- D:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/03/21 12:48:10 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/01/12 10:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand] -- D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 10:41:42 | 000,810,144 | ---- | M] (ESET) [Auto] -- D:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/12/02 14:30:26 | 000,203,264 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/10 11:40:46 | 000,015,296 | ---- | M] (Alienware) [Auto] -- D:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/07/19 18:48:36 | 000,340,240 | ---- | M] () [On_Demand] -- D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/05/08 02:15:06 | 000,314,880 | ---- | M] (OptionNV) [Auto] -- D:\Program Files\T-Mobile\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2012/08/02 14:21:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 07:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/17 08:36:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/29 19:04:34 | 000,224,096 | ---- | M] () [Auto] -- D:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2012/02/29 02:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/07 12:02:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/07 04:06:30 | 000,241,648 | ---- | M] (CyberLink) [Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 07:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/29 19:04:37 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2012/05/29 19:04:37 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/05/29 19:04:37 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/05/29 19:04:37 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/05/29 19:04:37 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- D:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2012/05/29 19:04:37 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/05/29 19:04:37 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2012/05/29 19:04:37 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/02/15 06:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/21 12:48:16 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/12/21 09:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto] -- D:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 09:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System] -- D:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 07:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto] -- D:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/12/02 16:05:22 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/02 13:55:00 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/02 11:09:50 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/11/30 09:48:38 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/30 09:32:36 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/16 20:43:32 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/16 20:43:32 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/04 11:36:24 | 012,178,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/24 12:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/07 09:41:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/20 05:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- D:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/08/10 09:16:28 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/26 16:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot] -- D:\Windows\System32\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/02/18 10:14:48 | 000,124,928 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV:64bit: - [2008/02/08 06:00:42 | 000,080,896 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV:64bit: - [2007/03/30 06:38:16 | 000,010,624 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/06/26 16:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot] -- D:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Josh_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.de/alienware
IE - HKU\Josh_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\Josh_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Josh_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_270.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: D:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/08/29 14:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/19 21:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/19 21:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 08:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/07 17:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/29 14:47:00 | 000,000,000 | ---D | M]

[2011/06/07 12:09:30 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2012/05/20 11:36:13 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\extensions
[2012/05/20 11:36:13 | 000,000,000 | ---D | M] (Garmin Communicator) -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/12 13:23:46 | 000,000,000 | ---D | M] (Babylon) -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\extensions\ffxtlbr@babylon.com
[2011/08/12 14:21:32 | 000,000,000 | ---D | M] (TVU Web Player) -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\extensions\firefox@tvunetworks.com
[2011/07/12 19:08:26 | 000,002,354 | ---- | M] () -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\searchplugins\aol-web-search.xml
[2011/08/20 18:05:32 | 000,002,396 | ---- | M] () -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\searchplugins\askcom.xml
[2012/04/09 16:27:17 | 000,003,916 | ---- | M] () -- D:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\saaqpzyk.default\searchplugins\sweetim.xml
[2012/04/26 09:26:51 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2012/06/17 08:36:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/25 17:36:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/19 21:43:17 | 000,129,144 | ---- | M] (RealPlayer) -- D:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/10 16:19:47 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/12 13:33:08 | 000,002,423 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/10 16:19:47 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/10 16:19:47 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/10 16:19:47 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/10 16:19:47 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/10 16:19:47 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011/08/12 14:16:39 | 000,000,000 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - D:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - D:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Josh_ON_D\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - D:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] D:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelWireless] D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] D:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] D:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] D:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Desktop Disc Tool] D:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] D:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] D:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] D:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] D:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Josh_ON_D..\Run: [Comrade.exe] D:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKU\Josh_ON_D..\Run: [MobileDocuments] D:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: D:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Josh_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Josh_ON_D\..Trusted Domains: comproof.net ([eu] https in Vertrauenswürdige Sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{413ad02b-a9df-11e1-b14d-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{413ad02b-a9df-11e1-b14d-68a3c44951ad}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{413ad040-a9df-11e1-b14d-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{413ad040-a9df-11e1-b14d-68a3c44951ad}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{79544983-b727-11e1-b631-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{79544983-b727-11e1-b631-68a3c44951ad}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{954c21e8-c39a-11e1-8c67-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{954c21e8-c39a-11e1-8c67-68a3c44951ad}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{97708032-b066-11e0-8a81-68a3c44951ad}\Shell - "" = AutoRun
O33 - MountPoints2\{97708032-b066-11e0-8a81-68a3c44951ad}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 17:01:04 | 000,000,000 | R--D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
[2012/08/13 12:28:24 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/08/13 11:57:35 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2B0E3F8C1277582A
[2012/08/13 11:56:24 | 000,000,000 | ---D | C] -- D:\Program Files\Enigma Software Group
[2012/08/13 11:55:57 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/13 11:50:49 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\SpeedyPC Software
[2012/08/13 11:50:49 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\DriverCure
[2012/08/13 11:50:46 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/13 11:50:42 | 000,000,000 | ---D | C] -- D:\ProgramData\SpeedyPC Software
[2012/08/13 11:47:40 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.F2D2D61D8D47EC66
[2012/08/13 11:38:52 | 000,138,120 | ---- | C] (ESET) -- D:\Users\Josh\Desktop\2_ESETSirefefRemover.exe
[2012/08/12 17:03:31 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.3BBFFB64C748F7F3
[2012/08/12 16:52:59 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.4A564558A9C088B3
[2012/08/12 16:42:23 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.20A9F0D949E6D114
[2012/08/12 16:31:56 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.1B3E7BE9573C7250
[2012/08/12 16:19:32 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.81CCB6D38927DF2F
[2012/08/12 16:13:19 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.37FACFA12625A752
[2012/08/12 16:10:20 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AF621FEF8B8BF302
[2012/08/12 16:06:49 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.E752DBE5603390C5
[2012/08/12 16:00:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- D:\Users\Josh\Desktop\OTL.exe
[2012/08/12 16:00:06 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8A6A2E1F7F4507A1
[2012/08/12 15:56:36 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.02BE3810F7A4BCE8
[2012/08/12 15:54:44 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\ESET
[2012/08/12 15:49:58 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.0A5F500305415740
[2012/08/12 15:46:36 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.97806A36A014C9B4
[2012/08/12 15:43:36 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AC01F679038001F1
[2012/08/12 15:40:15 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8D6101166421DF9A
[2012/08/12 15:37:02 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2878E6FF69F62158
[2012/08/12 15:34:05 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.C43CD81544C76944
[2012/08/12 15:28:44 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Malwarebytes
[2012/08/12 15:28:41 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/12 15:28:37 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2012/08/12 15:28:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2012/08/12 15:28:36 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/12 15:23:43 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.B147AEC97FB3E394
[2012/08/12 15:16:45 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2C7F582261C1EEBC
[2012/08/12 15:13:37 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AA61A46E3D49701A
[2012/08/12 15:01:58 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.E79EB188344D02A9
[2012/08/12 14:51:21 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.BF6C368E86FEC93C
[2012/08/12 14:45:28 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8D7A4FA0595E2431
[2012/08/12 14:42:21 | 000,328,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\services.exe.39C49BBA37BE1989
[2012/08/12 14:32:15 | 000,000,000 | ---D | C] -- D:\Users\Josh\Documents\Simply Super Software
[2012/08/12 14:32:06 | 000,000,000 | ---D | C] -- D:\ProgramData\Simply Super Software
[2012/08/12 14:30:08 | 057,442,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\MRT.exe
[2012/08/12 06:15:27 | 000,000,000 | -HSD | C] -- D:\Windows\SysWow64\%APPDATA%
[2012/08/02 14:30:29 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\IDT
[2012/08/01 18:25:48 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/07/29 12:54:52 | 000,000,000 | ---D | C] -- D:\Windows\pss
[2012/07/27 18:55:47 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Ytloun
[2012/07/27 18:55:47 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Uwrow
[2012/07/27 18:55:47 | 000,000,000 | ---D | C] -- D:\Users\Josh\AppData\Roaming\Togoe
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 17:23:45 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/08/13 17:23:23 | 2106,449,919 | -HS- | M] () -- D:\hiberfil.sys
[2012/08/13 17:21:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 17:16:00 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 17:08:09 | 000,021,280 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 17:08:09 | 000,021,280 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 17:05:06 | 000,726,370 | ---- | M] () -- D:\Windows\System32\perfh019.dat
[2012/08/13 17:05:06 | 000,711,706 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/08/13 17:05:06 | 000,664,656 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/08/13 17:05:06 | 000,155,022 | ---- | M] () -- D:\Windows\System32\perfc019.dat
[2012/08/13 17:05:06 | 000,154,660 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/08/13 17:05:06 | 000,126,682 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/08/13 17:01:08 | 000,001,102 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/13 17:01:05 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
[2012/08/13 12:08:02 | 000,001,945 | ---- | M] () -- D:\Windows\epplauncher.mif
[2012/08/13 11:57:35 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2B0E3F8C1277582A
[2012/08/13 11:49:42 | 000,001,205 | ---- | M] () -- D:\Users\Josh\Desktop\N1_FixNCR.reg
[2012/08/13 11:47:40 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.F2D2D61D8D47EC66
[2012/08/13 11:38:55 | 004,009,167 | ---- | M] () -- D:\Users\Josh\Desktop\3_ServicesRepair.exe
[2012/08/13 11:38:52 | 000,138,120 | ---- | M] (ESET) -- D:\Users\Josh\Desktop\2_ESETSirefefRemover.exe
[2012/08/13 11:38:50 | 002,030,547 | ---- | M] () -- D:\Users\Josh\Desktop\1_EZ_Sirefix.exe
[2012/08/12 17:03:31 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.3BBFFB64C748F7F3
[2012/08/12 16:52:59 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.4A564558A9C088B3
[2012/08/12 16:42:23 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.20A9F0D949E6D114
[2012/08/12 16:31:56 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.1B3E7BE9573C7250
[2012/08/12 16:19:32 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.81CCB6D38927DF2F
[2012/08/12 16:13:19 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.37FACFA12625A752
[2012/08/12 16:10:20 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AF621FEF8B8BF302
[2012/08/12 16:06:49 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.E752DBE5603390C5
[2012/08/12 16:00:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Users\Josh\Desktop\OTL.exe
[2012/08/12 16:00:06 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8A6A2E1F7F4507A1
[2012/08/12 15:56:36 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.02BE3810F7A4BCE8
[2012/08/12 15:49:58 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.0A5F500305415740
[2012/08/12 15:46:36 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.97806A36A014C9B4
[2012/08/12 15:43:36 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AC01F679038001F1
[2012/08/12 15:40:15 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8D6101166421DF9A
[2012/08/12 15:37:02 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2878E6FF69F62158
[2012/08/12 15:34:05 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.C43CD81544C76944
[2012/08/12 15:28:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/12 15:23:43 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.B147AEC97FB3E394
[2012/08/12 15:16:45 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.2C7F582261C1EEBC
[2012/08/12 15:13:37 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.AA61A46E3D49701A
[2012/08/12 15:01:58 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.E79EB188344D02A9
[2012/08/12 14:51:21 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.BF6C368E86FEC93C
[2012/08/12 14:45:28 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.8D7A4FA0595E2431
[2012/08/12 14:42:21 | 000,328,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\services.exe.39C49BBA37BE1989
[2012/08/12 14:40:32 | 002,572,706 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/02 14:21:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 14:21:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/01 18:31:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/07/29 12:54:52 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/13 11:49:42 | 000,001,205 | ---- | C] () -- D:\Users\Josh\Desktop\N1_FixNCR.reg
[2012/08/13 11:38:54 | 004,009,167 | ---- | C] () -- D:\Users\Josh\Desktop\3_ServicesRepair.exe
[2012/08/13 11:38:49 | 002,030,547 | ---- | C] () -- D:\Users\Josh\Desktop\1_EZ_Sirefix.exe
[2012/08/12 14:40:38 | 000,001,945 | ---- | C] () -- D:\Windows\epplauncher.mif
[2011/10/17 17:46:44 | 000,167,080 | -H-- | C] () -- D:\Windows\SysWow64\mlfcache.dat
[2011/10/06 14:42:06 | 000,021,840 | ---- | C] () -- D:\Windows\SysWow64\SIntfNT.dll
[2011/10/06 14:42:06 | 000,017,212 | ---- | C] () -- D:\Windows\SysWow64\SIntf32.dll
[2011/10/06 14:42:06 | 000,012,067 | ---- | C] () -- D:\Windows\SysWow64\SIntf16.dll
[2011/09/21 03:17:24 | 000,000,288 | ---- | C] () -- D:\Users\Josh\AppData\Roaming\.backup.dm
[2011/08/12 14:17:04 | 000,000,380 | ---- | C] () -- D:\Windows\psnetwork.ini
[2011/07/10 18:30:41 | 000,000,092 | ---- | C] () -- D:\Users\Josh\AppData\Local\fusioncache.dat
[2011/06/09 18:38:40 | 000,000,997 | ---- | C] () -- D:\Windows\eReg.dat
[2011/05/29 06:20:48 | 000,960,812 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin
[2011/05/29 06:20:48 | 000,206,952 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin
[2011/05/29 06:20:46 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin
[2011/05/29 06:20:43 | 000,002,888 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2011/05/29 04:52:52 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/05/29 04:41:28 | 000,002,888 | ---- | C] () -- D:\Windows\SysWow64\atipblup.dat
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2011/02/11 14:06:36 | 002,572,706 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2010/11/10 11:50:38 | 000,098,232 | ---- | C] () -- D:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009/09/09 19:18:28 | 000,577,536 | ---- | C] () -- D:\Windows\SysWow64\EMSC.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/07 07:51:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Alienware
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/05/14 14:30:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2012/05/29 19:05:53 | 000,000,000 | ---D | M] -- D:\ProgramData\DatacardService
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/08/29 14:47:00 | 000,000,000 | ---D | M] -- D:\ProgramData\ESET
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/05/29 19:05:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Internet Manager
[2011/05/29 04:58:20 | 000,000,000 | ---D | M] -- D:\ProgramData\PhotoShow Shared Assets
[2012/08/12 14:32:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Simply Super Software
[2011/06/19 08:56:30 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield
[2012/08/13 12:20:02 | 000,000,000 | ---D | M] -- D:\ProgramData\SpeedyPC Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/04/09 16:27:10 | 000,000,000 | ---D | M] -- D:\ProgramData\SweetIM
[2012/08/13 17:10:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/05/29 04:58:40 | 000,000,000 | ---D | M] -- D:\ProgramData\Uninstall
[2011/05/29 04:46:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Vista32
[2011/05/29 04:46:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Vista64
[2011/06/07 07:49:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/05/29 04:52:45 | 000,000,000 | ---D | M] -- D:\ProgramData\Win732
[2011/05/29 04:52:45 | 000,000,000 | ---D | M] -- D:\ProgramData\Win764
[2011/05/29 04:46:48 | 000,000,000 | ---D | M] -- D:\ProgramData\XP32
[2011/06/09 13:44:55 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/26 14:13:53 | 000,000,000 | -H-D | M] -- D:\ProgramData\{D7941DA4-2EF5-4E70-8A3D-3CF7634A336B}
[2012/08/13 11:42:38 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> D:\ProgramData\Temp:CB0AACC9
< End of report >