Trojaner-Board - virus RKITagent

Hallo zusammen. habe diesen virus/trojaner und krieg ihn einfach nicht weg. hab schon alles probiert. wäre super wenn jemand helfen kann.
Hier die OTL logfile:

OTL logfile created on: 06.08.2012 20:45:38 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Mathias\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,25% Memory free
8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 739,06 Gb Free Space | 79,34% Space Free | Partition Type: NTFS

Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.08.06 20:40:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
PRC - [2012.08.06 19:04:33 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:14:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:14:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.20 07:15:27 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.20 15:43:56 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.02.11 18:39:48 | 000,131,072 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe
PRC - [2009.11.10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
PRC - [2009.07.14 03:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe
PRC - [2009.03.20 02:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 02:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2008.08.21 16:28:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
PRC - [2008.08.15 15:20:18 | 000,151,552 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Salmosa\razerofa.exe
PRC - [2007.08.16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files (x86)\Razer\Lachesis\OSD.exe
PRC - [2007.06.05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Lachesis\razerofa.exe

========== Modules (No Company Name) ==========

MOD - [2009.11.10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
MOD - [2008.08.21 16:28:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Salmosa\razerhid.exe

========== Win32 Services (SafeList) ==========

SRV - [2012.06.17 12:48:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 20:14:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:14:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.20 07:15:27 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 02:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.08 20:14:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:14:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.22 15:09:51 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2011.11.24 11:10:08 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.11.13 22:38:10 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.04 17:59:00 | 000,046,080 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\C2xxUSB76.sys -- (C2xxUSB)
DRV:64bit: - [2010.08.09 12:06:34 | 000,049,920 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\C2XXCOM76.sys -- (C2XXCOM)
DRV:64bit: - [2010.06.10 16:15:00 | 000,009,216 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\C2xSTR76.sys -- (C2xxUsbStorage)
DRV:64bit: - [2010.04.27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.10.16 21:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2008.03.20 17:59:00 | 000,011,904 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\salmosa.sys -- (salmosa)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 B2 0F F6 A2 9F CC 01 [binary data]
IE - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Mathias\AppData\Roaming\13001.033 [2012.07.30 00:46:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 12:48:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Mathias\AppData\Roaming\13001.033 [2012.07.30 00:46:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 12:48:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.11.10 15:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2012.07.05 23:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\17jwx3l6.default\extensions
[2012.03.19 19:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.30 00:46:53 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MATHIAS\APPDATA\ROAMING\13001.033
[2012.06.17 12:48:39 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.13 17:27:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 17:27:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 17:27:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.15 19:24:34 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.13 17:27:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 17:27:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 17:27:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Programme\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Blackcomb] C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe (Samsung Electronics.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1020321717-1987679030-184325442-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-1020321717-1987679030-184325442-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-1020321717-1987679030-184325442-1000..\Run: [Userinit] C:\Users\Mathias\AppData\Roaming\appconf32.exe ()
O4 - HKU\S-1-5-21-1020321717-1987679030-184325442-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-1020321717-1987679030-184325442-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1020321717-1987679030-184325442-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1020321717-1987679030-184325442-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.7.30.125 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2906BAEB-A929-4DA0-8E07-CC2DEF4566FC}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BD20FE6-46D7-435C-8B5E-75CAF9A657B7}: DhcpNameServer = 139.7.30.125 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E184FB2D-CECC-4A44-8200-CD41B25A570F}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{535f9d78-0b91-11e1-aa8f-00044b1751fa}\Shell - "" = AutoRun
O33 - MountPoints2\{535f9d78-0b91-11e1-aa8f-00044b1751fa}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{b4e7d881-1674-11e1-899b-bc054300d689}\Shell - "" = AutoRun
O33 - MountPoints2\{b4e7d881-1674-11e1-899b-bc054300d689}\Shell\AutoRun\command - "" = F:\Launcher.exe
O33 - MountPoints2\{d7887d26-92c0-11e1-b806-bc054300d689}\Shell - "" = AutoRun
O33 - MountPoints2\{d7887d26-92c0-11e1-b806-bc054300d689}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{eee098f0-25ad-11e1-9088-bc054300d689}\Shell - "" = AutoRun
O33 - MountPoints2\{eee098f0-25ad-11e1-9088-bc054300d689}\Shell\AutoRun\command - "" = J:\AutoInstaller.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.06 20:40:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012.08.06 20:19:28 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\FLT
[2012.08.06 20:19:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Documents\Shiner
[2012.08.06 20:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orcs Must Die 2
[2012.08.06 20:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die 2
[2012.08.06 20:06:23 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Neuer Ordner
[2012.08.06 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Orcs_Must_Die_2-FLT
[2012.08.06 19:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.30 00:46:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\13001.033
[2012.07.27 22:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2
[2012.07.27 10:52:05 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\13001.031
[2012.07.23 21:27:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\13001.029
[2012.07.21 12:17:28 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\UAs
[2012.07.21 03:35:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\13001.028
[2012.07.19 02:55:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\13001.027
[2012.07.19 01:51:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Razer
[2012.07.19 01:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012.07.19 01:48:38 | 000,029,952 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\Lachesis.sys
[2012.07.18 06:23:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\13001.026
[2012.07.18 06:22:50 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\xmldm
[2012.07.18 06:22:50 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\kock
[2012.07.12 17:24:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 17:24:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 17:24:19 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 17:24:17 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 17:24:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.10 17:21:24 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\vlc
[2012.07.10 17:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.07.10 17:20:28 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\FreeTV
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Mathias\AppData\Roaming\*.tmp files -> C:\Users\Mathias\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.06 20:46:05 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 20:46:05 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 20:43:23 | 004,055,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.06 20:43:23 | 001,609,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.06 20:43:23 | 001,185,512 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.06 20:43:23 | 001,054,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.06 20:43:23 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.06 20:40:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012.08.06 20:38:43 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.08.06 20:38:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 20:38:33 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.06 20:10:57 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
[2012.07.31 11:34:29 | 000,000,017 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\blckdom.res
[2012.07.30 20:52:47 | 000,175,760 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\AcroIEHelpe180.dll
[2012.07.30 20:52:47 | 000,006,400 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\BAcroIEHelpe180.dll
[2012.07.23 21:16:11 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.19 03:04:08 | 000,000,037 | ---- | M] () -- C:\Users\Mathias\Desktop\1ch128.m3u
[2012.07.18 03:43:40 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Mathias\AppData\Roaming\*.tmp files -> C:\Users\Mathias\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.06 20:10:57 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Orcs Must Die! 2.lnk
[2012.07.30 20:52:47 | 000,175,760 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\AcroIEHelpe180.dll
[2012.07.30 20:52:47 | 000,006,400 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\BAcroIEHelpe180.dll
[2012.07.27 23:19:45 | 749,575,658 | ---- | C] () -- C:\Users\Mathias\Desktop\Gummo DVDRiP German Dubbed 1997 XviD.avi
[2012.07.27 22:54:27 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.07.27 22:54:27 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.07.27 22:54:27 | 000,001,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2012.07.21 12:17:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad
[2012.07.19 03:04:08 | 000,000,037 | ---- | C] () -- C:\Users\Mathias\Desktop\1ch128.m3u
[2012.07.18 06:23:11 | 000,000,017 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\blckdom.res
[2012.07.10 17:20:27 | 004,641,092 | ---- | C] () -- C:\Users\Mathias\Desktop\sdx.cc
[2011.11.10 17:44:09 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini
[2011.11.10 15:55:18 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.10 15:55:17 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Mathias\AppData\Roaming\appconf32.exe

========== LOP Check ==========

[2012.07.18 06:23:19 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\13001.026
[2012.07.19 02:55:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\13001.027
[2012.07.21 03:35:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\13001.028
[2012.07.23 21:27:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\13001.029
[2012.07.27 10:52:05 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\13001.031
[2012.07.30 00:46:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\13001.033
[2012.02.16 17:43:32 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DAEMON Tools Lite
[2012.07.19 01:58:41 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DarknessII
[2012.01.02 14:01:04 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\EnchantedCavern
[2012.07.18 06:22:50 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\kock
[2012.05.06 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\LaunchPad
[2011.11.10 15:32:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Origin
[2012.07.19 01:51:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Razer
[2011.12.26 11:59:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TS3Client
[2011.11.14 21:40:19 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ts3overlay
[2012.07.21 12:17:29 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\UAs
[2011.11.24 10:52:03 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Uniblue
[2012.06.13 00:16:22 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\WinFellow
[2012.07.21 12:18:08 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\xmldm
[2012.08.06 20:38:43 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012.05.09 10:53:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >