Trojaner-Board - Rescue Disk stürzt ab; PC langsamer

Hallo zusammen,

mein PC braucht seit ich eine fragwürdige exe-datei ausgeführt habe etwas langsamer bzw. lädt manchmal lange, teilweise setzt das internet auch aus, zumindest für eine weile.
zur Sicherheit wollte ich nun eine Rescue-disk ausführen. Allerdings schaltet er sich immer nach einer Weile aus, bevor das Programm zu Ende gescannt hat. Ich habe AntiVir Rescue System und kaspersky rescue Disk 10 benutzt.
Im Internet fand ich nur, dass ich mich an das board hier wenden soll.
Könnt ihr mir weiterhelfen?

OTL logfile created on: 08.05.2011 11:36:14 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Braso\Downloads
64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,60 Gb Total Space | 5,49 Gb Free Space | 1,47% Space Free | Partition Type: NTFS

Computer Name: ULTIMATIVE | User Name: Braso | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Braso\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Join Air\UIExec.exe ()
PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe ()
PRC - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Neuer Ordner (2)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\Neuer Ordner (2)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Neuer Ordner (2)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)

========== Modules (SafeList) ==========

MOD - C:\Users\Braso\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\guard32.dll (COMODO)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\atiesrxx.exe ()
SRV:64bit: - (cmdAgent) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (AntiVirService) -- C:\Program Files\Neuer Ordner (2)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll ()
SRV:64bit: - (AntiVirSchedulerService) -- C:\Program Files\Neuer Ordner (2)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV:64bit: - (dtpd) -- C:\Program Files\VPN Client\dtpd.exe ()
SRV:64bit: - (iked) -- C:\Program Files\VPN Client\iked.exe ()
SRV:64bit: - (ipsecd) -- C:\Program Files\VPN Client\ipsecd.exe ()
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe ()
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll ()
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (a2AntiMalware) -- C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Treiber\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys ()
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys ()
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys ()
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys ()
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys ()
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\SysNative\Drivers\FPSensor.sys ()
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\DRIVERS\aksdf.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys ()
DRV:64bit: - (akshasp) -- C:\Windows\SysNative\DRIVERS\akshasp.sys ()
DRV:64bit: - (aksusb) -- C:\Windows\SysNative\DRIVERS\aksusb.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (vflt) -- C:\Windows\SysNative\DRIVERS\vfilter.sys ()
DRV:64bit: - (vnet) -- C:\Windows\SysNative\DRIVERS\virtualnet.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys ()
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys ()
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys ()
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys ()
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys ()
DRV - (Haspnt) -- C:\Windows\SysWOW64\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (hotcore3) -- C:\Windows\SysWOW64\drivers\hotcore3.sys (Paragon Software Group)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.07 12:26:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.07 12:26:25 | 000,000,000 | ---D | M]

[2009.09.02 14:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Braso\AppData\Roaming\mozilla\Extensions
[2011.05.07 14:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Braso\AppData\Roaming\mozilla\Firefox\Profiles\pi3hknej.default\extensions
[2010.11.06 03:26:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Braso\AppData\Roaming\mozilla\Firefox\Profiles\pi3hknej.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.01 15:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Braso\AppData\Roaming\Mozilla\Firefox\Profiles\pi3hknej.default\searchplugins\conduit.xml
[2009.11.06 18:10:09 | 000,002,059 | ---- | M] () -- C:\Users\Braso\AppData\Roaming\Mozilla\Firefox\Profiles\pi3hknej.default\searchplugins\daemon-search.xml
[2011.05.04 16:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.28 16:25:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.23 19:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.10 12:51:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BRASO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PI3HKNEJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.07 12:26:18 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.05.07 12:26:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.07 12:26:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.07 12:26:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.07 12:26:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.07 12:26:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.07 12:26:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AdiCash Toolbar) - {85223548-4D57-4A3B-896B-145985F681C6} - C:\Program Files (x86)\AdiCash\Toolbar.dll (AdiCash GmbH)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (AdiCash Toolbar) - {BB9540F0-94B9-4fe8-A2E1-DE3A506ECD4B} - C:\Program Files (x86)\AdiCash\Toolbar.dll (AdiCash GmbH)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AdiCash Toolbar) - {6AA99CB6-74AF-4136-A6C6-C64C95333249} - C:\Program Files (x86)\AdiCash\Toolbar.dll (AdiCash GmbH)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Acrobat Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Neuer Ordner (2)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [VitaKeyPdtWzd] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010.12.28 02:32:21 | 000,000,000 | ---D | M]
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Treiber\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Treiber\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Treiber\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Treiber\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Treiber\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Treiber\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Treiber\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Treiber\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll ()
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Braso\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Braso\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0d92fd67-b585-11de-a2da-00242cda0894}\Shell - "" = AutoRun
O33 - MountPoints2\{0d92fd67-b585-11de-a2da-00242cda0894}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{0fc5802a-142d-11e0-921b-00242cda0894}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc5802a-142d-11e0-921b-00242cda0894}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\{369c3db3-08d1-11df-8141-00242cda0894}\Shell\Autoplay\command - "" = usb_driver.exe
O33 - MountPoints2\{369c3db3-08d1-11df-8141-00242cda0894}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_driver.exe
O33 - MountPoints2\{369c3db3-08d1-11df-8141-00242cda0894}\Shell\explore\Command - "" = usb_driver.exe
O33 - MountPoints2\{369c3db3-08d1-11df-8141-00242cda0894}\Shell\Open\Command - "" = usb_driver.exe
O33 - MountPoints2\{5d992efa-2904-11df-baaa-00242cda0894}\Shell\Autoplay\command - "" = kingston.exe
O33 - MountPoints2\{5d992efa-2904-11df-baaa-00242cda0894}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kingston.exe
O33 - MountPoints2\{5d992efa-2904-11df-baaa-00242cda0894}\Shell\explore\Command - "" = kingston.exe
O33 - MountPoints2\{5d992efa-2904-11df-baaa-00242cda0894}\Shell\Open\Command - "" = kingston.exe
O33 - MountPoints2\{93f2897b-b586-11de-8f63-00242cda0894}\Shell - "" = AutoRun
O33 - MountPoints2\{93f2897b-b586-11de-8f63-00242cda0894}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{ce07733a-7b87-11df-a8a8-00242cda0894}\Shell\Autoplay\command - "" = E:\usb_tools.exe
O33 - MountPoints2\{ce07733a-7b87-11df-a8a8-00242cda0894}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\usb_tools.exe
O33 - MountPoints2\{ce07733a-7b87-11df-a8a8-00242cda0894}\Shell\explore\Command - "" = E:\usb_tools.exe
O33 - MountPoints2\{ce07733a-7b87-11df-a8a8-00242cda0894}\Shell\Open\Command - "" = E:\usb_tools.exe
O33 - MountPoints2\{dc6445c6-67f4-11df-a8cf-00242cda0894}\Shell\Autoplay\command - "" = E:\kingston.exe
O33 - MountPoints2\{dc6445c6-67f4-11df-a8cf-00242cda0894}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\kingston.exe
O33 - MountPoints2\{dc6445c6-67f4-11df-a8cf-00242cda0894}\Shell\explore\Command - "" = E:\kingston.exe
O33 - MountPoints2\{dc6445c6-67f4-11df-a8cf-00242cda0894}\Shell\Open\Command - "" = E:\kingston.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.07 17:02:31 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.05.04 23:36:17 | 000,000,000 | ---D | C] -- C:\Users\Braso\AppData\Roaming\R-TT
[2011.05.04 23:27:25 | 000,000,000 | ---D | C] -- C:\Users\Braso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
[2011.05.04 23:27:24 | 000,000,000 | ---D | C] -- C:\Users\Braso\Documents\R-TT
[2011.05.04 23:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R-Studio
[2011.05.03 14:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2011.05.03 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
[2011.04.23 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\Braso\AppData\Roaming\vlc
[2011.04.23 15:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.08 11:32:58 | 001,427,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.08 11:32:58 | 000,621,952 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.08 11:32:58 | 000,590,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.08 11:32:58 | 000,123,852 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.08 11:32:58 | 000,102,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.08 11:23:39 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 11:23:39 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 11:23:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.07 18:49:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.07 13:52:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{33D8D392-EEFB-42C8-9406-494FE21E3726}.job
[2011.05.04 20:12:33 | 000,103,424 | ---- | M] () -- C:\Users\Braso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.04 15:27:10 | 000,373,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.05.03 16:05:01 | 001,449,296 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.03 14:28:38 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2011.04.29 17:46:58 | 000,017,055 | ---- | M] () -- C:\Users\Braso\Desktop\520px-Logo-Universität_des_Saarlandes klein.svg.png
[2011.04.28 17:55:44 | 571,463,541 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.26 18:10:21 | 000,056,169 | ---- | M] () -- C:\Users\Braso\Desktop\PraktikumBachelor.pdf
[2011.04.24 18:26:55 | 000,342,104 | ---- | M] () -- C:\Users\Braso\Desktop\fulltext.pdf
[2011.04.24 17:15:19 | 000,078,027 | ---- | M] () -- C:\Users\Braso\Desktop\PraktikumInfo.pdf
[2011.04.23 15:27:34 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.23 15:24:56 | 020,533,281 | ---- | M] () -- C:\Users\Braso\Desktop\vlc-1.1.9-win32.exe
[2011.04.19 14:51:43 | 000,024,215 | ---- | M] () -- C:\Users\Braso\Desktop\520px-Logo-Universität_des_Saarlandes.svg.png
[2011.04.17 22:31:29 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.07 12:26:26 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.03 16:05:01 | 001,449,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.03 14:28:38 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2011.04.29 17:46:57 | 000,017,055 | ---- | C] () -- C:\Users\Braso\Desktop\520px-Logo-Universität_des_Saarlandes klein.svg.png
[2011.04.26 18:10:21 | 000,056,169 | ---- | C] () -- C:\Users\Braso\Desktop\PraktikumBachelor.pdf
[2011.04.24 18:26:55 | 000,342,104 | ---- | C] () -- C:\Users\Braso\Desktop\fulltext.pdf
[2011.04.24 17:15:19 | 000,078,027 | ---- | C] () -- C:\Users\Braso\Desktop\PraktikumInfo.pdf
[2011.04.23 15:27:34 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.23 15:24:22 | 020,533,281 | ---- | C] () -- C:\Users\Braso\Desktop\vlc-1.1.9-win32.exe
[2011.04.19 14:51:42 | 000,024,215 | ---- | C] () -- C:\Users\Braso\Desktop\520px-Logo-Universität_des_Saarlandes.svg.png
[2011.04.17 22:31:28 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.05 12:37:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.11.05 12:37:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.04.30 02:02:29 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.04.06 20:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Braso\AppData\Local\d3d8caps.dat
[2010.01.15 12:01:16 | 000,000,383 | ---- | C] () -- C:\Windows\SysWow64\haspdos.sys
[2010.01.15 11:57:19 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\hdduinst.exe
[2010.01.15 11:57:18 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2010.01.15 11:57:17 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2009.11.07 14:46:44 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009.10.25 00:31:06 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.10.23 20:03:57 | 000,000,276 | ---- | C] () -- C:\Windows\game.ini
[2009.10.10 12:23:12 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.09.04 12:57:17 | 000,000,680 | ---- | C] () -- C:\Users\Braso\AppData\Local\d3d9caps.dat
[2009.09.02 22:24:15 | 000,103,424 | ---- | C] () -- C:\Users\Braso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.02 03:10:43 | 004,244,744 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll
[2009.09.02 03:10:43 | 000,247,560 | ---- | C] () -- C:\Windows\SysWow64\prgiso.dll
[2009.09.02 03:10:43 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2009.09.02 02:14:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.09.02 01:55:15 | 000,000,732 | ---- | C] () -- C:\Users\Braso\AppData\Local\d3d9caps64.dat
[2009.09.02 01:05:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.07.14 18:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.06.02 18:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.12.03 11:41:58 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\VMC3KAPI.dll
[2008.01.21 04:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:48:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 17:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009.11.01 17:27:41 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\AdiCash
[2010.04.30 02:04:34 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Atari
[2010.12.09 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\AV Stumpfl
[2010.05.03 18:27:11 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Canneverbe_Limited
[2010.05.17 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Canon
[2009.10.22 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\DAEMON Tools Lite
[2009.09.06 13:42:34 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\DeepBurner
[2010.12.09 14:10:39 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Downloaded Installations
[2010.12.16 21:59:57 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\GetRightToGo
[2010.08.02 20:08:58 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\ICQ
[2009.10.22 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Leadertech
[2011.05.04 23:36:17 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\R-TT
[2010.11.22 18:44:11 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Research In Motion
[2010.05.05 20:17:22 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\SpieleEntwicklungsKombinat
[2010.09.02 21:50:57 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\streamripper
[2010.09.08 20:04:52 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Sytexis Software
[2010.07.26 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\TeamViewer
[2009.09.07 19:40:14 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Thinstall
[2009.10.24 23:58:12 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\TuneUp Software
[2009.10.10 13:02:03 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Ubisoft
[2009.09.13 23:57:51 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\Uniblue
[2009.09.02 15:00:50 | 000,000,000 | ---D | M] -- C:\Users\Braso\AppData\Roaming\VistaCodecs
[2011.05.07 18:49:53 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.07 13:52:05 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{33D8D392-EEFB-42C8-9406-494FE21E3726}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Users\Braso\ntuser.dat.log:{110214F5-DB92-3458-BA32-ACEAD44B0F0A}
@Alternate Data Stream - 24 bytes -> C:\Windows:747E36C37A214846

< End of report >