browser hijacked qvo6.com malware

[Benutzer]

Thank you for the explanation. I don't understand the whole /roaming/ Folder under AppData. But thats according to my restricted computer skills.
anyway, computer is running fine so far. All around a bit slow since I have this qvo6 malware. But could decreased in speed aso cause I registered several cloud storage services recently (Dropbox and other)

Did the OTL scan. But there is no EXTRAS.txt file. I'm so sorry, assume I did the wrong settings ?
At the end of May I had download OTL and ran it without userdefined fixes/scans. Maybe it now took the former adjustments ?
The EXTRAS file I found is from May 30th and not valid for this scan.

Just had a screen shot from the final window of OTL. Should I have marked the Extras at the yellow mark ?
extras.JPG
I hope I didn't damage anything. Sorry for the problem.


Here's only the OTL scan results:
-----------OTL.txt-------------------------
OTL logfile created on: 02.07.2013 12:19:02 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HEF01\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,74% Memory free
5,97 Gb Paging File | 3,83 Gb Available in Paging File | 64,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 687,71 Gb Total Space | 413,48 Gb Free Space | 60,12% Space Free | Partition Type: NTFS
Drive D: | 9,76 Gb Total Space | 2,99 Gb Free Space | 30,68% Space Free | Partition Type: NTFS

Computer Name: HEF01-THINK | User Name: HEF01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\HEF01\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe (Samsung)
PRC - C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe (Samsung)
PRC - C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe ()
PRC - C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe ()
PRC - C:\Program Files\HI-epanelLSPService\HI-epanelLspService.exe (HI-epanel)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Authentec Inc.)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
PRC - C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
PRC - C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
PRC - C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
PRC - C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
PRC - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Windows\System32\nvShell.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AllShare Framework DMS) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe (Samsung)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe ()
SRV - (HI-epanel-Reporting-Service) -- C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe ()
SRV - (HI-epanel-Update-Service) -- C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe ()
SRV - (HI-epanelLSPService) -- C:\Program Files\HI-epanelLSPService\HI-epanelLspService.exe (HI-epanel)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin)
SRV - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin)
SRV - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (TwonkyProxy) -- C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyServer) -- C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
SRV - (TwonkyWebDav) -- C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AxAutoMntSrv) -- C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (QDLService2kLenovo) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (UI Assistant Service) -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe ()
SRV - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (NvtlService) -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)


========== Driver Services (SafeList) ==========

DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found
DRV - (mbr) -- C:\Users\HEF01\AppData\Local\Temp\mbr.sys File not found
DRV - (catchme) -- C:\Users\HEF01\AppData\Local\Temp\catchme.sys File not found
DRV - (arkc77h7) -- File not found
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SSCBFS3) -- C:\Windows\System32\drivers\sscbfs3.sys (EldoS Corporation)
DRV - (EUFDDISK) -- C:\Windows\System32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBKMON) -- C:\Windows\System32\drivers\EUBKMON.sys ()
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\System32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (SmbDrvI) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\Netwsn00.sys (Intel Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV - (tapoas) -- C:\Windows\System32\drivers\tapoas.sys (The OpenVPN Project)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV - (NWIM) -- C:\Windows\System32\drivers\avmnwim.sys (AVM Berlin)
DRV - (PCDSRVC{3037D694-FD904ACA-06020200}_0) -- c:\Program Files\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (smihlp2) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (5U877) -- C:\Windows\System32\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV - (qcusbnetlno2k) -- C:\Windows\System32\drivers\qcusbnetlno2k.sys (QUALCOMM Incorporated)
DRV - (qcusbserlno2k) -- C:\Windows\System32\drivers\qcusbserlno2k.sys (QUALCOMM Incorporated)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (FLxHCIc) -- C:\Windows\System32\drivers\FLxHCIc.sys (Fresco Logic)
DRV - (FLxHCIh) -- C:\Windows\System32\drivers\FLxHCIh.sys (Fresco Logic)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (qcfilterlno2k) -- C:\Windows\System32\drivers\qcfilterlno2k.sys (QUALCOMM Incorporated)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (TurboB) -- C:\Windows\System32\drivers\TurboB.sys ()
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8CBA94D2-0004-4EDB-BD2D-DC3EC9287C9A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..\SearchScopes,DefaultScope = {8CBA94D2-0004-4EDB-BD2D-DC3EC9287C9A}
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*
IE - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: ""
FF - prefs.js..extension.gacela.network.proxy.type: 5
FF - prefs.js..extensions.enabledAddons: %7Baab35b56-0206-4472-9993-9cb5c09bb722%7D:1.5.5
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.7.0
FF - prefs.js..extensions.enabledAddons: gacela2%40nurago.com:13.1.50
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.autoconfig_url: "http://dtcproxy.gacela.eu/impact-de/autoproxyconfig.php?id=18735&type=FF&version=13.1.50"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@siz.de/SIZCHIP,version=2.0.2.1: C:\Program Files\SIZ\SIZCHIP-Plugin\Mozilla-20\npS-Chip-Add-On-Mozilla-2021.dll (SIZ GmbH, Deutscher Sparkassen Verlag GmbH)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\HEF01\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HEF01\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HEF01\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\Digital Trends Club\ [2013.07.02 12:19:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2013.01.30 15:21:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.28 15:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.30 00:26:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F74D5734-46F5-4B16-96F0-1E7FBF41B750}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2011.12.25 22:50:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.30 00:26:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011.04.09 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\Extensions
[2011.04.09 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.29 23:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\extensions
[2013.02.27 10:52:16 | 000,000,000 | ---D | M] (Snip It! Button for eBay) -- C:\Users\HEF01\AppData\Roaming\mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\extensions\{aab35b56-0206-4472-9993-9cb5c09bb722}
[2013.04.17 21:17:01 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\HEF01\AppData\Roaming\mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\extensions\fb_add_on@avm.de
[2013.05.09 20:15:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\HEF01\AppData\Roaming\mozilla\firefox\profiles\xxhc2iuc.default-1361923398100\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.23 18:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.23 18:39:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.23 18:39:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.23 18:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.23 18:39:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.02 12:19:26 | 000,000,000 | ---D | M] (Digital Trends Club) -- C:\PROGRAM FILES\DIGITAL TRENDS CLUB

O1 HOSTS File: ([2013.07.02 02:30:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Digital Trends Club) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Digital Trends Club\Gacela2.dll (HI-epanel)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HI-epanel-WatchDog] C:\Program Files\HI-epanelLSPService\HI-epanel-WatchDog.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [Samsung Link] C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe (Samsung Electronics)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [Akamai NetSession Interface] C:\Users\HEF01\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [SkyDrive] C:\Users\HEF01\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSync.exe (SugarSync, Inc.)
O4 - Startup: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HEF01\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Key-Organizer Fristenprüfung.lnk = C:\Program Files\AIDeX\KeyOrganizer\KeyOrganizer.exe (Aidex GmbH)
O4 - Startup: C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\HEF01\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Über Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Digital Trends Club\Gacela2.dll (HI-epanel)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\HI-epanelLSPService.DLL (HI-epanel)
O15 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-713427250-3853926042-2103360380-1005\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/...utoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.178.36/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B124AEFE-892C-45A4-BB75-ED6063CFEE11}: DhcpNameServer = 212.166.210.80 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\System32\SSCbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.07.02 03:01:31 | 000,012,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2013.07.02 02:35:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.07.02 01:50:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.02 01:50:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.02 01:50:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.02 01:46:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.30 23:55:44 | 000,000,000 | ---D | C] -- C:\Users\HEF01\Documents\Mein SugarSync
[2013.06.30 23:50:37 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Local\SugarSync
[2013.06.30 23:50:29 | 000,225,024 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\SSCbFsNetRdr3.dll
[2013.06.30 23:50:29 | 000,159,488 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\SSCbFsMntNtf3.dll
[2013.06.30 23:47:02 | 000,295,936 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\sscbfs3.sys
[2013.06.30 23:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2013.06.30 00:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.06.22 17:22:38 | 000,000,000 | ---D | C] -- C:\Users\HEF01\Desktop\Virus_Trojan
[2013.06.22 17:19:49 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.22 17:19:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.22 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\HEF01\Desktop\Klinik
[2013.06.19 22:13:25 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Finanz
[2013.06.19 22:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\SEPA Account Converter
[2013.06.15 12:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.15 11:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ITN Converter
[2013.06.15 11:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\ITN Converter
[2013.06.15 00:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.06.14 23:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.06.14 23:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2013.06.14 23:38:39 | 000,000,000 | ---D | C] -- C:\Upload
[2013.06.14 23:38:08 | 000,000,000 | ---D | C] -- C:\Samsung Link
[2013.06.14 23:38:08 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.06.14 21:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2013.06.14 21:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\SDistTest
[2013.06.14 09:39:49 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.14 09:39:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.14 09:30:16 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.14 09:30:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.14 09:30:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.06.14 09:30:14 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.14 09:30:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.06.14 09:30:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.14 09:30:14 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.06.14 09:30:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.06.12 19:45:28 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.06.12 19:45:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.12 19:45:10 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 19:45:10 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 19:44:59 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.12 19:44:59 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.02 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\AVM
[2013.06.02 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
[2013.06.02 21:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!Fernzugang einrichten
[2013.06.02 21:23:53 | 000,000,000 | ---D | C] -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
[2013.06.02 21:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVM
[2013.06.02 21:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!Fernzugang
[2013.06.02 21:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.02 12:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.02 12:03:39 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.02 12:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.02 11:36:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005UA.job
[2013.07.02 09:57:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.02 03:02:48 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.02 03:02:48 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.02 03:02:48 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.02 03:02:48 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.02 03:01:32 | 000,012,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2013.07.02 02:41:54 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 02:41:54 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 02:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005Core.job
[2013.07.02 02:33:18 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.07.02 02:33:11 | 2406,219,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.02 02:30:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.30 23:55:45 | 000,000,786 | ---- | M] () -- C:\Users\HEF01\Desktop\Mein SugarSync.lnk
[2013.06.30 23:50:31 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013.06.30 22:45:48 | 000,000,000 | -H-- | M] () -- C:\Users\HEF01\Documents\Default.rdp
[2013.06.27 20:04:08 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.06.23 00:32:26 | 000,000,870 | ---- | M] () -- C:\Windows\wiso.ini
[2013.06.22 17:19:22 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.06.22 17:19:21 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.06.22 17:19:21 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.06.22 17:19:21 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.06.22 17:19:21 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.06.22 17:19:21 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.06.22 17:12:31 | 353,889,239 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.21 01:00:59 | 000,011,489 | ---- | M] () -- C:\Users\HEF01\gsview32.ini
[2013.06.19 22:13:26 | 000,002,102 | ---- | M] () -- C:\Users\HEF01\Desktop\SEPA Account Converter.lnk
[2013.06.15 11:08:10 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\ITN Converter.lnk
[2013.06.12 09:07:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 09:07:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.12 09:07:09 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013.06.09 17:01:51 | 000,001,064 | ---- | M] () -- C:\Users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.09 17:01:41 | 000,001,032 | ---- | M] () -- C:\Users\HEF01\Desktop\Dropbox.lnk
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.02 21:45:10 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]