Bettersurf 1.0 ==> Bettersurf 1.1 ==> Webexp enhanced ==> PC spinnt

#1 vor einigen Wochen (Mitte November...also zu dem Zeitpunkt wo auch die ersten Googleergebnisse dazu auftauchten...denke mal 14.11 bis 16.11 war das) war mir nach einem automatischen Firefoxupdate aufgefallen das sich das Addon Bettersurf 1.0 mitinstalliert hatte...hab es damals deaktiviert und einige Zeit Ruhe...dann kamen nach ein paar Tagen auch Windows- und Firefoxupdates die Bettersurf anscheinend ganz entfernten....nach einigen Tagen/Wochen viel mir dann wieder auf das Adblock wieder Werbung blockierte wie damals bei Bettersurf 1.0...und in meinen Addons fand ich Bettersurf 1.1 auf einmal wieder installiert...wieder deaktiviert...wieder kamen diverse Windows und Firefoxupdates...und wieder folgte eine Zeit der Ruhe....nun habe ich seit ein paar Tagen Webexp enhanced als Addon bei Firefox...wieder deaktiviert bei Firefox...und jetzt reicht es mir! Virenscanner hatte die letzten Tage auch 2/3 Funde...ich hab das Gefühl Bettersurf 1.0 hat irgendeine Schwachstelle genutzt und bei mir eine Art Backdoorzugang erstellt durch das sich immer wieder etwas installieren kann bei mir

daher würde ich gerne mein System von euch überprüfen lassen...evtl sind noch Reste von Bettersurf 1.0 oder 1.1 drauf...Webexp enhanced ist momentan auch nur deaktiviert und noch nicht entfernt...und ständig will Windows bei mir Updates machen! Zudem halt die Funde von Avira Free Antivirus in meiner Quarantäne

Code

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-26 21:52:24
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PB3Z 298,09GB
Running: qy2e5jwg.exe; Driver: C:\Users\THEINC~1\AppData\Local\Temp\kxldqpod.sys


---- System - GMER 2.1 ----

SSDT    92856B46                                                                                                            ZwCreateSection
SSDT    92856B50                                                                                                            ZwRequestWaitReplyPort
SSDT    92856B4B                                                                                                            ZwSetContextThread
SSDT    92856B55                                                                                                            ZwSetSecurityObject
SSDT    92856B5A                                                                                                            ZwSystemDebugControl
SSDT    92856AE7                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text   ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                            82C54A15 1 Byte  [06]
.text   ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82C8E212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text   ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                 82C9558C 4 Bytes  [46, 6B, 85, 92]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                 82C958E8 4 Bytes  [50, 6B, 85, 92]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                 82C9592C 4 Bytes  [4B, 6B, 85, 92]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                 82C959A8 4 Bytes  [55, 6B, 85, 92]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                 82C959FC 4 Bytes  JMP 856B5A82 
.text   ...                                                                                                                 
?       System32\Drivers\spua.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 2.1 ----

.text   C:\Program Files\Real\RealPlayer\update\realsched.exe[18748] kernel32.dll!SetUnhandledExceptionFilter               760CF4EB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text   C:\Program Files\Mozilla Firefox\firefox.exe[24148] ntdll.dll!LdrGetProcedureAddress + 26                           76F722A9 7 Bytes  JMP 5A79B780 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[24148] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                   760C941E 7 Bytes  JMP 5AFD6EDA C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[24148] kernel32.dll!QueryPerformanceCounter + 13                       760CC425 7 Bytes  JMP 5AFD6EFD C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[24148] kernel32.dll!LoadAppInitDlls + 355                              760CF4E6 7 Bytes  JMP 5A7A0836 C:\Program Files\Mozilla Firefox\xul.dll
.text   C:\Program Files\Mozilla Firefox\firefox.exe[24148] GDI32.dll!GetViewportOrgEx + 26C                                7671884B 7 Bytes  JMP 5AFD6E5B C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

Device  \FileSystem\Ntfs \Ntfs                                                                                              84E341F8
Device  \Driver\volmgr \Device\VolMgrControl                                                                                84E301F8
Device  \Driver\usbuhci \Device\USBPDO-0                                                                                    86C4D500
Device  \Driver\NetBT \Device\NetBT_Tcpip_{05BD45D4-E5D1-4FD0-99C2-ED6C6EA13E81}                                            8697C1F8
Device  \Driver\usbuhci \Device\USBPDO-1                                                                                    86C4D500
Device  \Driver\usbuhci \Device\USBPDO-2                                                                                    86C4D500
Device  \Driver\usbehci \Device\USBPDO-3                                                                                    869A4500
Device  \Driver\usbuhci \Device\USBPDO-4                                                                                    86C4D500
Device  \Driver\sptd \Device\3690744841                                                                                     spua.sys
Device  \Driver\usbuhci \Device\USBPDO-5                                                                                    86C4D500
Device  \Driver\NetBT \Device\NetBT_Tcpip_{8AC10D96-6C44-4A42-AA74-78103A3C31D0}                                            8697C1F8
Device  \Driver\usbuhci \Device\USBPDO-6                                                                                    86C4D500
Device  \Driver\volmgr \Device\HarddiskVolume1                                                                              84E301F8
Device  \Driver\usbehci \Device\USBPDO-7                                                                                    869A4500
Device  \Driver\volmgr \Device\HarddiskVolume2                                                                              84E301F8
Device  \Driver\NetBT \Device\NetBT_Tcpip_{1DF61C56-90FE-4DDD-AAD2-48F95A79CF26}                                            8697C1F8
Device  \Driver\cdrom \Device\CdRom0                                                                                        868FF1F8
Device  \Driver\iaStor \Device\Ide\iaStor0                                                                                  [88CF6360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device  \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                       [88CF6360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device  \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                       [88CF6360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device  \Driver\volmgr \Device\HarddiskVolume3                                                                              84E301F8
Device  \Driver\cdrom \Device\CdRom1                                                                                        868FF1F8
Device  \Driver\volmgr \Device\HarddiskVolume4                                                                              84E301F8
Device  \Driver\USBSTOR \Device\00000080                                                                                    8696D1F8
Device  \Driver\volmgr \Device\HarddiskVolume5                                                                              84E301F8
Device  \Driver\USBSTOR \Device\00000081                                                                                    8696D1F8
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8697C1F8
Device  \Driver\PCI_PNP0839 \Device\0000005c                                                                                spua.sys
Device  \Driver\usbuhci \Device\USBFDO-0                                                                                    86C4D500
Device  \Driver\usbuhci \Device\USBFDO-1                                                                                    86C4D500
Device  \Driver\usbuhci \Device\USBFDO-2                                                                                    86C4D500
Device  \Driver\usbehci \Device\USBFDO-3                                                                                    869A4500
Device  \Driver\usbuhci \Device\USBFDO-4                                                                                    86C4D500
Device  \Driver\usbuhci \Device\USBFDO-5                                                                                    86C4D500
Device  \Driver\usbuhci \Device\USBFDO-6                                                                                    86C4D500
Device  \Driver\usbehci \Device\USBFDO-7                                                                                    869A4500
Device  \Driver\aezsrbte \Device\Scsi\aezsrbte1Port1Path0Target0Lun0                                                        84EA1348
Device  \Driver\aezsrbte \Device\Scsi\aezsrbte1                                                                             84EA1348

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x84 0xF7 0x64 0x7B ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x14 0xE1 0x84 0xC7 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x80 0xEB 0x31 0xE4 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x84 0xF7 0x64 0x7B ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x14 0xE1 0x84 0xC7 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x80 0xEB 0x31 0xE4 ...

---- EOF - GMER 2.1 ----

#2 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop
32-Bit http://filepony.de/download-frst/
64-Bit http://filepony.de/download-frst64/

Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread
__________
MfG Argus

#3

Code

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-12-2013
Ran by TheIncredible (administrator) on CHRIS on 27-12-2013 09:20:48
Running from C:\Users\TheIncredible\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\DefaultTab\DefaultTabSearch.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(XemiComputers ltd.) C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
() C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Sun Microsystems, Inc.) C:\Program Files\Gomez\GomezPEER\jre\bin\java.exe
() C:\Program Files\1&1 Surf-Stick\UIMain.exe
() C:\Program Files\1&1 Surf-Stick\CMUpdater.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1047656 2011-07-06] (Malwarebytes Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [UIExec] - C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-12-08] ()
HKLM\...\Run: [MAgent] - C:\Program Files\Mail.Ru\Agent\magent.exe [22057576 2012-06-06] (Mail.Ru)
HKLM\...\Run: [AlterGeoUpdater] - C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe [27680 2012-02-06] (AlterGeo)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [296096 2012-08-12] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [PrivitizeVPN] - C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe [196784 2013-02-25] (OOO Industry)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [Active Desktop Calendar] - C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [7099904 2010-12-15] (XemiComputers ltd.)
HKCU\...\Run: [Google Update] - C:\Users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-03] (Google Inc.)
HKCU\...\Run: [AlterGeoUpdater] - C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe [29696 2013-01-28] (AlterGeo)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableTskMgr] 0
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Speed Streamer\SpeedStreamer.dll [ 2013-12-26] ()
Startup: C:\Users\TheIncredible\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KillSkypeHome.lnk
ShortcutTarget: KillSkypeHome.lnk -> C:\Users\TheIncredible\Videos\KillSkypeHome.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=66db00b9-d18b-11e0-bde1-88ae1d2a429b
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKCU - QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\TheIncredible\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
SearchScopes: HKLM - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM - {18B120A6-F1F7-4787-BE5E-72BC5B2373DB} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {12F319B3-B6C4-43BE-8BA4-7F0A03BAF8A1} URL = http://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {2648C4AA-62ED-4E4B-B6B6-B182C2CB2DE3} URL = http://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: BetterSurf - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files\BetterSurf\ie\BetterSurf.dll No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AlterGeoBHO Class - {9BFBA68E-E21B-458E-AE12-FE85E903D2C0} - C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5loc.dll No File
BHO: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\TheIncredible\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: KeyDownload Class - {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files\KeyDownload-Addon\KeyDownload.dll (KeyDownload)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2AC3FF3A-1D67-420A-B694-C78CF909DD0E}: [NameServer]139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\TheIncredible\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\TheIncredible\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\TheIncredible\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\TheIncredible\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\battlefieldplay4free@ea.com
FF Extension: A Mystical Land Installer - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\MysticalLandInstaller@madottergames.com
FF Extension: D2N Agent - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\d2nagent@isaaclw.com.xpi
FF Extension: Die2nite map tool updater - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\die2nitemapupdater@rjdown.co.uk.xpi
FF Extension: Imgur Uploader - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\giorgio@gilestro.tk.xpi
FF Extension: Adblock Plus - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Greasemonkey - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff
FF HKLM\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files\Better-Surf\ff
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha510.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff
FF Extension: Webexp Enhanced - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: ""
CHR Extension: (DefaultTab) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0
CHR Extension: (vshare plugin) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0
CHR Extension: (A Mystical Land Installer) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbokbdciknlbddfbblcochmpkilgddb\1.0.0.10_0
CHR Extension: (Skype Click to Call) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0
CHR Extension: (HTML5 location provider) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgcieglcpdegkhamigiokdphfhhnlhh\3.6.2_0
CHR Extension: (Google Wallet) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Webexp Enhanced) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbnadgnhhkoohnkddbceoldfibijgpk\1.1_0
CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nhgcieglcpdegkhamigiokdphfhhnlhh] - C:\Program Files\AlterGeo\Html5 geolocation provider\altergeo.crx
CHR HKLM\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx
CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 d458591c; C:\ProgramData\Speed Streamer\SpeedStreamerSvc.dll [178000 2013-12-26] ()
R2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [574464 2013-12-20] ()
S3 npggsvc; C:\windows\system32\GameMon.des [3890920 2010-06-17] (INCA Internet Co., Ltd.)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76888 2012-04-22] ()
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-06-02] ()
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U3 aezsrbte; C:\Windows\System32\Drivers\aezsrbte.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\THEINC~1\AppData\Local\Temp\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S0 sr; System32\DRIVERS\sr.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]
U3 kxldqpod; \??\C:\Users\THEINC~1\AppData\Local\Temp\kxldqpod.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 09:20 - 2013-12-27 09:21 - 00022234 _____ C:\Users\TheIncredible\Downloads\FRST.txt
2013-12-27 09:19 - 2013-12-27 09:19 - 01061649 _____ (Farbar) C:\Users\TheIncredible\Downloads\FRST.exe
2013-12-27 09:19 - 2013-12-27 09:19 - 00000000 ____D C:\FRST
2013-12-26 21:52 - 2013-12-26 21:52 - 00013021 _____ C:\Users\TheIncredible\Downloads\GMER.log
2013-12-26 21:32 - 2013-12-26 21:32 - 00377856 _____ C:\Users\TheIncredible\Downloads\qy2e5jwg.exe
2013-12-26 21:28 - 2013-12-26 21:30 - 00120944 _____ C:\Users\TheIncredible\Downloads\OTL.Txt
2013-12-26 21:11 - 2013-12-26 21:11 - 00000000 ____D C:\ProgramData\Speed Streamer
2013-12-26 21:09 - 2013-12-26 21:09 - 00602112 _____ (OldTimer Tools) C:\Users\TheIncredible\Downloads\OTL.exe
2013-12-23 09:32 - 2013-12-23 09:32 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\TheIncredible\Downloads\GyazoSetup.exe
2013-12-21 12:11 - 2013-12-21 12:11 - 00000000 ____D C:\Program Files\WebexpEnhancedV1
2013-12-12 03:22 - 2013-12-12 11:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-12 00:56 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 00:56 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 00:55 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 00:55 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-12 00:55 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 00:55 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 00:55 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 00:54 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 00:54 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 00:54 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 00:54 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 00:54 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-11 12:03 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 12:03 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 12:03 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 12:03 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 11:47 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 11:47 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 11:47 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 11:47 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 11:47 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 11:45 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 11:45 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-10 12:13 - 2013-12-21 13:03 - 00000000 ____D C:\Program Files\BetterSurf
2013-12-10 03:02 - 2013-12-27 03:01 - 00079308 _____ C:\windows\IE11_main.log
2013-12-09 20:06 - 2013-12-09 20:07 - 00000000 ____D C:\Program Files\QuickTime
2013-12-09 20:06 - 2013-12-09 20:06 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-09 17:44 - 2013-12-09 17:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-09 17:44 - 2013-12-09 17:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-09 17:44 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-12-09 17:44 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-12-09 17:44 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-12-09 17:44 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-12-09 17:42 - 2013-12-09 17:44 - 00004943 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-12-04 07:38 - 2013-12-04 07:38 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\Sony Online Entertainment
2013-12-04 01:58 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-12-04 01:58 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-12-04 01:58 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-12-04 01:58 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-12-04 01:58 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-12-04 01:58 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-12-04 01:58 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-12-04 01:58 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-12-04 01:58 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-12-04 01:58 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-12-04 01:58 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-12-04 01:58 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-12-04 01:58 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-12-04 01:58 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-12-04 01:58 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-12-04 01:58 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-12-04 01:58 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-12-04 01:58 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-27 09:21 - 2013-12-27 09:20 - 00022234 _____ C:\Users\TheIncredible\Downloads\FRST.txt
2013-12-27 09:19 - 2013-12-27 09:19 - 01061649 _____ (Farbar) C:\Users\TheIncredible\Downloads\FRST.exe
2013-12-27 09:19 - 2013-12-27 09:19 - 00000000 ____D C:\FRST
2013-12-27 08:44 - 2011-08-03 10:24 - 00001152 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000UA.job
2013-12-27 08:33 - 2012-06-06 12:23 - 00000354 _____ C:\windows\Tasks\AlterGeoUpdaterS-1-5-18.job
2013-12-27 08:26 - 2012-04-29 11:34 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 07:58 - 2010-06-02 14:52 - 01628822 _____ C:\windows\WindowsUpdate.log
2013-12-27 07:08 - 2013-02-25 21:47 - 00000388 _____ C:\windows\Tasks\AmiUpdXp.job
2013-12-27 03:01 - 2013-12-10 03:02 - 00079308 _____ C:\windows\IE11_main.log
2013-12-26 21:52 - 2013-12-26 21:52 - 00013021 _____ C:\Users\TheIncredible\Downloads\GMER.log
2013-12-26 21:32 - 2013-12-26 21:32 - 00377856 _____ C:\Users\TheIncredible\Downloads\qy2e5jwg.exe
2013-12-26 21:30 - 2013-12-26 21:28 - 00120944 _____ C:\Users\TheIncredible\Downloads\OTL.Txt
2013-12-26 21:11 - 2013-12-26 21:11 - 00000000 ____D C:\ProgramData\Speed Streamer
2013-12-26 21:11 - 2013-02-25 21:48 - 00000000 ____D C:\Program Files\MagniPic
2013-12-26 21:11 - 2011-03-02 01:01 - 01131008 ___SH C:\Users\TheIncredible\Downloads\Thumbs.db
2013-12-26 21:09 - 2013-12-26 21:09 - 00602112 _____ (OldTimer Tools) C:\Users\TheIncredible\Downloads\OTL.exe
2013-12-26 21:01 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 21:01 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 17:44 - 2011-08-03 10:24 - 00001100 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000Core.job
2013-12-26 13:30 - 2011-08-03 10:44 - 00001022 _____ C:\windows\Tasks\Google Software Updater.job
2013-12-25 20:59 - 2010-10-15 23:10 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\TS3Client
2013-12-25 20:58 - 2010-12-12 21:38 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\Skype
2013-12-25 03:48 - 2012-04-11 06:54 - 00000388 _____ C:\windows\Tasks\QIPdater 2012.job
2013-12-25 03:44 - 2010-12-17 08:25 - 00000432 _____ C:\windows\system32\Drivers\etc\hosts.ics
2013-12-25 03:42 - 2013-07-28 13:00 - 00002408 _____ C:\windows\setupact.log
2013-12-25 03:42 - 2011-04-20 10:28 - 00000336 _____ C:\windows\Tasks\qipdater.exe.job
2013-12-25 03:42 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-23 09:33 - 2011-12-11 00:29 - 00000944 _____ C:\Users\Public\Desktop\Gyazo.lnk
2013-12-23 09:33 - 2011-12-11 00:29 - 00000000 ____D C:\Program Files\Gyazo
2013-12-23 09:32 - 2013-12-23 09:32 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\TheIncredible\Downloads\GyazoSetup.exe
2013-12-22 12:19 - 2013-02-25 21:47 - 00000000 ____D C:\Program Files\DefaultTab
2013-12-21 13:03 - 2013-12-10 12:13 - 00000000 ____D C:\Program Files\BetterSurf
2013-12-21 12:19 - 2013-11-15 22:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-21 12:19 - 2012-05-04 07:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 12:11 - 2013-12-21 12:11 - 00000000 ____D C:\Program Files\WebexpEnhancedV1
2013-12-17 16:28 - 2013-08-02 21:29 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-17 16:28 - 2012-07-09 16:58 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-17 16:28 - 2012-07-09 16:58 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-15 14:48 - 2013-07-28 12:59 - 00402562 _____ C:\windows\PFRO.log
2013-12-13 17:01 - 2011-06-05 00:37 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\.minecraft
2013-12-12 11:42 - 2013-12-12 03:22 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-12 05:45 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-12-12 01:36 - 2010-05-01 06:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-12 01:30 - 2009-07-14 05:33 - 00281424 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-12 01:28 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-12-12 01:02 - 2013-07-21 02:03 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 00:57 - 2010-10-14 14:00 - 88123800 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-11 21:26 - 2012-04-29 11:34 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-12-11 21:26 - 2011-05-19 15:51 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-09 20:07 - 2013-12-09 20:06 - 00000000 ____D C:\Program Files\QuickTime
2013-12-09 20:06 - 2013-12-09 20:06 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-09 17:58 - 2011-08-03 11:03 - 00002397 _____ C:\Users\TheIncredible\Desktop\Google Chrome.lnk
2013-12-09 17:44 - 2013-12-09 17:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-09 17:44 - 2013-12-09 17:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-09 17:44 - 2013-12-09 17:42 - 00004943 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-12-09 17:44 - 2010-10-13 21:56 - 00000000 ____D C:\Program Files\Java
2013-12-09 17:40 - 2010-10-15 17:37 - 00000000 ___DC C:\Users\TheIncredible\AppData\Local\Adobe
2013-12-04 18:06 - 2013-07-28 09:54 - 00000000 ____D C:\Program Files\Villagers and Heroes
2013-12-04 07:38 - 2013-12-04 07:38 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\Sony Online Entertainment
2013-11-28 16:21 - 2011-01-15 13:59 - 00004643 _____ C:\Users\TheIncredible\Desktop\Ablage.txt

Some content of TEMP:
====================
C:\Users\TheIncredible\AppData\Local\Temp\avgnt.exe
C:\Users\TheIncredible\AppData\Local\Temp\DivXSetup.exe
C:\Users\TheIncredible\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\TheIncredible\AppData\Local\Temp\Uninstaller-1616.exe
C:\Users\TheIncredible\AppData\Local\Temp\Uninstaller-2372.exe
C:\Users\TheIncredible\AppData\Local\Temp\Uninstaller-3140.exe
C:\Users\TheIncredible\AppData\Local\Temp\Uninstaller-3276.exe
C:\Users\TheIncredible\AppData\Local\Temp\Uninstaller-4084.exe
C:\Users\TheIncredible\AppData\Local\Temp\Uninstaller-4360.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 05:33

==================== End Of Log ============================

Code

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-12-2013
Ran by TheIncredible at 2013-12-27 09:22:35
Running from C:\Users\TheIncredible\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1&1 Surf-Stick (Version: 1.0.0.2)
2mmBerechner (HKCU Version: 1.0.0.2)
Active Desktop Calendar 7.94
Adobe AIR (Version: 3.3.0.3650)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05)
Age of Wulin (Version: 0.0.1.011)
ALPS Touch Pad Driver
ANSTOSS 3
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
applicationupdater
Audacity 1.3.13 (Unicode)
Avira Free Antivirus (Version: 14.0.2.286)
Battlefield Heroes
Battlefield Play4Free (PTE)
BitTorrent (Version: 7.1.0)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
CCleaner (Version: 4.04)
Combined Community Codec Pack 2010-10-10 (Version: 2010.10.10.0)
Conexant HD Audio (Version: 4.119.0.60)
Crazy TV v1.3
CreepSmash.com
D3DX10 (Version: 15.4.2368.0902)
DefaultTab (Version: 2.2.3.0) <==== ATTENTION
DefaultTab Chrome (Version: 1.1.25) <==== ATTENTION
DivX-Setup (Version: 2.6.1.84)
ElsterFormular für Privatanwender und Unternehmer (Version: 11.5.3.5585)
Energy Management (Version: 4.3.1.5)
FlashFXP v4.2 (Version: 4.2.5.1813)
Fraps (remove only)
GomezPEER (Version: 3.2)
Google Chrome (HKCU Version: 31.0.1650.63)
Google Updater (Version: 2.4.2432.1652)
Gyazo 2.0.2
Html5 geolocation provider (Version: 3.5.0.849)
HyperSnap 7 (Version: 7.17.00)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java(TM) 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 15.4.3502.0922)
Kalydo Player 4.03.00 (HKCU Version: 4.03.00)
KeyDownload (Version: 1.0.0.0)
Lands of Lore III
MagniPic (Version: 1.0)
Mail.Ru Agent 6.0 (build 5680, for all users) <==== ATTENTION
Malwarebytes' Anti-Malware Version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Application Compatibility Database
Minecraft 1.4.5
Minecraft Cracked (Version: 1.4.7)
mIRC (Version: 7.19)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
Mozilla Thunderbird 24.2.0 (x86 de) (Version: 24.2.0)
MSVCRT (Version: 15.4.2862.0708)
Mumble 1.2.4 (Version: 1.2.4)
Neffy 1,3,29,0 (Version: 1,3,29,0)
Overwolf (Version: 0.44.256)
P4FCC (HKCU Version: 2.0.0.6)
PlanetSide 2 Beta
PrivitizeVPN (Version: 1.0.0)
PunkBuster Services (Version: 0.990)
QIP 2010 5768 Jeak-Edition (Version: 3.0.5768)
QIP 2012 4.0.7221 (HKCU Version: 4.0.7221)
QIP 2012 7221 Jeak-Edition (Version: 4.0.7221)
QuickTime (Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
RealUpgrade 1.1 (Version: 1.1.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 6.7 (Version: 6.7.102)
Software Version Updater (Version: 1.1.3.6) <==== ATTENTION
SopCast 3.2.9 (Version: 3.2.9)
Spark 2.6.0.12343
Speed Streamer
System Requirements Lab CYRI (Version: 4.5.1.0)
TeamSpeak 3 Client (Version: 3.0.13.1)
TeamViewer 7 (Version: 7.0.15723)
TweetDeck (Version: 0.38.1)
Unity Web Player (HKCU Version: 2.6.1f3_31223)
Update for Html5 geolocation provider (Version: 3.5.5.872)
Update for Html5 geolocation provider (Version: 3.6.2.901)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV (Version: 0.9.18)
Villagers and Heroes (Version: 27351)
Virtual Villagers - New Believers Just For Fun Games
Virtual Villagers 4 - The Tree of Life (Version: 1.0)
Virtual Villagers The Secret City
VLC media player 1.1.11 (Version: 1.1.11)
vShare.tv plugin 1.3 (Version: 1.3) <==== ATTENTION
Webexp Enhanced (Version: 1.1)
Westwood Gemeinsam benutzte Internet-Komponenten
Winamp (Version: 5.621 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR
Worms2

==================== Restore Points  =========================

22-12-2013 02:00:33 Windows Update
23-12-2013 02:00:21 Windows Update
23-12-2013 10:46:46 Windows Update
24-12-2013 02:00:28 Windows Update
24-12-2013 02:42:31 Windows Update
25-12-2013 02:00:17 Windows Update
26-12-2013 02:00:31 Windows Update
26-12-2013 20:15:13 OTL Restore Point - 26.12.2013 21:15:11
27-12-2013 02:00:15 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2011-08-01 17:35 - 00000065 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
209.59.135.116 www.playforyourclub.com


==================== Scheduled Tasks (whitelisted) =============

Task: {07946E0A-05A2-4009-9D8B-11C4AF952CC2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000UA => C:\Users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {11087350-9F0B-4C3D-B5C3-A3851FF8B3DC} - System32\Tasks\{27EE7494-657B-4355-B236-AD07C24E30D0} => E:\AUTORUN\W2.EXE
Task: {13E3E86E-40D6-445D-AC66-B39D13501EF4} - System32\Tasks\AlterGeoUpdaterS-1-5-18 => C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe [2012-02-06] (AlterGeo)
Task: {1F1622D2-A7A3-4511-8A85-CC6011B22659} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13] (Microsoft Corporation)
Task: {228AD31B-BAA5-460C-A9CC-D1E02CF799C9} - System32\Tasks\{A738EBE8-9119-4FC4-8E61-3A9BE4D4E047} => C:\ANSTOSS 3\anstoss3.exe [2001-01-30] (ASCARON Software GmbH)
Task: {241A46BC-145F-4BA1-9E8E-87B963734C7D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3057453558-2748806148-3635864978-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {31C219F3-8ADD-48C1-9C8A-0F70677F4E76} - System32\Tasks\{22116563-108C-42c0-A7CE-60161B75E508} => C:\Users\TheIncredible\AppData\Local\Temp\Pbm.exe
Task: {6B24876C-6159-44ED-9486-0D11DCAD8E03} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000Core => C:\Users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {6FE619A8-3116-45AB-A812-F99527742019} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {78BEE73C-0BCF-43B7-8118-92F915ABC497} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3057453558-2748806148-3635864978-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {A723F9EF-13D2-483B-A890-FCE0DBCB1567} - System32\Tasks\AmiUpdXp => C:\Users\TheIncredible\AppData\Local\SwvUpdater\Updater.exe [2013-07-21] (Amonetize ltd.) <==== ATTENTION
Task: {B4A05432-77D5-4EAF-BD4B-3A43ADB2D6E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B6C1B963-60B6-411E-8959-A9C6E28FBCCB} - System32\Tasks\{3B566F2E-FCD3-44C5-80A2-045CF996E467} => C:\ANSTOSS 3\anstoss3.exe [2001-01-30] (ASCARON Software GmbH)
Task: {D7728A90-7F08-4B94-B297-ACCAF2D56B14} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E7BCF569-DB47-4794-9280-618AA4353A42} - System32\Tasks\QIPdater 2012 => C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qipdater.exe [2012-03-27] (Caphyon LTD)
Task: {E871AC2E-8190-40F4-8CDB-346ABFF7EC89} - System32\Tasks\qipdater.exe => C:\Program Files\jeak.de\QIP 2010\qipdater.exe [2011-07-01] (Caphyon LTD)
Task: {F4A72769-3B36-43A2-996A-A1F97E9CE336} - System32\Tasks\{B9D73CAD-8CCB-43E3-B001-A9B264E7E36F} => C:\Program Files\Skype\\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {F8AEDB2A-4C1B-4384-AD6A-9435D33BADAF} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-16] (Google)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AlterGeoUpdaterS-1-5-18.job => C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe
Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\TheIncredible\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000Core.job => C:\Users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000UA.job => C:\Users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\QIPdater 2012.job => C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qipdater.exe
Task: C:\windows\Tasks\qipdater.exe.job => C:\Program Files\jeak.de\QIP 2010\qipdater.exe

==================== Loaded Modules (whitelisted) =============

2011-04-18 15:24 - 2010-12-14 14:08 - 00035840 _____ () C:\Program Files\XemiComputers\Active Desktop Calendar\MouseHook.dll
2010-06-02 15:02 - 2008-12-20 04:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-06-02 15:02 - 2008-12-20 04:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-07-31 17:50 - 2013-07-31 17:50 - 02593168 _____ () C:\Users\TheIncredible\AppData\Local\Temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
2010-11-24 05:35 - 2013-07-31 17:50 - 00017408 _____ () C:\Program Files\Gomez\GomezPEER\jre\bin\SystemInfo.dll
2010-11-24 05:35 - 2010-11-24 05:35 - 00055808 _____ () C:\Program Files\Gomez\GomezPEER\jre\bin\ICE_JNIRegistry.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00245584 _____ () C:\Program Files\1&1 Surf-Stick\UICommonDlg.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00372048 _____ () C:\Program Files\1&1 Surf-Stick\UISkin.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00090448 _____ () C:\Program Files\1&1 Surf-Stick\Component\SysService.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00142160 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIService.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00230224 _____ () C:\Program Files\1&1 Surf-Stick\Component\BISetting.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00125264 _____ () C:\Program Files\1&1 Surf-Stick\Component\BILog.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00141648 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIDevManager.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00270672 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIDataBase.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00124752 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIConnectRecord.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00089936 _____ () C:\Program Files\1&1 Surf-Stick\Component\BICallRecord.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00095568 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIVoice.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00184144 _____ () C:\Program Files\1&1 Surf-Stick\Component\BICodec.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00152400 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIRas.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00222544 _____ () C:\Program Files\1&1 Surf-Stick\Component\BISms.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00098128 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIStk.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00095568 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIUssd.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00231760 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIConfig.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00177488 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIXml.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00175440 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIPhoneBook.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00236368 _____ () C:\Program Files\1&1 Surf-Stick\Component\BKService.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00135504 _____ () C:\Program Files\1&1 Surf-Stick\Component\BIOptimizationClient.dll
2012-03-01 12:23 - 2010-12-08 10:45 - 00699728 _____ () C:\Program Files\1&1 Surf-Stick\UIPlugIn\UISms.dll
2012-03-01 12:23 - 2010-12-08 10:45 - 00595792 _____ () C:\Program Files\1&1 Surf-Stick\UIPlugIn\UIConnectRecord.dll
2012-03-01 12:23 - 2010-12-08 10:45 - 01354064 _____ () C:\Program Files\1&1 Surf-Stick\UIPlugIn\UISetting.dll
2012-03-01 12:23 - 2010-12-08 10:45 - 00675152 _____ () C:\Program Files\1&1 Surf-Stick\UIPlugIn\UIPhoneBook.dll
2012-03-01 12:23 - 2010-12-08 10:45 - 00309584 _____ () C:\Program Files\1&1 Surf-Stick\UIPlugIn\UIStk.dll
2012-03-01 12:23 - 2010-12-08 10:45 - 00323920 _____ () C:\Program Files\1&1 Surf-Stick\UIPlugIn\UIUssd.dll
2012-03-01 12:23 - 2010-12-08 10:45 - 00564560 _____ () C:\Program Files\1&1 Surf-Stick\UIPlugIn\UIMms.dll
2012-03-01 12:22 - 2010-12-08 10:45 - 00617808 _____ () C:\Program Files\1&1 Surf-Stick\UpdateAgent.dll
2013-12-12 03:22 - 2013-12-12 03:22 - 03017840 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2013-12-12 03:22 - 2013-12-12 03:22 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-12 03:22 - 2013-12-12 03:22 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-12-26 21:11 - 2013-12-26 21:11 - 04103680 _____ () C:\ProgramData\Speed Streamer\SpeedStreamer.dll
2013-11-15 22:55 - 2013-12-20 10:30 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\TheIncredible:zylomtest
AlternateDataStreams: C:\Users\TheIncredible:zylomtr{000HQ7FF-AD7A-3FG1-J24H-293SB52ICVVE}
AlternateDataStreams: C:\Users\TheIncredible:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVJL}
AlternateDataStreams: C:\ProgramData\Temp:18BFD8F8
AlternateDataStreams: C:\ProgramData\Temp:195E9213
AlternateDataStreams: C:\ProgramData\Temp:1D60AEC3
AlternateDataStreams: C:\ProgramData\Temp:41B89F80
AlternateDataStreams: C:\ProgramData\Temp:7EE43C06
AlternateDataStreams: C:\ProgramData\Temp:84499DA6
AlternateDataStreams: C:\ProgramData\Temp:8DCF53BE
AlternateDataStreams: C:\ProgramData\Temp:926B6E7A
AlternateDataStreams: C:\ProgramData\Temp:9296EC11
AlternateDataStreams: C:\ProgramData\Temp:A243178D
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AAA14AF9
AlternateDataStreams: C:\ProgramData\Temp:D05E7A8B
AlternateDataStreams: C:\ProgramData\Temp:E06AC882
AlternateDataStreams: C:\ProgramData\Temp:E1069F99

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============

Name: G:\
Description: MMC Storage     
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: ZTE     
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2013 05:12:10 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/25/2013 01:51:13 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17f0

Startzeit: 01cf012c829b93a9

Endzeit: 764

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 3272de58-6d63-11e3-ab01-88ae1d2a429b

Error: (12/25/2013 04:56:02 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 10bc

Startzeit: 01cf011bcb024c4a

Endzeit: 890

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 71e93504-6d18-11e3-ab01-88ae1d2a429b

Error: (12/25/2013 03:23:42 AM) (Source: Application Hang) (User: )
Description: Programm AML.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4734

Startzeit: 01cf011718c8ab2d

Endzeit: 60000

Anwendungspfad: C:\Program Files\Villagers and Heroes\AMysticalLandSAC\AML.exe

Berichts-ID: 5b2ee177-6d0b-11e3-931c-88ae1d2a429b

Error: (12/25/2013 00:37:42 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/24/2013 07:28:22 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 195c

Startzeit: 01cf00708e0928e3

Endzeit: 70

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 8f04233b-6c64-11e3-931c-88ae1d2a429b

Error: (12/24/2013 07:22:38 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bd4

Startzeit: 01cf0063fe55f605

Endzeit: 95

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: c17ac7a1-6c63-11e3-931c-88ae1d2a429b

Error: (12/24/2013 06:43:05 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/23/2013 11:57:14 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0, Zeitstempel: 0x52b3b87c
Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version: 0.0.0.0, Zeitstempel: 0x52b3b87c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002c80
ID des fehlerhaften Prozesses: 0x6f8
Startzeit der fehlerhaften Anwendung: 0xDefaultTabSearch.exe0
Pfad der fehlerhaften Anwendung: DefaultTabSearch.exe1
Pfad des fehlerhaften Moduls: DefaultTabSearch.exe2
Berichtskennung: DefaultTabSearch.exe3

Error: (12/23/2013 11:37:52 AM) (Source: Application Hang) (User: )
Description: Programm AML.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a04

Startzeit: 01ceffc5f06d5b10

Endzeit: 60000

Anwendungspfad: C:\Program Files\Villagers and Heroes\AMysticalLandSAC\AML.exe

Berichts-ID: 0b6e523a-6bbe-11e3-8f6b-88ae1d2a429b


System errors:
=============
Error: (12/27/2013 03:02:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7

Error: (12/26/2013 09:53:37 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (12/26/2013 03:05:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7

Error: (12/25/2013 03:43:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/25/2013 03:43:55 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Gatewaydienst auf Anwendungsebene erreicht.

Error: (12/25/2013 03:43:23 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sr

Error: (12/25/2013 03:02:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 für Windows 7

Error: (12/24/2013 05:20:37 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (12/24/2013 04:02:08 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (12/24/2013 04:01:39 AM) (Source: ipnathlp) (User: )
Description: 192.168.1.100192.168.137.0255.255.255.0


Microsoft Office Sessions:
=========================
Error: (12/26/2013 05:12:10 AM) (Source: SideBySide)(User: )
Description: c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (12/25/2013 01:51:13 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.508717f001cf012c829b93a9764C:\Program Files\Mozilla Firefox\firefox.exe3272de58-6d63-11e3-ab01-88ae1d2a429b

Error: (12/25/2013 04:56:02 AM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.508710bc01cf011bcb024c4a890C:\Program Files\Mozilla Firefox\firefox.exe71e93504-6d18-11e3-ab01-88ae1d2a429b

Error: (12/25/2013 03:23:42 AM) (Source: Application Hang)(User: )
Description: AML.exe0.0.0.0473401cf011718c8ab2d60000C:\Program Files\Villagers and Heroes\AMysticalLandSAC\AML.exe5b2ee177-6d0b-11e3-931c-88ae1d2a429b

Error: (12/25/2013 00:37:42 AM) (Source: SideBySide)(User: )
Description: c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (12/24/2013 07:28:22 AM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087195c01cf00708e0928e370C:\Program Files\Mozilla Firefox\firefox.exe8f04233b-6c64-11e3-931c-88ae1d2a429b

Error: (12/24/2013 07:22:38 AM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087bd401cf0063fe55f60595C:\Program Files\Mozilla Firefox\firefox.exec17ac7a1-6c63-11e3-931c-88ae1d2a429b

Error: (12/24/2013 06:43:05 AM) (Source: SideBySide)(User: )
Description: c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (12/23/2013 11:57:14 AM) (Source: Application Error)(User: )
Description: DefaultTabSearch.exe0.0.0.052b3b87cDefaultTabSearch.exe0.0.0.052b3b87cc000000500002c806f801ceffcdb3849a16C:\Program Files\DefaultTab\DefaultTabSearch.exeC:\Program Files\DefaultTab\DefaultTabSearch.exefa6a7a06-6bc0-11e3-93a0-88ae1d2a429b

Error: (12/23/2013 11:37:52 AM) (Source: Application Hang)(User: )
Description: AML.exe0.0.0.0a0401ceffc5f06d5b1060000C:\Program Files\Villagers and Heroes\AMysticalLandSAC\AML.exe0b6e523a-6bbe-11e3-8f6b-88ae1d2a429b


==================== Memory info =========================== 

Percentage of memory in use: 66%
Total physical RAM: 2008.6 MB
Available physical RAM: 675.43 MB
Total Pagefile: 4587.63 MB
Available Pagefile: 2490.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:252.89 GB) (Free:44.88 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4E841145)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=253 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================

#4 Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:

DefaultTab
DefaultTab Chrome
Mail.Ru Agent 6.0
vShare.tv plugin 1.3

Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.


AdwCleaner
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
Klicke nun auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Junkware Removal Tool
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Downloade Dir bitte Junkware Removal Tool auf deinen Desktop.

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen und mit dem Scan beginnen.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Malwarebytes Anti-Malware
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere - Vollständigen Suchlauf Durchführen
drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden
__________
MfG Argus

#5 Mail.ru Agent war nen gewünschtes Programm...wollte ich jetzt eigentlich nicht deinstalieren, aber hat AdwCleaner ja jetzt erledigt:

Code

# AdwCleaner v3.016 - Bericht erstellt am 27/12/2013 um 12:33:10
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : TheIncredible - CHRIS
# Gestartet von : C:\Users\TheIncredible\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\clsoft ltd
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyDownload
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mail.Ru
Ordner Gelöscht : C:\Program Files\BetterSurf
Ordner Gelöscht : C:\Program Files\KeyDownload-Addon
Ordner Gelöscht : C:\Program Files\MagniPic
Ordner Gelöscht : C:\Program Files\Mail.Ru
Ordner Gelöscht : C:\Users\TheIncredible\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\TheIncredible\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\TheIncredible\AppData\LocalLow\Mail.Ru
Ordner Gelöscht : C:\Users\TheIncredible\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Ordner Gelöscht : C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\TheIncredible\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll 
Datei Gelöscht : C:\windows\Tasks\AmiUpdXp.job
Datei Gelöscht : C:\windows\System32\Tasks\AmiUpdXp

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A723F9EF-13D2-483B-A890-FCE0DBCB1567}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A723F9EF-13D2-483B-A890-FCE0DBCB1567}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8AEDB2A-4C1B-4384-AD6A-9435D33BADAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\KeyDownload.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mcedit_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mcedit_RASMANCS
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AlterGeoUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7DDBC31B-22BD-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1EA4179-A319-4C6A-A3E5-67FF3592A12E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\KeyDownload
Schlüssel Gelöscht : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\KeyDownload
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyDownload
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16750

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\prefs.js ]

Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ Datei : C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11440 octets] - [27/12/2013 12:31:07]
AdwCleaner[S0].txt - [11276 octets] - [27/12/2013 12:33:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11337 octets] ##########

Code

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by TheIncredible on 27.12.2013 at 12:43:19,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{12F319B3-B6C4-43BE-8BA4-7F0A03BAF8A1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{18B120A6-F1F7-4787-BE5E-72BC5B2373DB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\TheIncredible\AppData\Roaming\big fish games"
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{34130A6C-2465-4D22-8B8D-BE2E06F511F5}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{5A7B2BBD-E086-4A3A-B9C9-130FB8D8C2E5}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{86FAC8DB-E149-43D6-8BDB-75ADBAAC8079}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{AC59E6DB-5245-4269-BA42-5F9D7C9B1477}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{C432EAB5-4D17-4202-914E-9649BF3C2E31}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{C4E5BF0C-A509-4B83-9537-D2657EE2575F}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{C53EB641-BB74-451C-A694-70C5CD69D919}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{C737DBC0-4A73-4CEA-9385-09FE9ED105A8}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{CFBEFACE-31B3-4F87-A5E1-AB0F37BEF0AE}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{D77E1215-2F56-47F2-ADE1-D9DB13576BA4}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{E105C546-6E3E-42A9-8F1D-BBF6D6FBE5BD}
Successfully deleted: [Empty Folder] C:\Users\TheIncredible\appdata\local\{E56CEFBE-4E8D-4A51-9F37-32359E414604}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\TheIncredible\AppData\Roaming\mozilla\firefox\profiles\hhx66r4o.default-1361833139193\minidumps [165 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\TheIncredible\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.12.2013 at 12:49:39,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 Kommt das log von MBAM noch?
__________
MfG Argus

#7 ist gerade erst fertig geworden!

Code

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.27.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16750
TheIncredible :: CHRIS [Administrator]

27.12.2013 13:01:01
mbam-log-2013-12-27 (13-01-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395643
Laufzeit: 3 Stunde(n), 35 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webexp Enhanced (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 12
C:\Users\TheIncredible\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1 (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510 (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome\content (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome\content\icons (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome\content\icons\default (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ie (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 18
C:\AdwCleaner\Quarantine\C\Users\TheIncredible\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DC1G0D4\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DNSOS9PT\mism[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Temp\jXtdikP8.exe.part (PUP.Optional.OneClickDownloader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\TheIncredible\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\uninstall.exe (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome.manifest (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\install.rdf (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome\content\ffWebexpEnhancedV1alpha510.js (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome\content\ffWebexpEnhancedV1alpha510ffaction.js (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome\content\overlay.xul (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome\content\icons\Thumbs.db (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff\chrome\content\icons\default\WebexpEnhancedV1alpha510_32.png (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

#8 ComboFix
Downloade Dir bitte Combofix auf deinen Desktop.

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________
MfG Argus

#9 funktioniert e leider nur mit einem fehler (steht glaube ich auch im log drin)

Code

ComboFix 11-07-14.05 - TheIncredible 15.07.2011   0:50.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2009.893 [GMT 2:00]
ausgeführt von:: c:\users\TheIncredible\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Gomez\GomezPEER\agents\agents.xml
c:\program files\Gomez\GomezPEER\agents\gozilla\image\gozilla.zip
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\.autoreg
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\AccessibleMarshal.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\application.ini
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\blocklist.xml
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\browserconfig.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\browser.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\browser.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\classic.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\classic.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\comm.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\comm.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\en-US.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\en-US.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\pippki.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\pippki.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\reporter.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\reporter.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\toolkit.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\chrome\toolkit.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\aboutCertError.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\aboutPrivateBrowsing.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\aboutRights.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\aboutRobots.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\aboutSessionRestore.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\browserdirprovider.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\brwsrcmp.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\FeedConverter.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\FeedProcessor.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\FeedWriter.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\flashplayer.xpt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\fuelApplication.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\gomezplugin.xpt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\jsconsole-clhandler.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\NetworkGeolocationProvider.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsAddonRepository.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsBadCertHandler.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsBlocklistService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsBrowserContentHandler.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsBrowserGlue.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsContentDispatchChooser.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsContentPrefService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsDefaultCLH.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsDownloadManagerUI.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsExtensionManager.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsHandlerService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsHelperAppDlg.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsLivemarkService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsLoginInfo.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsLoginManager.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsLoginManagerPrompter.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsMicrosummaryService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsPlacesDBFlush.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsPlacesTransactionsService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsPostUpdateWin.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsPrivateBrowsingService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsProxyAutoConfig.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsSafebrowsingApplication.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsSearchService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsSearchSuggestions.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsSessionStartup.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsSessionStore.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsSetDefaultBrowser.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsSidebar.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsTaggingService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsTryToClose.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsUpdateService.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsUrlClassifierLib.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsUrlClassifierListManager.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsURLFormatter.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\nsWebHandlerApp.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\pluginGlue.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\storage-Legacy.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\storage-mozStorage.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\txEXSLTRegExFunctions.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\components\WebContentConverter.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\crashreporter-override.ini
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\crashreporter.exe
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\crashreporter.ini
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\autoconfig\platform.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\autoconfig\prefcalls.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\pref\channel-prefs.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\pref\firefox-branding.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\pref\firefox-l10n.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\pref\firefox.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\pref\reporter.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\profile\bookmarks.html
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\profile\chrome\userChrome-example.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\profile\chrome\userContent-example.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\profile\localstore.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\profile\mimeTypes.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\defaults\profile\prefs.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\dictionaries\en-US.aff
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\dictionaries\en-US.dic
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}\chrome.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}\chrome\xhtmlmp.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}\components\xhtmlmp-logging.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}\components\xhtmlmp-multipartmixed-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}\components\xhtmlmp-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}\defaults\preferences\xhtmlmp.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}\install.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}\readme.txt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}\chrome.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}\chrome\wmlbrowser.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}\components\wml-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}\defaults\preferences\prefs.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}\install.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}\install.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\chrome.manifest
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\chrome\gomezagent.jar
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\agent-alogger-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\agent-cache-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\agent-filter-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\agent-prompt-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\agent-psrbuilder-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\agent-scoe-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\agent-stats-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\agent-utility-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\agent-visualresult-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\browser-monitor-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\gsl-converter-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\http-event-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\IPageSpeedGomezData.xpt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\IPageSpeedRules.xpt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\nsIFxAgent.xpt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\nsIMachineInfo.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\nsIMachineInfo.xpt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\nsITraceRoute.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\nsITraceRoute.xpt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\pagespeed.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\txn-executor.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\txn-server-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\components\zconsole-server-service.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\config\loggerConfig.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\install.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\modules\beautify.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\modules\gsl2shim.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\modules\io.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\modules\json2.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\modules\psrtest.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\modules\utils.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\modules\version.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\extensions\gomezagent@gomez.com\modules\zipit.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\freebl3.chk
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\freebl3.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\gomez-tools\awaitfile.exe
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\gomez-tools\gozilla-launch.cmd
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\gomez-tools\gozilla-provision-sa.cmd
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\gomez-tools\gozilla-provision.cmd
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\gozilla.exe
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\greprefs\all.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\greprefs\security-prefs.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\greprefs\xpinstall.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\js3250.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\LICENSE
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\log4cplus.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\log4cplus.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\debug.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\distribution.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\DownloadLastDir.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\DownloadUtils.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\ISO8601DateUtils.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\Microformats.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\openLocationLastURL.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\PlacesDBUtils.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\PluralForm.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\SpatialNavigation.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\utils.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\WindowDraggingUtils.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\modules\XPCOMUtils.jsm
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\mozcrt19.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\nspr4.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\nss3.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\nssckbi.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\nssdbm3.chk
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\nssdbm3.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\nssutil3.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\platform.ini
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\plc4.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\plds4.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\plugins\npgfp.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\plugins\npgslp.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\plugins\npgswf32.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\plugins\npnul32.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\plugins\NPSWF32.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\README.txt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\removed-files
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\arrow.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\arrowd.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\broken-image.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\charsetalias.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\charsetData.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\contenteditable.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\designmode.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\dtd\mathml.dtd
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\dtd\xhtml11.dtd
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\EditorOverride.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\entityTables\html40Latin1.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\entityTables\html40Special.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\entityTables\html40Symbols.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\entityTables\htmlEntityVersions.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\entityTables\mathml20.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\entityTables\transliterate.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\fonts\mathfont.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\fonts\mathfontStandardSymbolsL.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\fonts\mathfontSTIXNonUnicode.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\fonts\mathfontSTIXSize1.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\fonts\mathfontSymbol.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\fonts\mathfontUnicode.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\forms.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\grabber.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\hiddenWindow.html
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\html.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\html\folder.png
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\langGroups.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\language.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\loading-image.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\mathml.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\quirk.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\svg.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-column-after-active.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-column-after-hover.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-column-after.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-column-before-active.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-column-before-hover.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-column-before.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-row-after-active.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-row-after-hover.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-row-after.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-row-before-active.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-row-before-hover.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-add-row-before.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-remove-column-active.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-remove-column-hover.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-remove-column.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-remove-row-active.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-remove-row-hover.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\table-remove-row.gif
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\ua.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\viewsource.css
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\res\wincharset.properties
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\searchplugins\amazondotcom.xml
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\searchplugins\answers.xml
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\searchplugins\creativecommons.xml
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\searchplugins\eBay.xml
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\searchplugins\google.xml
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\searchplugins\wikipedia.xml
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\searchplugins\yahoo.xml
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\smime3.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\softokn3.chk
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\softokn3.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\sqlite3.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\ssl3.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0\ScriptCache\sizzle20090425wrb
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\bookmarkbackups\bookmarks-2011-04-25.json
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\Cache\_CACHE_001_
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\Cache\_CACHE_002_
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\Cache\_CACHE_003_
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\Cache\_CACHE_MAP_
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\cert8.db
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\compatibility.ini
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\compreg.dat
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\content-prefs.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\cookies.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\downloads.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\extensions.cache
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\extensions.ini
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\extensions.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\formhistory.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\key3.db
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\localstore.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\mimeTypes.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\OfflineCache\index.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\permissions.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\places.sqlite-journal
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\places.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\prefs.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\profile.done
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\search.json
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\search.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\secmod.db
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\signons.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\webappsstore.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\XPC.mfl
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\xpti.dat
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\agt_0_template\XUL.mfl
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\agt-0-ga.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-21-41-30_Telefonica_youtube_trends_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-21-50-53_SEB-Bank_DE_LMHP-FF-Banking-DE_-_FF_Agen_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-21-55-19_IMG_Bench_LLNW_SP_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-21-55-39_news-global-HBB_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-22-20-19_Dooyoo_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-22-45-23_Wikileaks_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-22-50-26_Simpleupload_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-22-51-8_www.skyrama.com_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-22-55-41_IMG_Bench_LLNW_SP_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-22-55-59_Clouds_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-22-56-17_Retailer_Startpage_Last_Mile_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-23-0-40_Telefonica_youtube_trends_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-23-10-23_Apple_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-23-10-57_Last_Mile_Test_1_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-23-15-45_FOX-MYDATE-GHP_LMILE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-23-16-4_Friendscout_DE_Checkbox_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-23-25-28_Apple_Home_Page_from_eEU_-_FF_Agent_-_LM_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-13-23-30-10_Consors_Info_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-0-11-10_Neu.de_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-0-15-35_Netzwertig_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-0-40-14_Flirtcafe_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-10-13_Neue_Leben_SP_HPLM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-10-32_CNN_page_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-10-55_Zalando_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-11-19_Vodafone_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-11-44_Plus_Startseite_LM_SP_V1_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-12-6_Clouds_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-16-28_SkyGo_geoblocking.zip_SOLM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-16-49_Toyota_DE_LMHP-FF-Automotive-DE_-_FF_Age_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-17-8_Neu.de_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-21-32_Telefonica_youtube_trends_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-5-14_Ticketonline.de_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-51-2_Netzwertig_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-1-55-30_Friendscout24.de_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-10-16-0_Tmobile_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-10-20-26_Emerson_Emea_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-10-55-57_Baur_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-10-56-36_www.adhoc-international.com_LM_-_FF_Agen_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-11-30-54_DEVK_DE_LMHP-FF-Insurance-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-11-35-22_Megaupload_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-12-20-21_Vodafone_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-12-20-47_FP-global-HBB_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-12-41-19_Last_Mile_-_Large_Object_-_Akamai_-_NA_-_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-12-50-12_RJW_-_NHL_Home_Page_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-12-50-35_Plus_Startseite_LM_SP_V1_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-15-15_Apple_Home_Page_from_eEU_-_FF_Agent_-_LM_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-20-42_Windowslive_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-21-3_Telefonica_youtube_trends_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-26-58_Ali3.adf.ly_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-35-27_Uploaded.to_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-40-18_Hotel_DE_SP_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-40-55_Handelsblatt_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-45-26_Akamai_SPLM_Germany_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-45-45_Last_Mile_Test_1_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-50-29_LM_Suchestrecke_171110_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-51-16_Batch_Borderless_Cdnetworks_FF_Test_1_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-13-55-52_Region_Berlin_DE_SP_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-25-50_ymd-GLM-FF-Global-HBB-D5_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-26-30_ymd-GLM-FF-Global-HBB-D0_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-26-50_ymd-GLM-FF-Global-HBB-D8_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-26-9_ymd-GLM-FF-Global-HBB-D2_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-27-27_ymd-GLM-FF-Global-HBB-D6_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-27-45_ymd-GLM-FF-Global-HBB-D7_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-27-9_ymd-GLM-FF-Global-HBB-D9_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-28-4_ymd-GLM-FF-Global-HBB-D4_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-40-51_Apple_Home_Page_from_eEU_-_FF_Agent_-_LM_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-41-26_O2_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-14-46-3_Netbooknews_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-15-25-21_PeterHahn2LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-15-25-55_CNN_page_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-15-30-35_Barmer_GEK_DE_LMHP-FF-Insurance-DE_-_FF__agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-15-30-59_Gerry_Weber_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-15-31-21_Rapidshare_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-15-35-47_Region_Berlin_DE_SP_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-15-36-10_DI_Unternehmer_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-1-6_Deichmann_DE_LMHP-FF-Retail-DE_-_FF_Agen_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-30-12_Citroen_DE_LMHP-FF-Automotive-DE_-_FF_Ag_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-30-34_Sportscheck_transaction_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-35-19_Germany_CDNetworks_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-35-40_Hornbach_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-40-33_heine.de_Last_Mile_Messungen_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-41-2_Basic_Thinking_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-41-36_LIDL-Shop_DE_LMHP-FF-Retail-DE_-_FF_Agen_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-41-59_Sparkasse_Koelnbonn_DE_LMHP-FF-Banking-D_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-46-24_Germany_LimeLight_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-5-32_O2_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-50-51_YCS-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-16-51-10_DKB_DE_LMHP-FF-Banking-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-17-16-0_Demo_Daily_Load_Last_Mile_-_FF_Agent_-_F_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-18-30-20_Apple_Home_Page_from_eEU_-_FF_Agent_-_LM_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-18-30-43_Germany_Cotendo_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-20-18_Ikea_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-25-22_Vodafone_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-26-10_Berliner-Sparkasse_DE_LMHP-FF-Banking-DE_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-30-37_Sportscheck_Startseite_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-31-0_Google_Watch_Blog_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-31-23_Finance_Scout_24_DE_LMHP-FF-Insurance-DE_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-35-47_Billiger_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-36-9_Germany_Level3_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-40-33_ERGO_Direkt_DE_LMHP-FF-Insurance-DE_-_FF_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-45-14_Vodafone_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-19-45-40_Nobu_Prod_Single_URL_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-2-36-54_DI_Unternehmer_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-2-45-39_Billiger_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-20-10-20_MyToys_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-20-35-16_Eventim_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-20-35-40_Perf_Page2_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-20-40-23_Mercateo_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-20-40-47_Toyota_DE_LMHP-FF-Automotive-DE_-_FF_Age_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-20-41-12_Thomas_Hutter_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-21-11-15_Simpleupload_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-21-15-44_Homepage-Germany_-_FF_Agent_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-21-20-25_Telefonica_youtube_trends_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-21-25-42_Hamburger_Sparkasse_Ag_DE_LMHP-FF-Bankin_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-21-26-4_LM_Service_Mein_Koto_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-21-31-19_Saab_DE_LMHP-FF-Automotive-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-21-36-13_Ciao_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-22-26-6_Lexmark_Last_Mile_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-22-30-37_Friendscout24.de_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-22-5-29_Baur_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-22-55-18_sports-global-HBB_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-23-40-19_Telefonica_youtube_trends_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-23-45-16_Germany_Akamai_LastMile_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-23-45-56_Basic_Thinking_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-23-50-25_Sparda_DE_LMHP-FF-Banking-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-23-51-24_Netzwertig_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-23-51-3_KSK_Koeln_DE_LMHP-FF-Banking-DE_-_FF_Age_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-3-10-17_Akamai_SPLM_Germany_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-3-31-2_Simpleupload_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-3-35-44_Perf_Page3_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-4-10-31_Polish_Benchmarks_FF_mswia.gov.pl_-_FF_A_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-4-11-4_Nobu_Prod_Single_URL_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-4-15-31_Plus_Reisen_startseite_LM_SP_v1_-_FF_Age_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-4-20-28_Lexmark_Last_Mile_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-4-20-57_Infotech_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-4-25-26_heine.de_Last_Mile_Messungen_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-4-5-34_Berliner_Volksbank_DE_LMHP-FF-Banking-DE_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-4-50-43_KSK_Koeln_DE_LMHP-FF-Banking-DE_-_FF_Age_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-4-6-7_Opel_DE_LMHP-FF-Automotive-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-15-18_Last_Mile_-_Small_Object_-_Akamai_-_FF_A_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-15-35_Last_Mile_-_Small_Object_-_Level3_-_FF_A_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-15-53_Last_Mile_-_Small_Object_-_Limelight_-_F_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-16-9_Last_Mile_-_Small_Object_-_CloudFront_-__agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-20-31_Cooper_Lighting_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-25-15_Share-online.biz_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-25-34_Sportscorner24_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-35-49_Amazon_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-36-10_Apple_Test_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-40-33_Plus_Reisen_startseite_LM_SP_v1_-_FF_Age_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-40-53_Simpleupload_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-41-11_t3n_News_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-5-56-11_Ford_CMax_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-0-40_Netload.in_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-1-15_Yancor_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-10-28_O2_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-31-3_Netload.in_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-35-29_Perf_Page1_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-40-14_Hotel_DE_SP_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-40-38_Mitsubishi_DE_LMHP-FF-Automotive-DE_-_FF_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-41-0_Web.de_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-45-25_www.secret.de_TX_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-46-13_Schwab_DE_LMHP-FF-Retail-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-5-40_Delta_Index_Home_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-50-37_Sportscorner24_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-6-6-1_Tmobile_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-0-37_Streaming-OFF-HomePage1-Firefox_-_FF_Age_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-0-59_Streaming-ON-HomePage1-Firefox_-_FF_Agen_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-1-21_HalmarkHomePage-LM-Firefox_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-10-51_Tmobile_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-11-15_Load_Plus_Shopping_-_FF_Agent_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-15-54_Polish_Benchmarks_LM_FF_TELCO_Dialog_-_F_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-20-26_www.secret.de_TX_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-5-48_Techniker_Krankenkasse_DE_LMHP-FF-Insura_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-50-26_CapGemini_-_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-7-6-9_KSK_Koeln_DE_LMHP-FF-Banking-DE_-_FF_Age_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-8-15-16_YCS-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-8-15-34_URL-HostingLinBench2-LM_GD_Ded_-_FF_Agen_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-8-40-18_citroenflash1_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-8-40-44_ERGO_DE_LMHP-FF-Insurance-DE_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-9-30-40_Eplus_GER_Home_LM_-_FF_Agent_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\storage\FF35\log\txn-gn-2011-7-14-9-55-23_Demo_Daily_Load_Last_Mile_-_FF_Agent_-_F_agt-0.log
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\uninstall\helper.exe
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\update.locale
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\updater.exe
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\updater.ini
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\version.txt
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\bookmarkbackups\bookmarks-2011-04-25.json
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\Cache\_CACHE_001_
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\Cache\_CACHE_002_
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\Cache\_CACHE_003_
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\Cache\_CACHE_MAP_
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\cert8.db
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\compatibility.ini
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\compreg.dat
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\content-prefs.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\cookies.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\downloads.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\extensions.cache
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\extensions.ini
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\extensions.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\formhistory.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\key3.db
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\localstore.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\mimeTypes.rdf
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\OfflineCache\index.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\permissions.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\places.sqlite-journal
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\places.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\pluginreg.dat
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\prefs.js
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\profile.done
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\search.json
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\search.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\secmod.db
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\signons.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\urlclassifier3.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\webappsstore.sqlite
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\XPC.mfl
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\xpti.dat
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\work\work_pool\FF35\agt_0\XUL.mfl
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\xpcom.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\xul.dll
c:\program files\Gomez\GomezPEER\agents\gozilla\runtime\zlib1.dll
c:\program files\Gomez\GomezPEER\bin\GomezPEER.exe
c:\program files\Gomez\GomezPEER\cache\helper\databank.003.js
c:\program files\Gomez\GomezPEER\cache\helper\GomezGlobalFunctions.008.js
c:\program files\Gomez\GomezPEER\cache\helper\static_helpers.003.js
c:\program files\Gomez\GomezPEER\cache\helper\url_helpers.003.js
c:\program files\Gomez\GomezPEER\cache\params.xml
c:\program files\Gomez\GomezPEER\cache\Respawn.class
c:\program files\Gomez\GomezPEER\country_list.txt
c:\program files\Gomez\GomezPEER\decode.exe
c:\program files\Gomez\GomezPEER\dll.log
c:\program files\Gomez\GomezPEER\getclean.exe
c:\program files\Gomez\GomezPEER\gomez.dat
c:\program files\Gomez\GomezPEER\gomez.dat.backup1
c:\program files\Gomez\GomezPEER\gomez.dat.backup2
c:\program files\Gomez\GomezPEER\gomez.dat.backup3
c:\program files\Gomez\GomezPEER\javparms.dat
c:\program files\Gomez\GomezPEER\jre\bin\attach.dll
c:\program files\Gomez\GomezPEER\jre\bin\awt.dll
c:\program files\Gomez\GomezPEER\jre\bin\axbridge.dll
c:\program files\Gomez\GomezPEER\jre\bin\client\classes.jsa
c:\program files\Gomez\GomezPEER\jre\bin\client\jvm.dll
c:\program files\Gomez\GomezPEER\jre\bin\client\Xusage.txt
c:\program files\Gomez\GomezPEER\jre\bin\cmm.dll
c:\program files\Gomez\GomezPEER\jre\bin\comfyj.lic
c:\program files\Gomez\GomezPEER\jre\bin\dcpr.dll
c:\program files\Gomez\GomezPEER\jre\bin\deploy.dll
c:\program files\Gomez\GomezPEER\jre\bin\dt_shmem.dll
c:\program files\Gomez\GomezPEER\jre\bin\dt_socket.dll
c:\program files\Gomez\GomezPEER\jre\bin\eula.dll
c:\program files\Gomez\GomezPEER\jre\bin\fontmanager.dll
c:\program files\Gomez\GomezPEER\jre\bin\hpi.dll
c:\program files\Gomez\GomezPEER\jre\bin\hprof.dll
c:\program files\Gomez\GomezPEER\jre\bin\ICE_JNIRegistry.dll
c:\program files\Gomez\GomezPEER\jre\bin\instrument.dll
c:\program files\Gomez\GomezPEER\jre\bin\ioser12.dll
c:\program files\Gomez\GomezPEER\jre\bin\j2pcsc.dll
c:\program files\Gomez\GomezPEER\jre\bin\j2pkcs11.dll
c:\program files\Gomez\GomezPEER\jre\bin\jaas_nt.dll
c:\program files\Gomez\GomezPEER\jre\bin\java-rmi.exe
c:\program files\Gomez\GomezPEER\jre\bin\java.dll
c:\program files\Gomez\GomezPEER\jre\bin\java.exe
c:\program files\Gomez\GomezPEER\jre\bin\java_crw_demo.dll
c:\program files\Gomez\GomezPEER\jre\bin\javacpl.cpl
c:\program files\Gomez\GomezPEER\jre\bin\javacpl.exe
c:\program files\Gomez\GomezPEER\jre\bin\javaw.exe
c:\program files\Gomez\GomezPEER\jre\bin\javaws.exe
c:\program files\Gomez\GomezPEER\jre\bin\jawt.dll
c:\program files\Gomez\GomezPEER\jre\bin\JdbcOdbc.dll
c:\program files\Gomez\GomezPEER\jre\bin\jdwp.dll
c:\program files\Gomez\GomezPEER\jre\bin\jexplorer.lic
c:\program files\Gomez\GomezPEER\jre\bin\jli.dll
c:\program files\Gomez\GomezPEER\jre\bin\jniwrap.dll
c:\program files\Gomez\GomezPEER\jre\bin\jniwrap.lic
c:\program files\Gomez\GomezPEER\jre\bin\jpeg.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpicom.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpiexp.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpinscp.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpioji.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpishare.dll
c:\program files\Gomez\GomezPEER\jre\bin\jsound.dll
c:\program files\Gomez\GomezPEER\jre\bin\jsoundds.dll
c:\program files\Gomez\GomezPEER\jre\bin\jucheck.exe
c:\program files\Gomez\GomezPEER\jre\bin\jureg.exe
c:\program files\Gomez\GomezPEER\jre\bin\jusched.exe
c:\program files\Gomez\GomezPEER\jre\bin\keytool.exe
c:\program files\Gomez\GomezPEER\jre\bin\kinit.exe
c:\program files\Gomez\GomezPEER\jre\bin\klist.exe
c:\program files\Gomez\GomezPEER\jre\bin\ktab.exe
c:\program files\Gomez\GomezPEER\jre\bin\management.dll
c:\program files\Gomez\GomezPEER\jre\bin\Microsoft.VC80.CRT.manifest
c:\program files\Gomez\GomezPEER\jre\bin\msvcm80.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcp80.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcr71.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcr80.dll
c:\program files\Gomez\GomezPEER\jre\bin\net.dll
c:\program files\Gomez\GomezPEER\jre\bin\nio.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava11.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava12.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava13.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava14.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava32.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjpi160.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjpi160_03.dll
c:\program files\Gomez\GomezPEER\jre\bin\npoji610.dll
c:\program files\Gomez\GomezPEER\jre\bin\npt.dll
c:\program files\Gomez\GomezPEER\jre\bin\orbd.exe
c:\program files\Gomez\GomezPEER\jre\bin\pack200.exe
c:\program files\Gomez\GomezPEER\jre\bin\policytool.exe
c:\program files\Gomez\GomezPEER\jre\bin\porivonet.dll
c:\program files\Gomez\GomezPEER\jre\bin\PorivoProcess.dll
c:\program files\Gomez\GomezPEER\jre\bin\regutils.dll
c:\program files\Gomez\GomezPEER\jre\bin\rmi.dll
c:\program files\Gomez\GomezPEER\jre\bin\rmid.exe
c:\program files\Gomez\GomezPEER\jre\bin\rmiregistry.exe
c:\program files\Gomez\GomezPEER\jre\bin\server\jvm.dll
c:\program files\Gomez\GomezPEER\jre\bin\server\Xusage.txt
c:\program files\Gomez\GomezPEER\jre\bin\servertool.exe
c:\program files\Gomez\GomezPEER\jre\bin\splashscreen.dll
c:\program files\Gomez\GomezPEER\jre\bin\ssv.dll
c:\program files\Gomez\GomezPEER\jre\bin\sunmscapi.dll
c:\program files\Gomez\GomezPEER\jre\bin\SystemInfo.dll
c:\program files\Gomez\GomezPEER\jre\bin\tnameserv.exe
c:\program files\Gomez\GomezPEER\jre\bin\unicows.dll
c:\program files\Gomez\GomezPEER\jre\bin\unpack.dll
c:\program files\Gomez\GomezPEER\jre\bin\unpack200.exe
c:\program files\Gomez\GomezPEER\jre\bin\verify.dll
c:\program files\Gomez\GomezPEER\jre\bin\w2k_lsa_auth.dll
c:\program files\Gomez\GomezPEER\jre\bin\WinTimer.dll
c:\program files\Gomez\GomezPEER\jre\bin\wsdetect.dll
c:\program files\Gomez\GomezPEER\jre\bin\zip.dll
c:\program files\Gomez\GomezPEER\jre\COPYRIGHT
c:\program files\Gomez\GomezPEER\jre\lib\audio\soundbank.gm
c:\program files\Gomez\GomezPEER\jre\lib\calendars.properties
c:\program files\Gomez\GomezPEER\jre\lib\charsets.jar
c:\program files\Gomez\GomezPEER\jre\lib\classlist
c:\program files\Gomez\GomezPEER\jre\lib\cmm\CIEXYZ.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\GRAY.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\LINEAR_RGB.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\PYCC.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\sRGB.pf
c:\program files\Gomez\GomezPEER\jre\lib\content-types.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy.jar
c:\program files\Gomez\GomezPEER\jre\lib\deploy\ffjcext.zip
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_de.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_es.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_fr.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_it.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_ja.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_ko.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_sv.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_zh_CN.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_zh_HK.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_zh_TW.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\splash.jpg
c:\program files\Gomez\GomezPEER\jre\lib\endorsed\xalan.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\commons-codec.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\commons-lang.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\css.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\dnsjava.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\dnsns.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\gomez-webcore.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\HeartBeatProject.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\jdom.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\JNIRegistry.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\jniwrap.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\js.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\jstools.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\Kernel.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\localedata.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\log4j.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\meta-index
c:\program files\Gomez\GomezPEER\jre\lib\ext\nekohtml.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\oro.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\peergui.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\PeerReviewProject.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\poi.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-agent.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-lib.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-modules.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-utils.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\sunjce_provider.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\sunmscapi.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\sunpkcs11.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\winpack.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\xerces.jar
c:\program files\Gomez\GomezPEER\jre\lib\flavormap.properties
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.98.bfc
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.98.properties.src
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.bfc
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.properties.src
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightDemiBold.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightDemiItalic.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightItalic.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightRegular.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaSansDemiBold.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaSansRegular.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaTypewriterBold.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaTypewriterRegular.ttf
c:\program files\Gomez\GomezPEER\jre\lib\i386\jvm.cfg
c:\program files\Gomez\GomezPEER\jre\lib\im\indicim.jar
c:\program files\Gomez\GomezPEER\jre\lib\im\thaiim.jar
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\cursors.properties
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\invalid32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\javaws.jar
c:\program files\Gomez\GomezPEER\jre\lib\jce.jar
c:\program files\Gomez\GomezPEER\jre\lib\jsse.jar
c:\program files\Gomez\GomezPEER\jre\lib\jvm.hprof.txt
c:\program files\Gomez\GomezPEER\jre\lib\logging.properties
c:\program files\Gomez\GomezPEER\jre\lib\management-agent.jar
c:\program files\Gomez\GomezPEER\jre\lib\management\jmxremote.access
c:\program files\Gomez\GomezPEER\jre\lib\management\jmxremote.password.template
c:\program files\Gomez\GomezPEER\jre\lib\management\management.properties
c:\program files\Gomez\GomezPEER\jre\lib\management\snmp.acl.template
c:\program files\Gomez\GomezPEER\jre\lib\meta-index
c:\program files\Gomez\GomezPEER\jre\lib\net.properties
c:\program files\Gomez\GomezPEER\jre\lib\plugin.jar
c:\program files\Gomez\GomezPEER\jre\lib\psfont.properties.ja
c:\program files\Gomez\GomezPEER\jre\lib\psfontj2d.properties
c:\program files\Gomez\GomezPEER\jre\lib\resources.jar
c:\program files\Gomez\GomezPEER\jre\lib\rt.jar
c:\program files\Gomez\GomezPEER\jre\lib\security\cacerts
c:\program files\Gomez\GomezPEER\jre\lib\security\gsr.policy
c:\program files\Gomez\GomezPEER\jre\lib\security\java.policy
c:\program files\Gomez\GomezPEER\jre\lib\security\java.security
c:\program files\Gomez\GomezPEER\jre\lib\security\javaws.policy
c:\program files\Gomez\GomezPEER\jre\lib\security\local_policy.jar
c:\program files\Gomez\GomezPEER\jre\lib\security\US_export_policy.jar
c:\program files\Gomez\GomezPEER\jre\lib\sound.properties
c:\program files\Gomez\GomezPEER\jre\lib\tzmappings
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Abidjan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Accra
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Addis_Ababa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Algiers
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Asmara
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Asmera
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bamako
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bangui
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Banjul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bissau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Blantyre
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Brazzaville
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bujumbura
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Cairo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Casablanca
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Ceuta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Conakry
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Dakar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Dar_es_Salaam
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Djibouti
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Douala
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\El_Aaiun
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Freetown
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Gaborone
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Harare
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Johannesburg
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Kampala
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Khartoum
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Kigali
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Kinshasa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lagos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Libreville
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lome
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Luanda
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lubumbashi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lusaka
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Malabo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Maputo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Maseru
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Mbabane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Mogadishu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Monrovia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Nairobi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Ndjamena
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Niamey
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Nouakchott
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Ouagadougou
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Porto-Novo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Sao_Tome
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Tripoli
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Tunis
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Windhoek
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Adak
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Anchorage
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Anguilla
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Antigua
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Araguaina
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Catamarca
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Cordoba
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Jujuy
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\La_Rioja
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Mendoza
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\San_Juan
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Tucuman
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Ushuaia
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Aruba
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Asuncion
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Atikokan
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Bahia
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Barbados
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Belem
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Belize
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Blanc-Sablon
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Boa_Vista
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Bogota
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Boise
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cambridge_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Campo_Grande
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cancun
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Caracas
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cayenne
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cayman
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Chicago
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Chihuahua
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Costa_Rica
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cuiaba
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Curacao
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Danmarkshavn
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Dawson
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Dawson_Creek
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Denver
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Detroit
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Dominica
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Edmonton
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Eirunepe
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\El_Salvador
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Fortaleza
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Glace_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Godthab
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Goose_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Grand_Turk
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Grenada
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guadeloupe
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guatemala
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guayaquil
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guyana
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Halifax
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Havana
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Hermosillo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Indianapolis
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Knox
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Marengo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Petersburg
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Tell_City
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Vevay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Vincennes
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Winamac
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Inuvik
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Iqaluit
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Jamaica
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Juneau
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Kentucky\Louisville
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Kentucky\Monticello
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\La_Paz
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Lima
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Los_Angeles
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Maceio
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Managua
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Manaus
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Martinique
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Mazatlan
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Menominee
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Merida
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Mexico_City
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Miquelon
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Moncton
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Monterrey
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Montevideo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Montreal
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Montserrat
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Nassau
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\New_York
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Nipigon
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Nome
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Noronha
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\North_Dakota\Center
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\North_Dakota\New_Salem
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Panama
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Pangnirtung
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Paramaribo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Phoenix
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Port-au-Prince
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Port_of_Spain
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Porto_Velho
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Puerto_Rico
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Rainy_River
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Rankin_Inlet
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Recife
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Regina
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Resolute
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Rio_Branco
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Santiago
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Santo_Domingo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Sao_Paulo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Scoresbysund
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Johns
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Kitts
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Lucia
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Thomas
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Vincent
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Swift_Current
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Tegucigalpa
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Thule
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Thunder_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Tijuana
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Toronto
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Tortola
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Vancouver
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Whitehorse
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Winnipeg
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Yakutat
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Yellowknife
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Casey
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Davis
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\DumontDUrville
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Mawson
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\McMurdo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Palmer
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Rothera
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Syowa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Vostok
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Aden
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Almaty
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Amman
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Anadyr
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Aqtau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Aqtobe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Ashgabat
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Baghdad
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Bahrain
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Baku
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Bangkok
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Beirut
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Bishkek
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Brunei
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Calcutta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Choibalsan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Chongqing
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Colombo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Damascus
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dhaka
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dili
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dubai
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dushanbe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Gaza
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Harbin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Hong_Kong
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Hovd
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Irkutsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Jakarta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Jayapura
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Jerusalem
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kabul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kamchatka
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Karachi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kashgar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Katmandu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Krasnoyarsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kuala_Lumpur
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kuching
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kuwait
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Macau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Magadan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Makassar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Manila
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Muscat
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Nicosia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Novosibirsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Omsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Oral
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Phnom_Penh
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Pontianak
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Pyongyang
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Qatar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Qyzylorda
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Rangoon
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh87
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh88
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh89
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Saigon
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Sakhalin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Samarkand
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Seoul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Shanghai
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Singapore
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Taipei
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tashkent
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tbilisi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tehran
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Thimphu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tokyo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Ulaanbaatar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Urumqi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Vientiane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Vladivostok
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Yakutsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Yekaterinburg
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Yerevan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Azores
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Bermuda
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Canary
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Cape_Verde
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Faeroe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Faroe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Madeira
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Reykjavik
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\South_Georgia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\St_Helena
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Stanley
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Adelaide
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Brisbane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Broken_Hill
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Currie
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Darwin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Eucla
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Hobart
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Lindeman
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Lord_Howe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Melbourne
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Perth
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Sydney
c:\program files\Gomez\GomezPEER\jre\lib\zi\CET
c:\program files\Gomez\GomezPEER\jre\lib\zi\CST6CDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\EET
c:\program files\Gomez\GomezPEER\jre\lib\zi\EST
c:\program files\Gomez\GomezPEER\jre\lib\zi\EST5EDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-1
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-10
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-11
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-12
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-13
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-14
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-2
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-3
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-4
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-5
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-6
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-7
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-8
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-9
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+1
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+10
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+11
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+12
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+2
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+3
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+4
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+5
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+6
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+7
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+8
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+9
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\UCT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\UTC
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Amsterdam
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Andorra
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Athens
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Belgrade
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Berlin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Brussels
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Bucharest
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Budapest
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Chisinau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Copenhagen
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Dublin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Gibraltar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Helsinki
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Istanbul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Kaliningrad
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Kiev
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Lisbon
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\London
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Luxembourg
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Madrid
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Malta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Minsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Monaco
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Moscow
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Oslo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Paris
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Prague
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Riga
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Rome
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Samara
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Simferopol
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Sofia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Stockholm
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Tallinn
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Tirane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Uzhgorod
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Vaduz
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Vienna
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Vilnius
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Volgograd
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Warsaw
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Zaporozhye
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Zurich
c:\program files\Gomez\GomezPEER\jre\lib\zi\GMT
c:\program files\Gomez\GomezPEER\jre\lib\zi\HST
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Antananarivo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Chagos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Christmas
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Cocos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Comoro
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Kerguelen
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Mahe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Maldives
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Mauritius
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Mayotte
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Reunion
c:\program files\Gomez\GomezPEER\jre\lib\zi\MET
c:\program files\Gomez\GomezPEER\jre\lib\zi\MST
c:\program files\Gomez\GomezPEER\jre\lib\zi\MST7MDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Apia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Auckland
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Chatham
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Easter
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Efate
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Enderbury
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Fakaofo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Fiji
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Funafuti
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Galapagos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Gambier
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Guadalcanal
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Guam
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Honolulu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Johnston
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Kiritimati
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Kosrae
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Kwajalein
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Majuro
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Marquesas
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Midway
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Nauru
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Niue
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Norfolk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Noumea
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Pago_Pago
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Palau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Pitcairn
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Ponape
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Port_Moresby
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Rarotonga
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Saipan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Tahiti
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Tarawa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Tongatapu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Truk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Wake
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Wallis
c:\program files\Gomez\GomezPEER\jre\lib\zi\PST8PDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\AST4
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\AST4ADT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\CST6
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\CST6CDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\EST5
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\EST5EDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\HST10
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\MST7
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\MST7MDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\PST8
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\PST8PDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\YST9
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\YST9YDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\WET
c:\program files\Gomez\GomezPEER\jre\lib\zi\ZoneInfoMappings
c:\program files\Gomez\GomezPEER\jre\LICENSE
c:\program files\Gomez\GomezPEER\jre\LICENSE.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_de.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_es.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_fr.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_it.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_ja.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_ko.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_sv.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_zh_CN.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_zh_TW.rtf
c:\program files\Gomez\GomezPEER\jre\README.txt
c:\program files\Gomez\GomezPEER\jre\THIRDPARTYLICENSEREADME.txt
c:\program files\Gomez\GomezPEER\jre\Welcome.html
c:\program files\Gomez\GomezPEER\mname.ini
c:\program files\Gomez\GomezPEER\par2.exe
c:\program files\Gomez\GomezPEER\peer.log
c:\program files\Gomez\GomezPEER\ReadMe.txt
c:\program files\Gomez\GomezPEER\tools\bind\bind.zip
c:\program files\Gomez\GomezPEER\tools\bind\COPYRIGHT
c:\program files\Gomez\GomezPEER\tools\bind\dig.exe
c:\program files\Gomez\GomezPEER\tools\bind\libbind9.dll
c:\program files\Gomez\GomezPEER\tools\bind\libdns.dll
c:\program files\Gomez\GomezPEER\tools\bind\libeay32.dll
c:\program files\Gomez\GomezPEER\tools\bind\libisc.dll
c:\program files\Gomez\GomezPEER\tools\bind\libisccc.dll
c:\program files\Gomez\GomezPEER\tools\bind\libisccfg.dll
c:\program files\Gomez\GomezPEER\tools\bind\liblwres.dll
c:\program files\Gomez\GomezPEER\tools\bind\libxml2.dll
c:\program files\Gomez\GomezPEER\tools\bind\libxml2.dll.2.config
c:\program files\Gomez\GomezPEER\tools\bind\Microsoft.VC80.CRT.manifest
c:\program files\Gomez\GomezPEER\tools\bind\msvcm80.dll
c:\program files\Gomez\GomezPEER\tools\bind\msvcp80.dll
c:\program files\Gomez\GomezPEER\tools\bind\msvcr80.dll
c:\program files\Gomez\GomezPEER\tools\bind\nslookup.exe
c:\program files\Gomez\GomezPEER\uninstall.exe
c:\program files\Gomez\GomezPEER\upatelog.txt
c:\users\TheIncredible\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ThinkPoint.lnk
c:\program files\Gomez . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-14 bis 2011-07-14  ))))))))))))))))))))))))))))))
.
.
2011-07-14 23:00 . 2011-07-14 23:00    --------    d-----w-    c:\users\Public\AppData\Local\temp
2011-07-14 23:00 . 2011-07-14 23:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-07-14 22:48 . 2011-07-14 22:48    --------    d-----w-    C:\32788R22FWJFW
2011-07-13 19:33 . 2011-07-13 19:33    --------    d-----w-    c:\program files\jeak.de
2011-07-12 23:34 . 2011-07-12 23:34    --------    dc----w-    c:\users\TheIncredible\AppData\Local\DDMSettings
2011-07-12 23:33 . 2011-07-13 19:19    --------    d-----w-    c:\users\TheIncredible\AppData\Roaming\DivX
2011-07-12 23:32 . 2011-07-12 23:33    --------    d-----w-    c:\program files\Common Files\DivX Shared
2011-07-12 23:31 . 2011-07-12 23:33    --------    d-----w-    c:\program files\DivX
2011-07-12 23:31 . 2011-07-12 23:33    --------    d-----w-    c:\programdata\DivX
2011-07-12 12:39 . 2011-06-07 15:55    7074640    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7E0CBED-5E68-44C5-87D5-4E72D950C51A}\mpengine.dll
2011-07-11 09:43 . 2011-07-11 09:43    --------    d-----w-    c:\program files\Apple Software Update
2011-06-29 10:17 . 2011-06-29 10:17    --------    d-----w-    c:\program files\Common Files\xing shared
2011-06-29 02:52 . 2011-05-24 10:44    293376    ----a-w-    c:\windows\system32\umpnpmgr.dll
2011-06-29 02:52 . 2011-05-04 04:32    1401344    ----a-w-    c:\windows\system32\mssrch.dll
2011-06-29 02:52 . 2011-05-04 04:34    1549312    ----a-w-    c:\windows\system32\tquery.dll
2011-06-29 02:52 . 2011-05-04 04:32    337408    ----a-w-    c:\windows\system32\mssph.dll
2011-06-29 02:52 . 2011-05-04 04:28    427520    ----a-w-    c:\windows\system32\SearchIndexer.exe
2011-06-29 02:52 . 2011-05-04 04:28    164352    ----a-w-    c:\windows\system32\SearchProtocolHost.exe
2011-06-29 02:52 . 2011-05-04 04:32    666624    ----a-w-    c:\windows\system32\mssvp.dll
2011-06-29 02:52 . 2011-05-04 04:32    197120    ----a-w-    c:\windows\system32\mssphtb.dll
2011-06-29 02:52 . 2011-05-04 04:32    59392    ----a-w-    c:\windows\system32\msscntrs.dll
2011-06-29 02:52 . 2011-05-04 04:28    86528    ----a-w-    c:\windows\system32\SearchFilterHost.exe
2011-06-24 10:14 . 2011-06-24 10:14    2106216    ----a-w-    c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 10:14 . 2011-06-24 10:14    1998168    ----a-w-    c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-20 21:18 . 2011-06-28 00:51    --------    d-----w-    c:\users\TheIncredible\AppData\Roaming\Spark
2011-06-20 21:17 . 2011-06-20 21:18    --------    d-----w-    c:\program files\Spark
2011-06-16 23:46 . 2011-06-16 23:46    --------    d-----w-    c:\program files\Microsoft IntelliPoint
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-14 12:37 . 2011-05-13 16:31    138264    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2011-07-14 12:37 . 2011-05-13 16:34    234768    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2011-07-14 12:37 . 2011-05-13 16:30    234768    ----a-w-    c:\windows\system32\PnkBstrB.exe
2011-07-13 19:32 . 2011-05-19 14:51    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 14:52 . 2011-05-13 16:30    234768    ----a-w-    c:\windows\system32\PnkBstrB.ex0
2011-07-03 11:37 . 2011-05-13 16:31    138056    ----a-w-    c:\users\TheIncredible\AppData\Roaming\PnkBstrK.sys
2011-07-03 11:36 . 2011-05-13 16:30    75136    ----a-w-    c:\windows\system32\PnkBstrA.exe
2011-06-29 10:17 . 2010-06-02 14:02    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2011-06-29 10:17 . 2009-07-14 14:27    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2011-06-29 09:36 . 2010-10-15 18:22    138192    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2011-06-29 09:36 . 2010-10-15 18:22    66616    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2011-06-14 04:09 . 2009-07-14 02:05    152576    ----a-w-    c:\windows\system32\msclmd.dll
2011-06-02 17:53 . 2011-06-02 17:53    94208    ----a-w-    c:\windows\system32\dpl100.dll
2011-05-24 17:14 . 2010-10-15 18:45    222080    ------w-    c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-10-13 20:57    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-05-03 04:30 . 2011-06-14 21:13    741376    ----a-w-    c:\windows\system32\inetcomm.dll
2011-04-29 02:46 . 2011-06-14 21:14    311808    ----a-w-    c:\windows\system32\drivers\srv.sys
2011-04-29 02:46 . 2011-06-14 21:14    310272    ----a-w-    c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46 . 2011-06-14 21:14    114688    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17 . 2011-06-14 21:11    223744    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17 . 2011-06-14 21:11    96768    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17 . 2011-06-14 21:11    123904    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 04:31 . 2011-06-14 21:14    1290624    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:18 . 2011-06-14 21:14    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2011-04-22 19:14 . 2011-05-25 00:09    27008    ----a-w-    c:\windows\system32\drivers\Diskdump.sys
2010-11-11 19:47 . 2010-11-11 19:41    622807012    ----a-w-    c:\program files\Flyff_Eu_De_Setup.exe
2011-06-24 10:14 . 2011-04-30 03:55    142296    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2010-12-15 7099904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-06-29 273544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GomezPEER.lnk - c:\program files\Gomez\GomezPEER\bin\GomezPEER.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTskMgr"= 0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2010-03-31 379904]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-14 c:\windows\Tasks\qipdater.exe.job
- c:\program files\jeak.de\QIP 2010\qipdater.exe [2011-07-01 13:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
TCP: DhcpNameServer = 192.168.178.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhdbst8g.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Infium - c:\program files\QIP 2010\qip.exe
SafeBoot-Wdf01000.sys
AddRemove-GomezPEER - c:\program files\Gomez\GomezPEER\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3888)
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Conexant\SAII\SmartAudio.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-15  01:08:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-07-14 23:08
ComboFix2.txt  2010-11-29 07:19
.
Vor Suchlauf: 10 Verzeichnis(se), 166.466.179.072 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 167.287.779.328 Bytes frei
.
- - End Of File - - 0671F177ED1C978D0FB16F1744298BBB

#10 Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________
MfG Argus

#11

Code

ComboFix 13-12-26.01 - TheIncredible 27.12.2013  18:32:35.3.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2009.1081 [GMT 1:00]
ausgeführt von:: c:\users\TheIncredible\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\THEINC~1\AppData\Local\Temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
c:\users\TheIncredible\AppData\Local\Temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
c:\windows\apppatch\AppLoc.exe
c:\windows\IsUn0407.exe
c:\windows\system32\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-27 bis 2013-12-27  ))))))))))))))))))))))))))))))
.
.
2013-12-27 17:43 . 2013-12-27 17:43    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-12-27 17:43 . 2013-12-27 17:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-27 11:43 . 2013-12-27 11:43    --------    d-----w-    c:\windows\ERUNT
2013-12-27 11:31 . 2013-12-27 11:34    --------    d-----w-    C:\AdwCleaner
2013-12-27 08:19 . 2013-12-27 08:19    --------    d-----w-    C:\FRST
2013-12-26 20:11 . 2013-12-26 20:11    --------    d-----w-    c:\programdata\Speed Streamer
2013-12-23 08:33 . 2013-12-23 08:33    --------    dc----w-    c:\users\TheIncredible\AppData\Local\Programs
2013-12-12 02:22 . 2013-12-12 10:42    --------    d-----w-    c:\program files\Mozilla Thunderbird
2013-12-11 23:56 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-11 23:56 . 2013-05-10 03:48    164864    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 23:55 . 2013-10-25 03:41    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-12-11 23:55 . 2013-10-25 04:43    2877952    ----a-w-    c:\windows\system32\jscript9.dll
2013-12-11 23:55 . 2013-10-25 04:44    217600    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-12-11 23:55 . 2013-10-25 04:45    469504    ----a-w-    c:\program files\Internet Explorer\ieinstal.exe
2013-12-11 23:55 . 2013-10-25 04:43    108032    ----a-w-    c:\program files\Internet Explorer\jsdebuggeride.dll
2013-12-11 23:55 . 2013-10-25 04:43    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-12-11 11:03 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 11:03 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 11:03 . 2013-10-04 01:49    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 11:03 . 2013-10-04 01:17    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 10:47 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 10:47 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 10:47 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 10:47 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 10:47 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 10:45 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 10:45 . 2013-10-30 01:27    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-12-09 19:07 . 2013-12-09 19:07    159744    ----a-w-    c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-12-09 19:06 . 2013-12-09 19:07    --------    d-----w-    c:\program files\QuickTime
2013-12-09 19:06 . 2013-12-09 19:06    --------    d-----w-    c:\programdata\Apple Computer
2013-12-09 16:44 . 2013-12-09 16:44    --------    d-----w-    c:\programdata\Oracle
2013-12-09 16:44 . 2013-12-09 16:44    --------    d-----w-    c:\program files\Common Files\Java
2013-12-09 16:44 . 2013-10-08 06:50    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-04 06:38 . 2013-12-04 06:38    --------    d-----w-    c:\users\TheIncredible\AppData\Roaming\Sony Online Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-27 17:33 . 2013-12-27 17:33    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E04A856-6B7E-4EBE-A53A-AF02D395EFC9}\offreg.dll
2013-12-27 12:00 . 2010-11-14 16:45    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-17 15:28 . 2013-08-02 20:29    69240    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2013-12-17 15:28 . 2012-07-09 15:58    135648    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2013-12-17 15:28 . 2012-07-09 15:58    90400    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2013-12-11 20:26 . 2012-04-29 10:34    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 20:26 . 2011-05-19 14:51    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-04 02:57 . 2013-12-27 09:48    7760024    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E04A856-6B7E-4EBE-A53A-AF02D395EFC9}\mpengine.dll
2013-11-19 02:33 . 2010-10-15 18:45    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-14 11:53 . 2012-07-09 15:58    37352    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2010-11-11 19:47 . 2010-11-11 19:41    622807012    ----a-w-    c:\program files\Flyff_Eu_De_Setup.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2010-12-15 7099904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-12-08 139088]
"AlterGeoUpdater"="c:\program files\AlterGeo\Html5 geolocation provider\html5locsvc.exe" [2012-02-06 27680]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-12 296096]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-08-21 450560]
"PrivitizeVPN"="c:\program files\PrivitizeVPN\PrivitizeVPN.exe" [2013-02-25 196784]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AlterGeoUpdater"="c:\programdata\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe" [2013-01-28 29696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GomezPEER.lnk - c:\program files\Gomez\GomezPEER\bin\GomezPEER.exe [2011-4-28 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTskMgr"= 0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 d458591c;Speed Streamer;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 9216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-27 40776]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-17 3890920]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [2013-08-22 18360]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2010-03-31 379904]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-07 1343400]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-12-17 1011768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-14 37352]
S1 funfrm;funfrm; [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-12-17 440376]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 UI Assistant Service;UI Assistant Service;c:\program files\1&1 Surf-Stick\AssistantServices.exe [2010-12-08 253264]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 20:26]
.
2013-12-27 c:\windows\Tasks\AlterGeoUpdaterS-1-5-18.job
- c:\program files\AlterGeo\Html5 geolocation provider\html5locsvc.exe [2012-02-06 11:35]
.
2013-12-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-03 14:48]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000Core.job
- c:\users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 09:23]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000UA.job
- c:\users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 09:23]
.
2013-12-27 c:\windows\Tasks\QIPdater 2012.job
- c:\program files\jeak.de\QIP 2012 Jeak-Edition\qipdater.exe [2012-03-27 19:29]
.
2013-12-27 c:\windows\Tasks\qipdater.exe.job
- c:\program files\jeak.de\QIP 2010\qipdater.exe [2011-07-01 13:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{8AC10D96-6C44-4A42-AA74-78103A3C31D0}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8AC10D96-6C44-4A42-AA74-78103A3C31D0}\64259445A51224F6870264F6E60275C414E40273131323: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{8AC10D96-6C44-4A42-AA74-78103A3C31D0}\E6F6272656274727F63796: DhcpNameServer = 192.168.0.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - 
FF - ExtSQL: 2013-12-04 06:34; MysticalLandInstaller@madottergames.com; c:\users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\extensions\MysticalLandInstaller@madottergames.com
FF - ExtSQL: 2013-12-10 12:13; ext@bettersurfplus.com; c:\program files\BetterSurf\BetterSurfPlus\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-MAgent - c:\program files\Mail.Ru\Agent\magent.exe
c:\users\TheIncredible\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KillSkypeHome.lnk - c:\users\TheIncredible\Videos\KillSkypeHome.exe
AddRemove-MRA - c:\program files\Mail.Ru\Agent\magentsetup.exe
AddRemove-Worms2 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3856)
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Conexant\SAII\SmartAudio.exe
c:\program files\1&1 Surf-Stick\UIMain.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\progra~1\Gomez\GOMEZP~1\jre\bin\java.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\avira\antivir desktop\ipmGui.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\1&1 Surf-Stick\CMUpdater.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-27  18:53:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-12-27 17:53
ComboFix2.txt  2011-07-14 23:08
ComboFix3.txt  2010-11-29 07:19
.
Vor Suchlauf: 22 Verzeichnis(se), 51.674.554.368 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 57.891.434.496 Bytes frei
.
- - End Of File - - 502DAD51F0E30B9B1CEA6DAAA74D334E
A36C5E4F47E84449FF07ED3517B43A31

und hier nochmal FRST:

Code

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2013 01
Ran by TheIncredible (administrator) on CHRIS on 27-12-2013 22:35:13
Running from C:\Users\TheIncredible\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\1&1 Surf-Stick\UIMain.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(XemiComputers ltd.) C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
() C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Sun Microsystems, Inc.) C:\Program Files\Gomez\GomezPEER\jre\bin\java.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\1&1 Surf-Stick\CMUpdater.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [UIExec] - C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-12-08] ()
HKLM\...\Run: [AlterGeoUpdater] - C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe [27680 2012-02-06] (AlterGeo)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [296096 2012-08-12] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [PrivitizeVPN] - C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe [196784 2013-02-25] (OOO Industry)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [Active Desktop Calendar] - C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [7099904 2010-12-15] (XemiComputers ltd.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableTskMgr] 0
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2648C4AA-62ED-4E4B-B6B6-B182C2CB2DE3} URL = http://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AlterGeoBHO Class - {9BFBA68E-E21B-458E-AE12-FE85E903D2C0} - C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5loc.dll No File
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{2AC3FF3A-1D67-420A-B694-C78CF909DD0E}: [NameServer]139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\TheIncredible\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\TheIncredible\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\TheIncredible\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\TheIncredible\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\battlefieldplay4free@ea.com
FF Extension: A Mystical Land Installer - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\MysticalLandInstaller@madottergames.com
FF Extension: D2N Agent - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\d2nagent@isaaclw.com.xpi
FF Extension: Die2nite map tool updater - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\die2nitemapupdater@rjdown.co.uk.xpi
FF Extension: Imgur Uploader - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\giorgio@gilestro.tk.xpi
FF Extension: Adblock Plus - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Greasemonkey - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha510.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff

Chrome: 
=======
CHR HomePage: about:blank
CHR RestoreOnStartup: ""
CHR Extension: (A Mystical Land Installer) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbokbdciknlbddfbblcochmpkilgddb\1.0.0.10_0
CHR Extension: (Skype Click to Call) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0
CHR Extension: (HTML5 location provider) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgcieglcpdegkhamigiokdphfhhnlhh\3.6.2_0
CHR Extension: (Google Wallet) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Webexp Enhanced) - C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjbnadgnhhkoohnkddbceoldfibijgpk\1.1_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nhgcieglcpdegkhamigiokdphfhhnlhh] - C:\Program Files\AlterGeo\Html5 geolocation provider\altergeo.crx
CHR HKLM\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
S2 d458591c; C:\ProgramData\Speed Streamer\SpeedStreamerSvc.dll [178000 2013-12-26] ()
S3 npggsvc; C:\windows\system32\GameMon.des [3890920 2010-06-17] (INCA Internet Co., Ltd.)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76888 2012-04-22] ()
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-06-02] ()
S3 MBAMSwissArmy; C:\windows\system32\drivers\mbamswissarmy.sys [40776 2013-12-27] (Malwarebytes Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-06] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U3 allh5elr; C:\Windows\System32\Drivers\allh5elr.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\THEINC~1\AppData\Local\Temp\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S0 sr; System32\DRIVERS\sr.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [x]
U3 mbr; \??\C:\Users\THEINC~1\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 22:35 - 2013-12-27 22:35 - 00000000 ____D C:\Users\TheIncredible\Downloads\FRST-OlderVersion
2013-12-27 18:53 - 2013-12-27 18:53 - 00018529 _____ C:\ComboFix.txt
2013-12-27 18:30 - 2013-12-27 18:54 - 00000000 ____D C:\ComboFix
2013-12-27 18:18 - 2013-12-27 18:21 - 05158590 ____R (Swearware) C:\Users\TheIncredible\Downloads\ComboFix.exe
2013-12-27 12:59 - 2013-12-27 12:59 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-27 12:43 - 2013-12-27 12:43 - 00000000 ____D C:\windows\ERUNT
2013-12-27 12:41 - 2013-12-27 12:41 - 01034531 _____ (Thisisu) C:\Users\TheIncredible\Downloads\JRT.exe
2013-12-27 12:31 - 2013-12-27 12:34 - 00000000 ____D C:\AdwCleaner
2013-12-27 12:30 - 2013-12-27 12:30 - 01233962 _____ C:\Users\TheIncredible\Downloads\adwcleaner.exe
2013-12-27 09:22 - 2013-12-27 09:23 - 00028547 _____ C:\Users\TheIncredible\Downloads\Addition.txt
2013-12-27 09:20 - 2013-12-27 22:35 - 00018324 _____ C:\Users\TheIncredible\Downloads\FRST.txt
2013-12-27 09:19 - 2013-12-27 22:35 - 01063657 _____ (Farbar) C:\Users\TheIncredible\Downloads\FRST.exe
2013-12-27 09:19 - 2013-12-27 22:35 - 00000000 ____D C:\FRST
2013-12-26 21:52 - 2013-12-26 21:52 - 00013021 _____ C:\Users\TheIncredible\Downloads\GMER.log
2013-12-26 21:32 - 2013-12-26 21:32 - 00377856 _____ C:\Users\TheIncredible\Downloads\qy2e5jwg.exe
2013-12-26 21:28 - 2013-12-26 21:30 - 00120944 _____ C:\Users\TheIncredible\Downloads\OTL.Txt
2013-12-26 21:11 - 2013-12-26 21:11 - 00000000 ____D C:\ProgramData\Speed Streamer
2013-12-26 21:09 - 2013-12-26 21:09 - 00602112 _____ (OldTimer Tools) C:\Users\TheIncredible\Downloads\OTL.exe
2013-12-23 09:32 - 2013-12-23 09:32 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\TheIncredible\Downloads\GyazoSetup.exe
2013-12-12 03:22 - 2013-12-12 11:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-12 00:56 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 00:56 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 00:55 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 00:55 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-12 00:55 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 00:55 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 00:55 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 00:54 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 00:54 - 2013-10-25 05:45 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 00:54 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 00:54 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-12 00:54 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 00:54 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-11 12:03 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 12:03 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 12:03 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 12:03 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 11:47 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 11:47 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 11:47 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 11:47 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 11:47 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 11:45 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 11:45 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-10 03:02 - 2013-12-27 03:01 - 00079308 _____ C:\windows\IE11_main.log
2013-12-09 20:06 - 2013-12-09 20:07 - 00000000 ____D C:\Program Files\QuickTime
2013-12-09 20:06 - 2013-12-09 20:06 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-09 17:44 - 2013-12-09 17:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-09 17:44 - 2013-12-09 17:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-09 17:44 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-12-09 17:44 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-12-09 17:44 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-12-09 17:44 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-12-09 17:42 - 2013-12-09 17:44 - 00004943 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-12-04 07:38 - 2013-12-04 07:38 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\Sony Online Entertainment
2013-12-04 01:58 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-12-04 01:58 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-12-04 01:58 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-12-04 01:58 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-12-04 01:58 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-12-04 01:58 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-12-04 01:58 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-12-04 01:58 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-12-04 01:58 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-12-04 01:58 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-12-04 01:58 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-12-04 01:58 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-12-04 01:58 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-12-04 01:58 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-12-04 01:58 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-12-04 01:58 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-12-04 01:58 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-12-04 01:58 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-27 22:36 - 2013-12-27 09:20 - 00018324 _____ C:\Users\TheIncredible\Downloads\FRST.txt
2013-12-27 22:35 - 2013-12-27 22:35 - 00000000 ____D C:\Users\TheIncredible\Downloads\FRST-OlderVersion
2013-12-27 22:35 - 2013-12-27 09:19 - 01063657 _____ (Farbar) C:\Users\TheIncredible\Downloads\FRST.exe
2013-12-27 22:35 - 2013-12-27 09:19 - 00000000 ____D C:\FRST
2013-12-27 22:33 - 2012-06-06 12:23 - 00000354 _____ C:\windows\Tasks\AlterGeoUpdaterS-1-5-18.job
2013-12-27 22:28 - 2011-08-03 10:24 - 00001152 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000UA.job
2013-12-27 22:28 - 2010-12-12 21:38 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\Skype
2013-12-27 22:27 - 2012-04-29 11:34 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 19:09 - 2010-06-02 14:52 - 01700780 _____ C:\windows\WindowsUpdate.log
2013-12-27 18:57 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 18:57 - 2009-07-14 05:34 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 18:54 - 2013-12-27 18:30 - 00000000 ____D C:\ComboFix
2013-12-27 18:53 - 2013-12-27 18:53 - 00018529 _____ C:\ComboFix.txt
2013-12-27 18:53 - 2011-01-05 17:22 - 00000000 ___DC C:\Users\TheIncredible\AppData\Local\Apps\2.0
2013-12-27 18:53 - 2010-11-29 08:08 - 00000000 ____D C:\Qoobox
2013-12-27 18:45 - 2010-12-17 08:25 - 00000432 _____ C:\windows\system32\Drivers\etc\hosts.ics
2013-12-27 18:45 - 2009-07-14 03:04 - 00000215 _____ C:\windows\system.ini
2013-12-27 18:44 - 2013-07-28 13:00 - 00002632 _____ C:\windows\setupact.log
2013-12-27 18:44 - 2013-07-28 12:59 - 00412672 _____ C:\windows\PFRO.log
2013-12-27 18:44 - 2012-04-11 06:54 - 00000388 _____ C:\windows\Tasks\QIPdater 2012.job
2013-12-27 18:44 - 2011-04-20 10:28 - 00000336 _____ C:\windows\Tasks\qipdater.exe.job
2013-12-27 18:44 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-27 18:21 - 2013-12-27 18:18 - 05158590 ____R (Swearware) C:\Users\TheIncredible\Downloads\ComboFix.exe
2013-12-27 17:44 - 2011-08-03 10:24 - 00001100 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000Core.job
2013-12-27 16:47 - 2009-07-14 03:37 - 00000000 ____D C:\windows\IME
2013-12-27 13:00 - 2010-11-14 17:45 - 00040776 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2013-12-27 12:59 - 2013-12-27 12:59 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-27 12:59 - 2010-11-14 17:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-27 12:43 - 2013-12-27 12:43 - 00000000 ____D C:\windows\ERUNT
2013-12-27 12:41 - 2013-12-27 12:41 - 01034531 _____ (Thisisu) C:\Users\TheIncredible\Downloads\JRT.exe
2013-12-27 12:34 - 2013-12-27 12:31 - 00000000 ____D C:\AdwCleaner
2013-12-27 12:33 - 2013-01-01 12:37 - 00000000 ____D C:\ProgramData\Uniblue
2013-12-27 12:30 - 2013-12-27 12:30 - 01233962 _____ C:\Users\TheIncredible\Downloads\adwcleaner.exe
2013-12-27 09:23 - 2013-12-27 09:22 - 00028547 _____ C:\Users\TheIncredible\Downloads\Addition.txt
2013-12-27 03:01 - 2013-12-10 03:02 - 00079308 _____ C:\windows\IE11_main.log
2013-12-26 21:52 - 2013-12-26 21:52 - 00013021 _____ C:\Users\TheIncredible\Downloads\GMER.log
2013-12-26 21:32 - 2013-12-26 21:32 - 00377856 _____ C:\Users\TheIncredible\Downloads\qy2e5jwg.exe
2013-12-26 21:30 - 2013-12-26 21:28 - 00120944 _____ C:\Users\TheIncredible\Downloads\OTL.Txt
2013-12-26 21:11 - 2013-12-26 21:11 - 00000000 ____D C:\ProgramData\Speed Streamer
2013-12-26 21:11 - 2011-03-02 01:01 - 01131008 ___SH C:\Users\TheIncredible\Downloads\Thumbs.db
2013-12-26 21:09 - 2013-12-26 21:09 - 00602112 _____ (OldTimer Tools) C:\Users\TheIncredible\Downloads\OTL.exe
2013-12-26 13:30 - 2011-08-03 10:44 - 00001022 _____ C:\windows\Tasks\Google Software Updater.job
2013-12-25 20:59 - 2010-10-15 23:10 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\TS3Client
2013-12-23 09:33 - 2011-12-11 00:29 - 00000944 _____ C:\Users\Public\Desktop\Gyazo.lnk
2013-12-23 09:33 - 2011-12-11 00:29 - 00000000 ____D C:\Program Files\Gyazo
2013-12-23 09:32 - 2013-12-23 09:32 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\TheIncredible\Downloads\GyazoSetup.exe
2013-12-21 12:19 - 2013-11-15 22:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-21 12:19 - 2012-05-04 07:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-17 16:28 - 2013-08-02 21:29 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-17 16:28 - 2012-07-09 16:58 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-17 16:28 - 2012-07-09 16:58 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-13 17:01 - 2011-06-05 00:37 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\.minecraft
2013-12-12 11:42 - 2013-12-12 03:22 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-12-12 05:45 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-12-12 01:36 - 2010-05-01 06:13 - 01500254 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-12 01:30 - 2009-07-14 05:33 - 00281424 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-12 01:28 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-12-12 01:02 - 2013-07-21 02:03 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 00:57 - 2010-10-14 14:00 - 88123800 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-11 21:26 - 2012-04-29 11:34 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-12-11 21:26 - 2011-05-19 15:51 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-09 20:07 - 2013-12-09 20:06 - 00000000 ____D C:\Program Files\QuickTime
2013-12-09 20:06 - 2013-12-09 20:06 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-09 17:58 - 2011-08-03 11:03 - 00002397 _____ C:\Users\TheIncredible\Desktop\Google Chrome.lnk
2013-12-09 17:44 - 2013-12-09 17:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-09 17:44 - 2013-12-09 17:44 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-09 17:44 - 2013-12-09 17:42 - 00004943 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-12-09 17:44 - 2010-10-13 21:56 - 00000000 ____D C:\Program Files\Java
2013-12-09 17:40 - 2010-10-15 17:37 - 00000000 ___DC C:\Users\TheIncredible\AppData\Local\Adobe
2013-12-04 18:06 - 2013-07-28 09:54 - 00000000 ____D C:\Program Files\Villagers and Heroes
2013-12-04 07:38 - 2013-12-04 07:38 - 00000000 ____D C:\Users\TheIncredible\AppData\Roaming\Sony Online Entertainment
2013-11-28 16:21 - 2011-01-15 13:59 - 00004643 _____ C:\Users\TheIncredible\Desktop\Ablage.txt

Some content of TEMP:
====================
C:\Users\TheIncredible\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 05:33

==================== End Of Log ============================

#12 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
(Sun Microsystems, Inc.) C:\Program Files\Gomez\GomezPEER\jre\bin\java.exe
HKCU\...\Policies\system: [DisableTskMgr] 0
SearchScopes: HKLM - DefaultScope value is missing.
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha510.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ffCHR HKLM\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx
C:\ProgramData\Uniblue

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.
__________
MfG Argus

#13 GomezPEER ist übrigens ein gewolltes Programm

Code

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2013 01
Ran by TheIncredible at 2013-12-28 15:04:57 Run:1
Running from C:\Users\TheIncredible\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
(Sun Microsystems, Inc.) C:\Program Files\Gomez\GomezPEER\jre\bin\java.exe
HKCU\...\Policies\system: [DisableTskMgr] 0
SearchScopes: HKLM - DefaultScope value is missing.
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha510.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ffCHR HKLM\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx
C:\ProgramData\Uniblue
*****************

C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe => Moved successfully.
C:\Program Files\Gomez\GomezPEER\jre\bin\java.exe => No running process found
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTskMgr => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha510.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ffCHR HKLM\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk => Value not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pjbnadgnhhkoohnkddbceoldfibijgpk => Key deleted successfully.
"C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx" => File/Directory not found.
C:\ProgramData\Uniblue => Moved successfully.


The system needs a manual reboot. 

==== End of Fixlog ====

#14 Downloade dir bitte delfix auf deinen Desktop.
http://filepony.de/download-delfix/
Schliesse alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.

Klicke auf Start.
DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.


Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen

Starte Zoek.exe mit einem Doppelklick.

Nun klicke auf "Run script" und im nächsten Fenster klicke OK.
Und sei geduldig bis das Skript durchläuft.(bis zu eine halbe Stunde)
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log
__________
MfG Argus

#15

Code

Zoek.exe v5.0.0.0 Updated 23-December-2013
Tool run by TheIncredible on 28.12.2013 at 15:49:11,53.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Downloads\zoek.com [Scan all users]   [Quick Scan] [Auto Clean]

==== System Restore Info ======================

28.12.2013 15:51:39 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\Free Download Manager deleted
C:\Program Files\SopCast deleted
C:\Program Files\PrivitizeVPN deleted
C:\Program Files\AlterGeo deleted
C:\ProgramData\InstallMate deleted
C:\ProgramData\Free Download Manager deleted
C:\Users\TheIncredible\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN deleted
"C:\Users\TheIncredible\AppData\Roaming\start" deleted
"C:\Users\TheIncredible\AppData\Roaming\YoudaGames" deleted

==== Files Recently Created / Modified ======================

====== C:\windows ====
====== C:\Users\THEINC~1\AppData\Local\Temp ====
2013-12-27 17:48:50    3FDA7F7E115B4F266DBDF85FD1733ECC    2593168    ----a-w-    C:\Users\TheIncredible\AppData\Local\Temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
====== Java Cache =====
2013-12-26 22:30:43    936EE321D771216A8CAFDAA247CFED57    160014    ----a-w-    C:\Users\TheIncredible\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\478b4219-406f33c0
2013-12-26 22:30:39    CC2456009EF1A2D46637C79BE11A95D4    37    ----a-w-    C:\Users\TheIncredible\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\3600b9f8-6.0.lap
====== C:\windows\system32 =====
====== C:\windows\system32\drivers =====
2013-12-11 11:03:06    EB6137D696A9B4E9718AC6F8641CB4C9    177152    ----a-w-    C:\windows\System32\drivers\portcls.sys
2013-12-11 11:03:06    9842041E2F5ACE1E2F5FB4EF02053DC8    81408    ----a-w-    C:\windows\System32\drivers\drmk.sys
2013-12-04 00:58:23    D7C760D57B1656DD748B9E4AB6CB5A51    136640    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2013-12-04 00:58:23    85449EEBE8F8EBD6481EFBF0F352B4EB    369848    ----a-w-    C:\windows\System32\drivers\cng.sys
2013-12-04 00:58:22    F286830298323272260332D6ABC905C1    67520    ----a-w-    C:\windows\System32\drivers\ksecdd.sys
====== C:\windows\Tasks ======
2013-12-04 06:37:55    993C084BF0582750AC92472512628AFA    3202    ----a-w-    C:\windows\system32\Tasks\{1F006791-848F-493D-A00E-C85E003B9DF7}
====== C:\windows\Temp ======
======= C:\Program Files =====
2013-12-12 02:22:12    --------    d-----w-    C:\Program Files\Mozilla Thunderbird
2013-12-09 19:06:36    --------    d-----w-    C:\Program Files\QuickTime
2013-12-09 16:44:33    --------    d-----w-    C:\Program Files\Common Files\Java
======= C: =====
2013-12-28 14:49:09    4D0A7BA8CB50D40551975B50F7D5EBB9    2770    ----a-w-    C:\runcheck.txt
2013-12-28 14:43:57    339A681A6BE62303279C1C829A32AF33    1434    ----a-w-    C:\DelFix.txt
====== C:\Users\TheIncredible\AppData\Roaming ======
2013-12-27 17:53:54    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2013-12-27 17:53:54    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2013-12-27 17:53:54    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
2013-12-23 10:49:51    648432A4F9F43E81645A117354744143    1911568    ----a-w-    C:\windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2013-12-23 08:33:07    --------    dc----w-    C:\Users\TheIncredible\AppData\Local\Programs
2013-12-04 06:38:01    --------    d-----w-    C:\Users\TheIncredible\AppData\Roaming\Sony Online Entertainment
====== C:\Users\TheIncredible ======
2013-12-26 20:11:43    --------    d-----w-    C:\ProgramData\Speed Streamer
2013-12-23 08:32:45    01C73A1FE2F55C2B341333EC8EE45D8B    6013024    ----a-w-    C:\Users\TheIncredible\Downloads\GyazoSetup.exe
2013-12-09 19:07:18    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2013-12-09 19:06:24    --------    d-----w-    C:\ProgramData\Apple Computer
2013-12-09 16:44:35    --------    d-----w-    C:\ProgramData\Oracle
2013-12-09 16:42:52    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

====== C: exe-files ==
2013-12-28 14:45:30    2308DD40898EB87A05E038BB69B42A4E    544    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-3057453558-2748806148-3635864978-1000\$ITV50U3.exe
2013-12-28 14:43:37    E6D44759CACDAD4053872E0EC9203189    788480    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\tld_cleanup.exe
2013-12-28 14:43:37    E66F2B38286A47635FB0B777B8404036    1213440    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\gomezchromeagent.exe
2013-12-28 14:43:37    D761BEE115394E3CB0C93902BAED5455    873984    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\delegate_execute.exe
2013-12-28 14:43:37    C56D90F033FA97BA664CBEBE834D3AB9    793600    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\protoc.exe
2013-12-28 14:43:37    BDE481AAC311902FC8B283EB6395D3D1    60928    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\libvpx_obj_int_extract.exe
2013-12-28 14:43:37    B444D885AD06A1DFAA37B51A50537609    61440    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\genversion.exe
2013-12-28 14:43:37    B416541E9B790F11FDA64442D4DBE254    57856    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\genmodule.exe
2013-12-28 14:43:37    9FC2268A007F704D2B601EF452C41E10    56320    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\genstring.exe
2013-12-28 14:43:37    9F1AE66D7954FE2E0909A5EBC6B94798    67072    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\wow_helper.exe
2013-12-28 14:43:37    8E30AA3606546980502918B629900D5E    289280    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\metro_driver_unittests.exe
2013-12-28 14:43:37    5A3D4765A6BF76B4C93B25A083F1F4BB    56832    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\genmacro.exe
2013-12-28 14:43:37    3390A3BF73F98EA315FD35F148C8557E    98304    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\re2c.exe
2013-12-28 14:43:37    31846374DCD83B566428D030CD40E923    2437632    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\mksnapshot.exe
2013-12-28 14:43:37    209A615FE4293C044B3656172CB99AC5    556544    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\yasm.exe
2013-12-28 14:43:37    1C4C8AE5BF22DD39C2E8FC6CB4EC6286    87552    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\chrome\runtime\genperf.exe
2013-12-28 14:43:27    FEA8738146AD244ED3467677E3A31C60    9728    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\gozilla\runtime\plugin-container.exe
2013-12-28 14:43:27    B942D949EFDDDE5BD0E39421DDB187C3    53248    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\gozilla\runtime\gozilla.exe
2013-12-28 14:43:27    877DB19DBF0E3C0B223EF98828E83EE9    106496    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\gozilla\runtime\maintenanceservice.exe
2013-12-28 14:43:27    69E0A4B34F69FD7A77CB7A23F9AAC03E    892228    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\gozilla\runtime\uninstall\helper.exe
2013-12-28 14:43:27    681805C7922EC4B2E60A0ABCAA839B4C    55808    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\gozilla\runtime\crashreporter.exe
2013-12-28 14:43:27    6715919A3CEA490D13381E0FCBF32D84    258560    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\gozilla\runtime\updater.exe
2013-12-28 14:43:27    53607FCEAAEBA089DA21486F45CCEA01    185458    ----a-w-    C:\Program Files\Gomez\GomezPEER\agents\gozilla\runtime\maintenanceservice_installer.exe
2013-12-28 14:41:05    0A8A57793279A1F9696208AC2F66863D    73728    ----a-w-    C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
2013-12-28 14:04:54    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\TheIncredible\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GKX52XV\FRST[2].exe
2013-12-28 14:04:44    3747EDD7A191B32AC32D2DE72B52AC77    1064037    ----a-w-    C:\Users\TheIncredible\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DC1G0D4\FRST[2].exe
2013-12-27 23:29:23    8E004049D12212786018DF7EA7E1AA44    544    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-3057453558-2748806148-3635864978-1000\$IJHUF7M.exe
2013-12-27 21:34:55    7DD862C45F1EBDBA2DC3ED939E21212B    1063657    ----a-w-    C:\Users\TheIncredible\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GKX52XV\FRST[1].exe
2013-12-27 08:19:20    7DD862C45F1EBDBA2DC3ED939E21212B    1063657    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-3057453558-2748806148-3635864978-1000\$RCYLL4Z\FRST.exe
2013-12-26 20:32:47    60BF4AE8CC40B0E3E28613657ED2EED8    377856    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-3057453558-2748806148-3635864978-1000\$RTV50U3.exe
2013-12-25 17:39:28    BF258A9ED18B9581068F9A0DC750C72F    502400    ----a-w-    C:\Program Files\gPotato\Age of Wulin\updater_\fxupdate.exe
2013-12-23 08:33:10    89F6BF51B64459B16E67D2FF81496CDC    12237536    ----a-w-    C:\Program Files\Gyazo\X264.exe
2013-12-23 08:33:10    7BF0B518C25371CA5B14C456CA90C6D9    264928    ----a-w-    C:\Program Files\Gyazo\GyazoGIF.45.exe
2013-12-23 08:33:09    DDE16105862139906957070ADC7F5B65    2990304    ----a-w-    C:\Program Files\Gyazo\GyStation.exe
2013-12-23 08:33:09    AB91E9912DBE12DF30ADECE71E6BF0A8    1169640    ----a-w-    C:\Program Files\Gyazo\unins000.exe
2013-12-23 08:33:09    4CB93CED51BAF62F412B0F41187F2F12    153824    ----a-w-    C:\Program Files\Gyazo\GyazoGIF.exe
2013-12-23 08:33:09    15BC52F2B98DCA1C6FE5A591A6E26B0F    94432    ----a-w-    C:\Program Files\Gyazo\GyazoGIF.35.exe
2013-12-23 08:32:45    01C73A1FE2F55C2B341333EC8EE45D8B    6013024    ----a-w-    C:\Users\TheIncredible\Downloads\GyazoSetup.exe
=== C: other files ==
2013-12-23 08:27:35    5ED064EA37522CBD4DCB8E6A9F21C552    77652    ----a-w-    C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\extensions\giorgio@gilestro.tk.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AlterGeoUpdater"="C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe"

[HKEY_USERS\S-1-5-21-3057453558-2748806148-3635864978-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"AlterGeoUpdater"="C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="C:\Program Files\Windows Live\Installer\wlstart.exe /nosearch /nohomepage"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="C:\Program Files\Windows Live\Installer\wlstart.exe /nosearch /nohomepage"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"EnergyUtility"="C:\Program Files\Lenovo\Energy Management\utility.exe"
"Energy Management"="C:\Program Files\Lenovo\Energy Management\Energy Management.exe"
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript"
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"UIExec"="C:\Program Files\1&1 Surf-Stick\UIExec.exe"
"AlterGeoUpdater"="C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe -osboot"
"DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe"
"PrivitizeVPN"="C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe /autorun"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Folders ======================

2011-07-15 10:35:53    1247    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GomezPEER.lnk

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\windows\tasks\AlterGeoUpdaterS-1-5-18.job --a------ C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe []
C:\windows\tasks\Google Software Updater.job --a------ [Undetermined Task]
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000Core.job --a------ [Undetermined Task]
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000UA.job --a------ C:\Users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe [03.08.2011 10:23]
C:\windows\tasks\QIPdater 2012.job --a------ C:\C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qipdater.exe []
C:\windows\tasks\qipdater.exe.job --a------ C:\Program Files\jeak.de\QIP 2010\qipdater.exe [01.07.2011 14:34]

==== Other Scheduled Tasks ======================

"C:\windows\system32\tasks\Adobe Flash Player Updater" [C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\system32\tasks\AlterGeoUpdaterS-1-5-18" [C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe]
"C:\windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\windows\system32\tasks\Google Software Updater" [C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe]
"C:\windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000Core" [C:\Users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-3057453558-2748806148-3635864978-1000UA" [C:\Users\TheIncredible\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\system32\tasks\QIPdater 2012" [C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qipdater.exe]
"C:\windows\system32\tasks\qipdater.exe" [C:\Program Files\jeak.de\QIP 2010\qipdater.exe]
"C:\windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-3057453558-2748806148-3635864978-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-3057453558-2748806148-3635864978-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\windows\system32\tasks\{22116563-108C-42c0-A7CE-60161B75E508}" [C:\Users\TheIncredible\AppData\Local\Temp\Pbm.exe]
"C:\windows\system32\tasks\{27EE7494-657B-4355-B236-AD07C24E30D0}" [E:\AUTORUN\W2.EXE]
"C:\windows\system32\tasks\{3B566F2E-FCD3-44C5-80A2-045CF996E467}" [C:\ANSTOSS 3\anstoss3.exe]
"C:\windows\system32\tasks\{A738EBE8-9119-4FC4-8E61-3A9BE4D4E047}" [C:\ANSTOSS 3\anstoss3.exe]
"C:\windows\system32\tasks\{B9D73CAD-8CCB-43E3-B001-A9B264E7E36F}" [C:\Program Files\Skype\\Phone\Skype.exe]
"C:\windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ext@WebexpEnhancedV1alpha510.net"="C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- A Mystical Land Installer - %ProfilePath%\extensions\MysticalLandInstaller@madottergames.com
- D2N Agent - %ProfilePath%\extensions\d2nagent@isaaclw.com.xpi
- Die2nite map tool updater - %ProfilePath%\extensions\die2nitemapupdater@rjdown.co.uk.xpi
- Imgur Uploader - %ProfilePath%\extensions\giorgio@gilestro.tk.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193
F891089A6AB9E12FEDEBCC5EC0F40D66    - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll -    Shockwave Flash
871C7A4B3466ED1B1D1D7588D14EC816    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.4
C36444D7301A8C881FC7296B092609C7    - C:\Users\TheIncredible\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll -    Google Update
6768C724599214E4F9ADD9F8FF5097EB    - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -    Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853    - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 7.0.450.18
69AA47F09AA281C7D3C7716CA7E283B4    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
380F9A643A149B9030142E7171EFA91B    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
BE501CBC29B2025A263D80D399F1797A    - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll -    Silverlight Plug-In
818707BABCB3CAFA08C0A49EBB69DBA1    - C:\Program Files\DivX\DivX Web Player\npdivx32.dll -    DivX Plus Web Player
045DCEC5BBF3C9F4A0788FDF90B1DEDE    - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll -    Battlefield Play4Free Updater
256C847CD03160C9088FB440DB929448    - c:\program files\real\realplayer\Netscape6\nprjplug.dll -    RealJukebox NS Plugin
555E65306A5D3A5978BE74E1DD62CDD9    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -    RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -    RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
2DC6257A367A6182E40F748D0396AAF9    - c:\program files\real\realplayer\Netscape6\nppl3260.dll -    RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
1E3AA02F2C91A2B25EFB4E355160CDCA    - c:\program files\real\realplayer\Netscape6\nprpplugin.dll -    RealPlayer Download Plugin
DE1121333E9AE62DDDE4EA02F4FEA887    - C:\Users\TheIncredible\AppData\Roaming\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\extensions\MysticalLandInstaller@madottergames.com\plugins\NPMysticalLandInstaller.dll -    Mystical Land Installer
A7070264EE3E75C98F1681A2C6A18CBA    - C:\Users\TheIncredible\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll -    Kalydo Player Plugin for Mozilla
358878E398AB0FB8B1EE176C2E3EDF48    - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll -    Google Updater
576C325A4EDCF05787AB692A2BE1BA68    - C:\Program Files\Veetle\plugins\npVeetle.dll -    Veetle TV Core
B938C1AE3ADCE166190895685B0BEB0D    - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll -    DivX VOD Helper Plug-in
AC421A44DE902F2627F1E63793ED89CD    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live? Photo Gallery
866B027053F3A40BC36126D265C78E96    - C:\Program Files\Veetle\Player\npvlc.dll -    Veetle TV Player
8E9A08E2092B3E1ADFF3C46BC1A5124B    - C:\windows\system32\TVUAx\npTVUAx.dll -    TVU Web Player for FireFox
09B4E13D25623D879D35286E2D29FF13    - C:\Users\TheIncredible\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
B27CCB1168B1960AEC6E9D3E0E0F0D2A    - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll -    Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10.10.2011 10:09]
nhgcieglcpdegkhamigiokdphfhhnlhh - C:\Program Files\AlterGeo\Html5 geolocation provider\altergeo.crx[]

A Mystical Land Installer - TheIncredible - Default\Extensions\lgbokbdciknlbddfbblcochmpkilgddb
Skype Click to Call - TheIncredible - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
HTML5 location provider - TheIncredible - Default\Extensions\nhgcieglcpdegkhamigiokdphfhhnlhh
Google Wallet - TheIncredible - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Webexp Enhanced - TheIncredible - Default\Extensions\pjbnadgnhhkoohnkddbceoldfibijgpk
DefaultTab - C:\windows\system32\config\systemprofile - Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

==== Chrome Fix ======================

C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgcieglcpdegkhamigiokdphfhhnlhh deleted successfully
C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{2648C4AA-62ED-4E4B-B6B6-B182C2CB2DE3} Google  Url="http://www.google.de/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{E88E0043-C9D4-4e33-8555-FEE4F5B63060} mail.ru: ????? ? ????????? Url="http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@WebexpEnhancedV1alpha510.net deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3B3DF0B0-5BE8-46A1-A44A-13CAE0DED246} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{897D7752-328B-4C42-4BAB-EBFEFEBAC11E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nhgcieglcpdegkhamigiokdphfhhnlhh deleted successfully

==== Empty IE Cache ======================

C:\Users\TheIncredible\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TheIncredible\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\TheIncredible\AppData\Local\Mozilla\Firefox\Profiles\hhx66r4o.default-1361833139193\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\TheIncredible\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=423 folders=90 16638040 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\TheIncredible\AppData\Local\Temp  will be emptied at reboot
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\THEINC~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 28.12.2013 at 16:17:50,45 ======================