Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by SYSTEM on MININT-3ULFC29 on 05-11-2013 23:02:28 Running from H:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software) HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe HKU\Roland\...\Run: [Spiele Post] - C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [480328 2013-04-24] (Intenium) HKU\Roland\...\Policies\system: [DisableLockWorkstation] 0 HKU\Roland\...\Policies\system: [DisableChangePassword] 0 ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182840 2012-11-21] (Soluto) ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-09] () S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-09] () S3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-12] (Duplex Secure Ltd.) S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x] S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-06 02:03 - 2013-11-06 06:58 - 00000000 ____D C:\ProgramData\Recovery 2013-11-05 23:02 - 2013-11-05 23:02 - 00000000 ____D C:\FRST 2013-11-05 21:04 - 2013-11-05 21:05 - 00362920 _____ C:\Windows\Minidump\110513-25833-01.dmp 2013-11-05 20:44 - 2013-11-05 20:44 - 00003608 ____N C:\bootsqm.dat 2013-11-05 17:37 - 2013-11-05 17:37 - 00362920 _____ C:\Windows\Minidump\110513-49982-01.dmp 2013-11-05 16:32 - 2013-11-05 16:32 - 00362920 _____ C:\Windows\Minidump\110513-38111-01.dmp 2013-11-04 20:24 - 2013-11-04 20:24 - 00362920 _____ C:\Windows\Minidump\110413-40029-01.dmp 2013-11-04 20:16 - 2013-11-04 20:16 - 00362920 _____ C:\Windows\Minidump\110413-29421-01.dmp 2013-11-04 20:12 - 2013-11-04 20:12 - 00362912 _____ C:\Windows\Minidump\110413-31340-01.dmp 2013-10-31 19:49 - 2013-11-05 05:45 - 00000000 ____D C:\Users\Roland\Desktop\Lösung für Haus der 1.000 Türen Die Feuerschlangen bei Gamesetter.com-Dateien 2013-10-31 19:49 - 2013-10-31 19:58 - 00111424 _____ C:\Users\Roland\Desktop\Lösung für Haus der 1.000 Türen Die Feuerschlangen bei Gamesetter.com.htm 2013-10-31 10:37 - 2013-11-05 05:45 - 00000000 ____D C:\Program Files (x86)\Haus der 1000 Tueren - Die Feuerschlangen 2013-10-12 18:55 - 2013-10-13 19:29 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Natural Threat.Ominous Shores 2013-10-12 18:54 - 2013-10-12 18:54 - 00002166 _____ C:\Users\Public\Desktop\Spiel Natuerliche Bedrohung - Unheilvolle Insel.lnk 2013-10-12 18:54 - 2013-10-12 18:54 - 00001312 _____ C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk 2013-10-12 18:52 - 2013-10-12 18:54 - 00000000 ____D C:\Program Files (x86)\Natuerliche Bedrohung - Unheilvolle Insel 2013-10-12 18:38 - 2013-10-12 18:38 - 00236648 _____ (Big Fish Games) C:\Users\Roland\Downloads\bigfishgames_p194612185_s2_l2.exe 2013-10-10 14:32 - 2013-10-10 14:32 - 00001173 _____ C:\Users\Roland\Downloads\Beckett_Katz-und-Maus.-Rowohlt-E-Book-(1).acsm 2013-10-10 14:31 - 2013-10-10 14:31 - 00001173 _____ C:\Users\Roland\Downloads\Beckett_Katz-und-Maus.-Rowohlt-E-Book-.acsm 2013-10-10 14:27 - 2013-10-10 14:27 - 00488419 _____ C:\Users\Roland\Downloads\Cross_Racheopfer.epub 2013-10-06 12:28 - 2013-10-06 12:28 - 00002043 _____ C:\Users\Public\Desktop\Spiel Awakening 2 - Der Mondenwald.lnk 2013-10-06 12:28 - 2013-10-06 12:28 - 00000000 ____D C:\Program Files (x86)\Awakening 2 - Der Mondenwald 2013-10-06 12:24 - 2013-10-06 12:24 - 00236648 _____ (Big Fish Games) C:\Users\Roland\Downloads\bigfishgames_p194102981_s2_l2(1).exe 2013-10-06 12:23 - 2013-10-06 12:24 - 00236648 _____ (Big Fish Games) C:\Users\Roland\Downloads\bigfishgames_p194102981_s2_l2.exe 2013-10-06 12:20 - 2013-10-06 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-11-06 06:58 - 2013-11-06 02:03 - 00000000 ____D C:\ProgramData\Recovery 2013-11-05 23:02 - 2013-11-05 23:02 - 00000000 ____D C:\FRST 2013-11-05 22:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-05 22:21 - 2011-11-09 14:18 - 00018343 _____ C:\Windows\setupact.log 2013-11-05 21:56 - 2012-10-09 11:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-11-05 21:05 - 2013-11-05 21:04 - 00362920 _____ C:\Windows\Minidump\110513-25833-01.dmp 2013-11-05 21:04 - 2012-02-19 10:52 - 283286543 _____ C:\Windows\MEMORY.DMP 2013-11-05 21:04 - 2011-10-14 09:26 - 00000000 ____D C:\Windows\Minidump 2013-11-05 20:44 - 2013-11-05 20:44 - 00003608 ____N C:\bootsqm.dat 2013-11-05 17:51 - 2010-12-25 04:23 - 01641207 _____ C:\Windows\WindowsUpdate.log 2013-11-05 17:41 - 2010-07-20 22:46 - 00654150 _____ C:\Windows\System32\perfh007.dat 2013-11-05 17:41 - 2010-07-20 22:46 - 00130022 _____ C:\Windows\System32\perfc007.dat 2013-11-05 17:41 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI 2013-11-05 17:37 - 2013-11-05 17:37 - 00362920 _____ C:\Windows\Minidump\110513-49982-01.dmp 2013-11-05 16:38 - 2012-10-09 10:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-05 16:32 - 2013-11-05 16:32 - 00362920 _____ C:\Windows\Minidump\110513-38111-01.dmp 2013-11-05 05:45 - 2013-10-31 19:49 - 00000000 ____D C:\Users\Roland\Desktop\Lösung für Haus der 1.000 Türen Die Feuerschlangen bei Gamesetter.com-Dateien 2013-11-05 05:45 - 2013-10-31 10:37 - 00000000 ____D C:\Program Files (x86)\Haus der 1000 Tueren - Die Feuerschlangen 2013-11-05 05:45 - 2011-05-31 11:29 - 00000000 ____D C:\Users\Roland\AppData\Local\Hewlett-Packard 2013-11-05 05:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-11-04 20:24 - 2013-11-04 20:24 - 00362920 _____ C:\Windows\Minidump\110413-40029-01.dmp 2013-11-04 20:16 - 2013-11-04 20:16 - 00362920 _____ C:\Windows\Minidump\110413-29421-01.dmp 2013-11-04 20:12 - 2013-11-04 20:12 - 00362912 _____ C:\Windows\Minidump\110413-31340-01.dmp 2013-11-04 20:07 - 2012-10-09 11:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-04 19:55 - 2011-05-31 09:56 - 00444778 _____ C:\Windows\PFRO.log 2013-11-04 19:54 - 2009-07-14 05:45 - 00023024 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-04 19:54 - 2009-07-14 05:45 - 00023024 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-04 19:51 - 2013-05-22 18:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-04 19:51 - 2012-10-09 11:21 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-11-04 19:48 - 2011-05-31 11:18 - 00000000 ____D C:\users\Roland 2013-11-02 19:42 - 2013-07-13 09:33 - 00000000 ____D C:\BigFishCache 2013-10-31 19:58 - 2013-10-31 19:49 - 00111424 _____ C:\Users\Roland\Desktop\Lösung für Haus der 1.000 Türen Die Feuerschlangen bei Gamesetter.com.htm 2013-10-27 15:45 - 2011-09-04 15:44 - 00000000 ____D C:\Users\Roland\Documents\Ramona 2013-10-25 16:31 - 2013-05-02 17:31 - 00000000 ____D C:\Users\Roland\AppData\Roaming\EnchantedCavern2 2013-10-21 17:35 - 2012-03-07 14:46 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRoland 2013-10-21 17:35 - 2012-03-07 14:46 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForRoland.job 2013-10-16 13:23 - 2011-10-28 17:05 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-10-16 13:23 - 2011-06-01 09:03 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-10-16 10:11 - 2012-10-09 11:21 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-13 19:29 - 2013-10-12 18:55 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Natural Threat.Ominous Shores 2013-10-12 18:54 - 2013-10-12 18:54 - 00002166 _____ C:\Users\Public\Desktop\Spiel Natuerliche Bedrohung - Unheilvolle Insel.lnk 2013-10-12 18:54 - 2013-10-12 18:54 - 00001312 _____ C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk 2013-10-12 18:54 - 2013-10-12 18:52 - 00000000 ____D C:\Program Files (x86)\Natuerliche Bedrohung - Unheilvolle Insel 2013-10-12 18:38 - 2013-10-12 18:38 - 00236648 _____ (Big Fish Games) C:\Users\Roland\Downloads\bigfishgames_p194612185_s2_l2.exe 2013-10-10 14:32 - 2013-10-10 14:32 - 00001173 _____ C:\Users\Roland\Downloads\Beckett_Katz-und-Maus.-Rowohlt-E-Book-(1).acsm 2013-10-10 14:32 - 2012-12-27 19:54 - 00000000 ____D C:\Users\Roland\Documents\My Digital Editions 2013-10-10 14:31 - 2013-10-10 14:31 - 00001173 _____ C:\Users\Roland\Downloads\Beckett_Katz-und-Maus.-Rowohlt-E-Book-.acsm 2013-10-10 14:27 - 2013-10-10 14:27 - 00488419 _____ C:\Users\Roland\Downloads\Cross_Racheopfer.epub 2013-10-09 16:01 - 2012-10-09 11:21 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-09 16:01 - 2012-10-09 11:21 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-09 14:10 - 2012-10-09 10:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 14:10 - 2012-10-09 10:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-09 14:10 - 2012-06-03 12:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-09 14:07 - 2013-08-07 16:07 - 00000000 ____D C:\Windows\System32\MRT 2013-10-09 14:00 - 2011-06-20 09:37 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-10-08 19:38 - 2012-10-09 10:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-08 19:38 - 2012-10-09 10:45 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-08 19:38 - 2011-05-31 12:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-07 14:19 - 2011-05-31 12:12 - 00000000 ____D C:\Users\Roland\AppData\Local\Mozilla 2013-10-06 12:29 - 2012-03-12 17:49 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Boomzap 2013-10-06 12:28 - 2013-10-06 12:28 - 00002043 _____ C:\Users\Public\Desktop\Spiel Awakening 2 - Der Mondenwald.lnk 2013-10-06 12:28 - 2013-10-06 12:28 - 00000000 ____D C:\Program Files (x86)\Awakening 2 - Der Mondenwald 2013-10-06 12:24 - 2013-10-06 12:24 - 00236648 _____ (Big Fish Games) C:\Users\Roland\Downloads\bigfishgames_p194102981_s2_l2(1).exe 2013-10-06 12:24 - 2013-10-06 12:23 - 00236648 _____ (Big Fish Games) C:\Users\Roland\Downloads\bigfishgames_p194102981_s2_l2.exe 2013-10-06 12:20 - 2013-10-06 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox Some content of TEMP: ==================== C:\Users\Roland\AppData\Local\Temp\6r-s1jpm.dll C:\Users\Roland\AppData\Local\Temp\aiw794075712.DLL C:\Users\Roland\AppData\Local\Temp\aiw794076975.EXE C:\Users\Roland\AppData\Local\Temp\AskSLib.dll C:\Users\Roland\AppData\Local\Temp\bfguni.exe C:\Users\Roland\AppData\Local\Temp\DTLite4471-0337.exe C:\Users\Roland\AppData\Local\Temp\Extract.exe C:\Users\Roland\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Roland\AppData\Local\Temp\JiveXViewerStart1335429919.exe C:\Users\Roland\AppData\Local\Temp\JiveXViewerStart1345654201.exe C:\Users\Roland\AppData\Local\Temp\JiveXViewerStart1350131421.exe C:\Users\Roland\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Roland\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Roland\AppData\Local\Temp\nbpcu_ae.dll C:\Users\Roland\AppData\Local\Temp\oalinst.exe C:\Users\Roland\AppData\Local\Temp\Resource.exe C:\Users\Roland\AppData\Local\Temp\SP56215.exe C:\Users\Roland\AppData\Local\Temp\SP56221.exe C:\Users\Roland\AppData\Local\Temp\sp58915.exe C:\Users\Roland\AppData\Local\Temp\tempmessage.bfg C:\Users\Roland\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Roland\AppData\Local\Temp\vcredist_x86.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 2933.86 MB Available physical RAM: 2365.23 MB Total Pagefile: 2932.01 MB Available Pagefile: 2368.24 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:280.96 GB) (Free:162.39 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:16.83 GB) (Free:2.44 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 Drive g: (GRMCPRXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF Drive h: (STORE N GO) (Removable) (Total:28.84 GB) (Free:10.99 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: CB9E9924) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=29 GB) - (Type=0C) LastRegBack: 2013-10-21 13:11 ==================== End Of Log ============================