Guten Morgen, vorgestern Nacht habe ich mir auf meinem Systerm einen Trojaner eingefangen, der es nicht zulässt auf meine Word, Excel und jpg Bilder zuzugreifen. Nachdem ich hier im Thread dazu einiges gelesen habe, entschloss mich das System neu aufzusetzen, damit der Trojaner entfernt wird. Also wurde Windows7 auf der C: Festplatte neu installiert und habe dann aus meinem mit Paragon Software erstellten Backup die Archieve wieder einspielen lassen, sodaß das System jetzt einwandfrei funktioniert. Leider sind nach wie vor die hälfte meiner Bilder und sämtliche Office Dateinen weiterhin unzugänglich. Das System konnte für die Mehrzahl der Bilder eine Sicherheitskopie erstellen, wodurch die Bilder gerettet sind. Mein Problem sind meine Word Dateien, da dort Lebensläufe und Bewerbungen geschrieben wurde. Auch hat der Trojaner auf Dropbox zugriff gehabt, wobei jetzt auf allen Geräten, wie Tab und Smartphones auch dort die Office Dateinen zugänglich sind. Gibt es jemanden hier im Forum der mir per Fernüberwachungssoftware Teamviewer auf meinen Rechner zugreifen kann und mir die Dateien wieder herstellen kann?

Ich würde mich freuen wenn jemand Helfen könnte. Anbei die Textdateinen von OTL:


OTL Extras logfile created on: 23.07.2013 21:42:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mahdi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,97 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 79,12% Memory free
15,95 Gb Paging File | 14,11 Gb Available in Paging File | 88,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 33,12 Gb Free Space | 27,78% Space Free | Partition Type: NTFS
Drive D: | 1862,92 Gb Total Space | 1356,63 Gb Free Space | 72,82% Space Free | Partition Type: NTFS
Drive F: | 2,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MAHDI-PC | User Name: Mahdi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EFE63F9C-545D-4272-A4DB-24B54BFD1100}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B881E4F-71C2-4D88-96FF-46BE5F177559}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0E61C233-6C2B-4D24-8207-D1F43E425147}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{242242AC-B6EA-4B8D-8838-9C9D42CBD91B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{3DBA76A3-6078-4BAD-B4E7-9B57B35A9B86}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{571A3519-21A0-4AD7-B9D3-366378CB6D1C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{61AB0604-1A94-4347-A3A5-AEAB17D627BC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6B1F8182-0829-4375-B72C-6632A21DDCCA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C127B28B-6B6D-44F3-AE59-A3641E01F502}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"{CCA0341A-ABA1-4F39-86AA-F41B3D66918D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D1381E62-3296-49B8-AC76-A85351F5CF3F}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{DBA528A1-1209-43FE-8B37-70163E318025}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DD3FE778-8BCC-4D51-BD14-579E79B7EF2D}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{F3E849F1-EF01-414E-B079-2BB8A1A27595}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{F493B313-A592-4179-919F-3CAF21AB17DF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FC99E84E-376E-4ED4-B3C0-05BDBF142239}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{120F2308-86AE-E1BB-E0AE-F598807DFCE5}" = ATI AVIVO64 Codecs
"{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}" = Paragon Backup & Recovery™ 10 Suite
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
"{3973DD74-2444-1CD4-278A-E7A77E4E53EE}" = ccc-utility64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}" = Eraser 6.0.7.1893
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel(R) Network Connections 15.6.25.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23887221-512C-8DE0-8FCD-15AFBA0D105C}" = Catalyst Control Center Core Implementation
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41564952-412D-5637-00A7-A758B70C0201}" = Avira SearchFree Toolbar plus Web Protection
"{4E39BA76-09F8-FBA6-25BA-E9A1D9D87547}" = Catalyst Control Center Graphics Previews Vista
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{558DD876-6EA3-03FF-7BCA-D5F6F0BD504F}" = Catalyst Control Center Graphics Full Existing
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73CDCA64-491D-4EA8-CD8B-AE69CE1373F8}" = Catalyst Control Center Localization All
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A86409C5-ABB1-901D-7059-889D11F67F2D}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C3DF6B7D-BDF3-AC88-F2D2-05FCFC1A66DC}" = ccc-core-static
"{CCDDAA87-1C54-B1FB-BD7E-CC910EA7DDB9}" = Catalyst Control Center Graphics Light
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EEBABD91-2B8C-DB09-17C1-D7B661A040C9}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB280574-F82B-FD8F-B338-756749A94B74}" = CCC Help German
"{FC8D323B-FD0A-CCC9-7032-46B06F01CAAA}" = Catalyst Control Center InstallProxy
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Google Chrome" = Google Chrome
"JetDrive_is1" = JetDrive
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Maxthon3" = Maxthon Cloud Browser
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 6" = TeamViewer 6
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Suche Schutzvorkehrung
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.07.2013 11:32:08 | Computer Name = Mahdi-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description =

Error - 23.07.2013 11:33:00 | Computer Name = Mahdi-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description =

Error - 23.07.2013 11:33:00 | Computer Name = Mahdi-PC | Source = .NET Runtime Optimization Service | ID = 1103
Description =

Error - 23.07.2013 11:40:24 | Computer Name = Mahdi-PC | Source = Service1 | ID = 0
Description = Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error - 23.07.2013 11:40:26 | Computer Name = Mahdi-PC | Source = WinMgmt | ID = 10
Description =

Error - 23.07.2013 11:51:05 | Computer Name = Mahdi-PC | Source = Service1 | ID = 0
Description = Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error - 23.07.2013 11:51:06 | Computer Name = Mahdi-PC | Source = WinMgmt | ID = 10
Description =

Error - 23.07.2013 13:13:22 | Computer Name = Mahdi-PC | Source = Service1 | ID = 0
Description = Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error - 23.07.2013 13:13:24 | Computer Name = Mahdi-PC | Source = WinMgmt | ID = 10
Description =

Error - 23.07.2013 14:18:59 | Computer Name = Mahdi-PC | Source = Application Hang | ID = 1002
Description = Programm Maxthon.exe, Version 4.1.0.4000 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1278 Startzeit:
01ce87ce073e5a4a Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe

Berichts-ID:
561f9531-f3c4-11e2-b9be-5404a60bfaf4

[ System Events ]
Error - 23.07.2013 08:44:08 | Computer Name = Mahdi-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 23.07.2013 09:33:36 | Computer Name = Mahdi-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "D:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 23.07.2013 09:46:55 | Computer Name = Mahdi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070005 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte
Systeme

Error - 23.07.2013 10:59:49 | Computer Name = Mahdi-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 23.07.2013 11:31:16 | Computer Name = Mahdi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte
Systeme

Error - 23.07.2013 11:32:59 | Computer Name = Mahdi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte
Systeme

Error - 23.07.2013 11:33:32 | Computer Name = Mahdi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte
Systeme

Error - 23.07.2013 11:51:17 | Computer Name = Mahdi-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 23.07.2013 11:51:17 | Computer Name = Mahdi-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 23.07.2013 13:11:58 | Computer Name = Mahdi-PC | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >

Sorry, ich hab erst später gelesen, das die Logfiles als Archieve gezippt werden müssen. Anbei die Dateien.

Moin,

Zitat:

Leider sind nach wie vor die hälfte meiner Bilder und sämtliche Office Dateinen weiterhin unzugänglich. Das System konnte für die Mehrzahl der Bilder eine Sicherheitskopie erstellen, wodurch die Bilder gerettet sind. Mein Problem sind meine Word Dateien, da dort Lebensläufe und Bewerbungen geschrieben wurde. Auch hat der Trojaner auf Dropbox zugriff gehabt, wobei jetzt auf allen Geräten, wie Tab und Smartphones auch dort die Office Dateinen zugänglich sind. Gibt es jemanden hier im Forum der mir per Fernüberwachungssoftware Teamviewer auf meinen Rechner zugreifen kann und mir die Dateien wieder herstellen kann?

Bitte lesen => http://www.trojaner-board.de/116851-...tml#post842337

Und nein, es gibt nicht immer eine Möglichkeit so einfach Daten zu retten. Eine wichtige großartige Chance hast du durch das Formatieren verbaut.... (Schattenkopien ab Windows Vista)

Ja, ich denke ich habe Deinen Fehler gemacht. Windows 7 hatte sich nicht installieren lassen, weil er die Festplatte nicht gefunden hat. Die Software suchte eine Windows Installation auf der D: Festplatte. Erst nach Formatierung ging es. Es gibt bei Eigenschaften der Bilder keine Vorgängerversionen. Die wurden durch Formatierung gelöscht. Ich werde die Bilder demnächst auf einer Cloud sichern dann habe ich damit keine Probleme.

Soll ich jetzt alle Entschlüsslungs Tools ausprobieren?

Danke für Dein Hilfe