| |
| |||||||
Alles rund um Windows: Dokumente nach Trojaner nicht zu öffnenWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
10.04.2014, 15:25
| #1 | ||
| |  Problem: Dokumente nach Trojaner nicht zu öffnen Hallo! Ohhhh, mea culpa, ich weiß nicht, wie ich diesen Beitrag ins Trojaner-Forum verschieben kann. Tut mir leid, ist wohl nicht das richtige Unterforum. Ich wollte keinen zweiten Beitrag aufmachen.  Ich habe vor einigen Tagen über den EU Cleaner entdeckt, dass mein Rechner (Windows 7) mit einem Trojaner infiziert ist/war. Das äußerte sich unter anderem in Unmengen an ads im firefox (by safer surf) und daran, dass sich meine Dokumente (pdf, doc, usw.) nicht mehr öffnen lassen. Weiterhin wurde in jedem einzelnen Ordner auf meinem Rechner Dateien hinterlegt (HOW_DECRYPT.TXT und .HTML). Die TXT hat folgenden Inhalt: Zitat:
Leider konnte ich weder mit Antivirenprogrammen und CCleaner das Problem lösen. Ich bin darauf angewiesen die Dateien zu rekonstruieren. Mein letztes backup ist (dummerweise) schon 6 Monate her. Ich habe den OT scannen lassen mit folgendem Report: OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.04.2014 14:24:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nikolai\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 56,46% Memory free
7,73 Gb Paging File | 5,67 Gb Available in Paging File | 73,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 146,71 Gb Free Space | 51,77% Space Free | Partition Type: NTFS
Computer Name: NIKOLAI-PC | User Name: Nikolai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Nikolai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Nikolai\AppData\Local\FilesFrog Update Checker\update_checker.exe (Somoto)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\d6591f83d56635051470d844006c0953\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (399a5ed693fb3567) -- C:\Windows\SysNative\drivers\399a5ed693fb3567.sys ()
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (CLKMSVC10_1628BCEA) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe (CyberLink)
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (399a5ed693fb3567) -- C:\Windows\SysNative\drivers\399a5ed693fb3567.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WtSmpAdap) -- C:\Windows\SysNative\DRIVERS\wtsmpadap.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HPFXFAX) -- C:\Windows\SysNative\drivers\hppdfaxio.sys (Hewlett Packard)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\tsusbflt.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys ()
DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (O2MDGRDR) -- C:\Windows\SysNative\drivers\o2mdgx64.sys (O2Micro )
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\DRIVERS\stexstor.sys ()
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys ()
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1395606799&from=tugs&uid=HitachiXHTS725032A9A364_100825PCKC04BPG94Y0KX
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1395606799&from=tugs&uid=HitachiXHTS725032A9A364_100825PCKC04BPG94Y0KX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1395606799&from=tugs&uid=HitachiXHTS725032A9A364_100825PCKC04BPG94Y0KX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1395606799&from=tugs&uid=HitachiXHTS725032A9A364_100825PCKC04BPG94Y0KX
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{346E1034-E60B-4DD8-BBBE-D95EB73984B8}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_12_ff&cd=2XzuyEtN2Y1L1QzuyD0CtByCtD0AtCyCyCtA0C0D0C0F0DyDtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DtCtCyCtA0AtGyCyC0CyBtGtByCyD0FtGzy0FtAtDtGtAyE0BtDyCtByDzz0Azy0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0Bzz0CyE0BtAtGyDyByDtDtGyCtCzy0EtG0EyD0D0EtGtCtBzz0C0AyB0CtCyCtBzy0E2Q&cr=224776813&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1395606799&from=tugs&uid=HitachiXHTS725032A9A364_100825PCKC04BPG94Y0KX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1395606799&from=tugs&uid=HitachiXHTS725032A9A364_100825PCKC04BPG94Y0KX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1395606799&from=tugs&uid=HitachiXHTS725032A9A364_100825PCKC04BPG94Y0KX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1395606799&from=tugs&uid=HitachiXHTS725032A9A364_100825PCKC04BPG94Y0KX
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{71F3706C-99E3-4165-A194-DABCABDAE3EF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1395606799&from=tugs&uid=HitachiXHTS725032A9A364_100825PCKC04BPG94Y0KX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {346E1034-E60B-4DD8-BBBE-D95EB73984B8}
IE - HKCU\..\SearchScopes\{346E1034-E60B-4DD8-BBBE-D95EB73984B8}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=md_14_12_ff&cd=2XzuyEtN2Y1L1QzuyD0CtByCtD0AtCyCyCtA0C0D0C0F0DyDtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DtCtCyCtA0AtGyCyC0CyBtGtByCyD0FtGzy0FtAtDtGtAyE0BtDyCtByDzz0Azy0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0Bzz0CyE0BtAtGyDyByDtDtGyCtCzy0EtG0EyD0D0EtGtCtBzz0C0AyB0CtCyCtBzy0E2Q&cr=224776813&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13828
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014.04.09 15:55:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.23 09:08:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012.09.30 19:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014.03.21 14:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2014.03.25 11:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikolai\AppData\Roaming\mozilla\Extensions
[2010.12.19 15:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikolai\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014.03.25 12:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikolai\AppData\Roaming\mozilla\Firefox\Profiles\55ag301s.default\extensions
[2014.04.01 08:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.04.01 08:34:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com/
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Users\Nikolai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
Hosts file not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [MFNetworkScanUtility] C:\Programme\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Spotify] C:\Users\Nikolai\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Nikolai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Ynenvu] C:\Users\Nikolai\AppData\Local\Temp\Baykoq\ynenvu.exe ()
O4 - HKLM..\RunOnce: [awesfreezip130772] File not found
O4 - Startup: C:\Users\Nikolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27C4F03C-4E8B-45A5-B9BE-477E5CC9B19F}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECC9BCD6-8B22-4CDF-8BE3-12679B601AC4}: NameServer = 138.188.101.186 138.188.101.189
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{154d4562-4f24-11e1-9c34-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{154d4562-4f24-11e1-9c34-00ade1ac1c1a}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\{ccdc9520-4f22-11e1-9d90-5c260a1663cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ccdc9520-4f22-11e1-9d90-5c260a1663cd}\Shell\AutoRun\command - "" = E:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014.04.10 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\Local Settings
[2014.04.10 14:23:01 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2014.04.10 14:23:01 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\AppData\Local\FilesFrog Update Checker
[2014.04.10 14:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014.04.10 14:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014.04.10 14:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2014.04.10 08:02:03 | 000,084,720 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.04.09 18:12:04 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\Desktop\NEUUUUU
[2014.04.09 15:32:54 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\AppData\Roaming\Avira
[2014.04.09 15:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.04.09 15:31:16 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.04.09 15:31:16 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.04.09 15:31:16 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.04.09 15:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.04.09 15:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.04.06 12:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2014.04.06 12:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2014.04.04 18:31:21 | 000,000,000 | -H-D | C] -- C:\de4cbe8
[2014.04.02 11:59:08 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\Desktop\Fr4nSchkozNews3
[2014.04.02 11:58:59 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\Desktop\Marion Zimmer Bradley - Avalon 08 - Die Nebel von Avalon
[2014.04.01 08:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.03.25 22:07:27 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\AppData\Local\Spotify
[2014.03.25 22:07:03 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\AppData\Roaming\Spotify
[2014.03.25 11:11:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.03.24 10:06:15 | 000,000,000 | R--D | C] -- C:\Users\Nikolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014.03.23 22:33:28 | 000,000,000 | ---D | C] -- C:\Users\Nikolai\AppData\Roaming\webssearches
[2014.03.23 22:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014.03.23 22:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer-Surf-soft
[2014.03.23 22:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
[2014.03.21 14:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014.03.21 14:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014.03.20 12:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014.03.14 09:32:38 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014.03.14 09:32:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014.03.14 09:32:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.03.14 09:32:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.03.14 09:32:36 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.03.14 09:32:35 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.03.14 09:32:35 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.03.14 09:32:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.03.14 09:32:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.03.14 09:32:34 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.03.14 09:32:34 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.03.14 09:32:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.03.14 09:32:33 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.03.14 09:32:33 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.03.14 09:32:33 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.03.14 09:32:32 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.03.14 09:32:32 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.03.14 09:32:32 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.03.14 09:32:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.03.14 09:32:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.03.14 09:32:31 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.03.14 09:32:31 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.03.14 09:32:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.03.14 09:32:30 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.03.14 09:32:30 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.03.14 09:32:29 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.03.14 09:30:04 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014.03.14 09:30:04 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014.03.13 21:04:12 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2 C:\Users\Nikolai\Desktop\*.tmp files -> C:\Users\Nikolai\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Nikolai\AppData\Local\*.tmp files -> C:\Users\Nikolai\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.04.10 14:22:59 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\Freezip.lnk
[2014.04.10 14:18:47 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014.04.10 14:18:47 | 000,002,172 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014.04.10 14:18:26 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014.04.10 08:56:36 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.04.10 08:56:36 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.04.10 08:53:16 | 001,626,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.04.10 08:53:16 | 000,702,436 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.04.10 08:53:16 | 000,656,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.04.10 08:53:16 | 000,150,044 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.04.10 08:53:16 | 000,122,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.04.10 08:48:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.04.10 08:48:35 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2014.04.10 08:00:36 | 000,084,720 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.04.09 15:57:04 | 000,000,366 | ---- | M] () -- C:\Users\Nikolai\Documents\cc_20140409_155700.reg
[2014.04.09 15:56:31 | 000,001,710 | ---- | M] () -- C:\Users\Nikolai\Documents\cc_20140409_155626.reg
[2014.04.09 15:31:29 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.04.09 13:01:56 | 001,815,424 | ---- | M] () -- C:\Users\Nikolai\Desktop\HP0001.pdf
[2014.04.08 14:27:37 | 000,281,975 | ---- | M] () -- C:\Users\Nikolai\Desktop\L220_deutsch.pdf
[2014.04.08 12:18:14 | 000,596,447 | ---- | M] () -- C:\Users\Nikolai\Desktop\Autorizacion.pdf
[2014.04.06 12:50:31 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2014.04.06 12:06:58 | 000,001,985 | ---- | M] () -- C:\Users\Nikolai\Desktop\Avira EU-Cleaner.lnk
[2014.04.04 19:03:05 | 000,128,086 | ---- | M] () -- C:\Users\Nikolai\Documents\Mappe1.pdf
[2014.04.04 18:59:18 | 016,884,054 | ---- | M] () -- C:\Users\Nikolai\Desktop\Voller Knobeleien_1-186.pdf
[2014.04.04 18:58:47 | 112,413,014 | ---- | M] () -- C:\Users\Nikolai\Desktop\Vegan.For.Youth.pdf
[2014.04.04 18:54:55 | 001,815,638 | ---- | M] () -- C:\Users\Nikolai\Desktop\prüfung-handreichungv2.pdf
[2014.04.04 18:54:39 | 000,262,998 | ---- | M] () -- C:\Users\Nikolai\Desktop\Kalender-10.Klasse.pdf
[2014.04.04 18:52:25 | 000,517,974 | ---- | M] () -- C:\Users\Nikolai\Desktop\DOC.pdf
[2014.04.04 18:52:24 | 000,066,134 | ---- | M] () -- C:\Users\Nikolai\Desktop\calificaciones-13110172407010002.pdf
[2014.04.04 18:45:35 | 000,018,518 | ---- | M] () -- C:\Users\Nikolai\AppData\Local\WebpageIcons.db
[2014.03.31 20:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.03.31 20:18:14 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Safer-Surf Update.job
[2014.03.31 20:06:48 | 000,000,366 | ---- | M] () -- C:\Users\Nikolai\Documents\cc_20140331_200645.reg
[2014.03.31 20:06:40 | 000,000,082 | ---- | M] () -- C:\Users\Nikolai\Documents\cc_20140331_200638.reg
[2014.03.31 19:30:55 | 000,001,984 | ---- | M] () -- C:\Users\Nikolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2014.03.31 19:23:12 | 001,646,762 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.03.31 19:18:50 | 000,000,706 | ---- | M] () -- C:\Users\Nikolai\Documents\cc_20140331_191846.reg
[2014.03.31 19:15:46 | 000,079,288 | ---- | M] () -- C:\Windows\SysNative\drivers\399a5ed693fb3567.sys
[2014.03.25 12:42:47 | 000,004,028 | ---- | M] () -- C:\Users\Nikolai\Documents\cc_20140325_114238.reg
[2014.03.25 10:21:13 | 000,000,088 | ---- | M] () -- C:\Users\Nikolai\AppData\Roaming\WB.CFG
[2014.03.25 09:42:24 | 000,001,686 | ---- | M] () -- C:\Users\Nikolai\Documents\cc_20140325_084219.reg
[2014.03.25 08:45:33 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014.03.25 08:45:33 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014.03.24 09:21:44 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014.03.23 22:36:09 | 000,002,866 | ---- | M] () -- C:\Users\Nikolai\AppData\Roaming\aps.scan.results
[2014.03.23 22:36:09 | 000,001,220 | ---- | M] () -- C:\Users\Nikolai\AppData\Roaming\aps.scan.quick.results
[2014.03.23 22:36:09 | 000,000,320 | ---- | M] () -- C:\Users\Nikolai\AppData\Roaming\aps.uninstall.scan.results
[2014.03.22 09:50:19 | 000,030,510 | ---- | M] () -- C:\Users\Nikolai\Documents\cc_20140322_085014.reg
[2014.03.15 04:22:47 | 000,422,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Users\Nikolai\Desktop\*.tmp files -> C:\Users\Nikolai\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Nikolai\AppData\Local\*.tmp files -> C:\Users\Nikolai\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.04.10 14:22:59 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\Freezip.lnk
[2014.04.10 14:18:47 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014.04.10 14:18:47 | 000,002,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014.04.10 14:18:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014.04.10 14:18:26 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014.04.09 16:18:07 | 001,815,424 | ---- | C] () -- C:\Users\Nikolai\Desktop\HP0001.pdf
[2014.04.09 15:57:02 | 000,000,366 | ---- | C] () -- C:\Users\Nikolai\Documents\cc_20140409_155700.reg
[2014.04.09 15:56:29 | 000,001,710 | ---- | C] () -- C:\Users\Nikolai\Documents\cc_20140409_155626.reg
[2014.04.09 15:31:29 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.04.08 14:27:55 | 000,596,447 | ---- | C] () -- C:\Users\Nikolai\Desktop\Autorizacion.pdf
[2014.04.08 14:27:37 | 000,281,975 | ---- | C] () -- C:\Users\Nikolai\Desktop\L220_deutsch.pdf
[2014.04.06 12:50:31 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2014.04.06 12:37:02 | 000,000,111 | ---- | C] () -- C:\Users\Nikolai\Desktop\profiles.ini
[2014.04.06 12:06:58 | 000,001,985 | ---- | C] () -- C:\Users\Nikolai\Desktop\Avira EU-Cleaner.lnk
[2014.04.01 08:34:40 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014.03.31 20:06:47 | 000,000,366 | ---- | C] () -- C:\Users\Nikolai\Documents\cc_20140331_200645.reg
[2014.03.31 20:06:40 | 000,000,082 | ---- | C] () -- C:\Users\Nikolai\Documents\cc_20140331_200638.reg
[2014.03.31 19:30:55 | 000,001,984 | ---- | C] () -- C:\Users\Nikolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2014.03.31 19:18:48 | 000,000,706 | ---- | C] () -- C:\Users\Nikolai\Documents\cc_20140331_191846.reg
[2014.03.31 19:15:46 | 000,079,288 | ---- | C] () -- C:\Windows\SysNative\drivers\399a5ed693fb3567.sys
[2014.03.25 22:07:26 | 000,001,807 | ---- | C] () -- C:\Users\Nikolai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014.03.25 12:42:43 | 000,004,028 | ---- | C] () -- C:\Users\Nikolai\Documents\cc_20140325_114238.reg
[2014.03.25 09:42:22 | 000,001,686 | ---- | C] () -- C:\Users\Nikolai\Documents\cc_20140325_084219.reg
[2014.03.23 22:36:36 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014.03.23 22:36:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014.03.23 22:36:35 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014.03.23 22:35:45 | 000,002,866 | ---- | C] () -- C:\Users\Nikolai\AppData\Roaming\aps.scan.results
[2014.03.23 22:35:45 | 000,001,220 | ---- | C] () -- C:\Users\Nikolai\AppData\Roaming\aps.scan.quick.results
[2014.03.23 22:35:45 | 000,000,320 | ---- | C] () -- C:\Users\Nikolai\AppData\Roaming\aps.uninstall.scan.results
[2014.03.23 22:17:56 | 000,000,088 | ---- | C] () -- C:\Users\Nikolai\AppData\Roaming\WB.CFG
[2014.03.23 22:17:36 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\Safer-Surf Update.job
[2014.03.22 09:50:16 | 000,030,510 | ---- | C] () -- C:\Users\Nikolai\Documents\cc_20140322_085014.reg
[2014.03.14 15:40:27 | 000,066,134 | ---- | C] () -- C:\Users\Nikolai\Desktop\calificaciones-13110172407010002.pdf
[2014.03.14 09:32:37 | 003,156,480 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2014.02.25 13:51:11 | 001,646,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.11 18:27:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.07.16 16:25:27 | 000,000,017 | ---- | C] () -- C:\Users\Nikolai\AppData\Local\resmon.resmoncfg
[2012.10.10 09:43:59 | 000,000,083 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2012.09.30 19:53:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.29 11:59:36 | 000,000,000 | ---- | C] () -- C:\Users\Nikolai\ping
[2012.01.14 13:40:40 | 000,008,666 | ---- | C] () -- C:\Users\Nikolai\AppData\Roaming\3a59d17d
[2012.01.14 13:40:40 | 000,008,611 | ---- | C] () -- C:\ProgramData\164932a6
[2012.01.14 13:40:40 | 000,008,582 | ---- | C] () -- C:\Users\Nikolai\AppData\Local\c0553114
[2011.12.01 18:18:35 | 000,018,518 | ---- | C] () -- C:\Users\Nikolai\AppData\Local\WebpageIcons.db
[2011.08.30 12:21:24 | 000,004,608 | ---- | C] () -- C:\Users\Nikolai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.14 18:52:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.12 09:54:26 | 000,000,355 | ---- | C] () -- C:\Users\Nikolai\Netzwerk - Verknüpfung.lnk
[2010.11.18 15:36:36 | 000,000,680 | RHS- | C] () -- C:\Users\Nikolai\ntuser.pol
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD022376
< End of report >
Es wäre toll, wenn mir einer von euch helfen könnte meine Dokumente wiederherzustellen. Im Anschluss würde ich dann meinen Rechner formatieren und die Programme neu installieren. Ach ja, der Report vom Antivirus: Zitat:
Nikolai Geändert von Nikolai2323 (10.04.2014 um 15:54 Uhr) |
| Themen zu Dokumente nach Trojaner nicht zu öffnen |
| adobe, avg, avira, bho, browser, canon, computer, cryptodefense, desktop, dokumente, error, explorer, firefox, flash player, hdd0(c:, hdd0(c:), installation, internet, logfile, mozilla, netzwerk, problem, public key, recover, registry, rsa-2048, scan, security, server, spotify web helper, temp, trojaner, windows, wlan |
Dokumente nach Trojaner nicht zu öffnen
'
Baum-Darstellung