|
Plagegeister aller Art und deren Bekämpfung: Facebook Login fordert zum Passwort Wechsel aufWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.03.2015, 19:01 | #1 |
| Facebook Login fordert zum Passwort Wechsel auf Seit heute werde ich nach dem Facebook Login am Rechner aufgefordert mein Passwort zu ändern. Ich habe hierbei keinerlei Chance dies zu umgehen. (Meldung siehe Anhang) Dies tritt bei mir mit Opera, Firefox und dem IE auf. Was ich jedoch gemacht habe ist, dass ich mobil mein Passwort geändert habe. Doch auch wenn ich mich hiermit anmelde (die Meldung im Anhang kann somit nicht mehr stimmen) erhalte ich weiterhin diese Meldung. Mit meinem Zweitprofil (engerer Freundeskreis), kann ich mich jedoch weiterhin ohne Probleme anmelden. Woran kann das liegen? Habe Sorgen die Änderung auf der Webseite durchzuführen. Hoffe, ihr könnt mir hierbei helfen. FRST Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Fischi (administrator) on FORSTER-2CEGVPJ on 20-03-2015 19:03:45 Running from C:\Dokumente und Einstellungen\Fischi\Eigene Dateien\Downloads Loaded Profiles: Fischi & UpdatusUser (Available profiles: Fischi & UpdatusUser) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sygate Technologies, Inc.) C:\Programme\Sygate\SPF\Smc.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe (Renesas Electronics Corporation) C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Lavasoft) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (ASUSTeK Computer Inc.) C:\Programme\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe (Lavasoft Limited) C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe (DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe (Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (GFI Software) C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Lavasoft Limited) C:\PROGRA~1\AD-AWA~1\AdAware.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe (Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe () C:\Programme\Opera\28.0.1750.48\opera_crashreporter.exe (Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe (Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe (Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe (Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NUSB3MON] => C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [ExpressGateBIOSSwitch] => C:\ASUS.SYS\config\EGSwitch.exe [618600 2010-05-10] (DeviceVM, Inc.) HKLM\...\Run: [SmcService] => C:\Programme\Sygate\SPF\Smc.exe [2577632 2004-10-15] (Sygate Technologies, Inc.) HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft) HKLM\...\Run: [Ad-Aware Antivirus] => "C:\Programme\Ad-Aware Antivirus\AdAwareLauncher" --windows-run HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [Nvtmru] => C:\Programme\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [nwiz] => C:\Programme\NVIDIA Corporation\nview\nwiz.exe [2562848 2013-05-12] () HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [SDTray] => C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Run: [Avira Systray] => C:\Programme\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ASUS USB-N13 WLAN Control Center.lnk ShortcutTarget: ASUS USB-N13 WLAN Control Center.lnk -> C:\Programme\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe (ASUSTeK Computer Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1844237615-706699826-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-1844237615-706699826-725345543-1004] => localhost:21320 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1844237615-706699826-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ HKU\S-1-5-21-1844237615-706699826-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1844237615-706699826-725345543-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-1844237615-706699826-725345543-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01 URLSearchHook: [S-1-5-21-1844237615-706699826-725345543-1006] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\S-1-5-21-1844237615-706699826-725345543-1004 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKU\S-1-5-21-1844237615-706699826-725345543-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation) Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Mozilla\Firefox\Profiles\qhacth6t.default-1426872528046 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Programme\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1844237615-706699826-725345543-1004: sony.com/MediaGoDetector -> C:\Programme\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC) FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-10] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-20] Chrome: ======= CHR Profile: C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27] CHR Extension: (Google Docs) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27] CHR Extension: (Google Drive) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27] CHR Extension: (YouTube) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27] CHR Extension: (Google Search) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27] CHR Extension: (Google Sheets) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27] CHR Extension: (Avira Browser Safety) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-27] CHR Extension: (Chrome Hotword Shared Module) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Google Wallet) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-11-27] CHR Extension: (Gmail) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Programme\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\adawaretb\toolbar\chrome\toolbar.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Ad-Aware Service; C:\Programme\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited) S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed] R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed] R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-20] (Avira Operations GmbH & Co. KG) R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed] R2 Avira.OE.ServiceHost; C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed] S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed] S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed] S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed] R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed] R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [127488 2008-04-14] (Microsoft Corporation) [File not signed] S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [225280 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed] S3 dmserver; C:\WINDOWS\System32\dmserver.dll [24064 2008-04-14] (Microsoft Corp.) [File not signed] R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed] S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [133120 2008-04-14] (Microsoft Corporation) [File not signed] R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed] S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed] R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed] R2 Eventlog; C:\WINDOWS\system32\services.exe [111104 2009-02-09] (Microsoft Corporation) [File not signed] R3 EventSystem; C:\WINDOWS\System32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed] R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Microsoft Corporation) [File not signed] S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-11-27] (Google Inc.) S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-11-27] (Google Inc.) S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-09] (Google) R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed] R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed] S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed] S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed] S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed] R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation) R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed] R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed] R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed] S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed] S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed] S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [148080 2015-03-06] (Mozilla Foundation) S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed] S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed] S3 napagent; C:\WINDOWS\System32\qagentrt.dll [294400 2008-04-14] (Microsoft Corporation) [File not signed] S4 NetDDE; C:\WINDOWS\system32\netdde.exe [114176 2008-04-14] (Microsoft Corporation) [File not signed] S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [114176 2008-04-14] (Microsoft Corporation) [File not signed] S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed] R3 Nla; C:\WINDOWS\System32\mswsock.dll [247296 2008-06-20] (Microsoft Corporation) [File not signed] S3 NtLmSsp; C:\WINDOWS\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [438272 2008-04-14] (Microsoft Corporation) [File not signed] R2 nvUpdatusService; C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592 2013-05-16] (NVIDIA Corporation) R2 PlugPlay; C:\WINDOWS\system32\services.exe [111104 2009-02-09] (Microsoft Corporation) [File not signed] R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed] R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed] S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [143360 2008-04-14] (Microsoft Corporation) [File not signed] S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed] S3 RpcLocator; C:\WINDOWS\System32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed] R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed] S3 RSVP; C:\WINDOWS\System32\rsvp.exe [132608 2002-08-29] (Microsoft Corporation) [File not signed] R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed] R2 SBAMSvc; C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [99840 2008-04-14] (Microsoft Corporation) [File not signed] R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [193536 2008-04-14] (Microsoft Corporation) [File not signed] R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed] R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed] R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [334336 2008-04-14] (Microsoft Corporation) [File not signed] R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Microsoft Corporation) [File not signed] S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies) R2 SmcService; C:\Programme\Sygate\SPF\smc.exe [2577632 2004-10-15] (Sygate Technologies, Inc.) S3 Sony PC Companion; C:\Programme\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed] R2 srservice; C:\WINDOWS\system32\srsvc.dll [171520 2008-04-14] (Microsoft Corporation) [File not signed] R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed] R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [334336 2008-04-14] (Microsoft Corporation) [File not signed] S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [94208 2008-04-14] (Microsoft Corporation) [File not signed] R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed] R3 TermService; C:\WINDOWS\System32\termsrv.dll [297472 2008-04-14] (Microsoft Corporation) [File not signed] R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Microsoft Corporation) [File not signed] R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed] S3 upnphost; C:\WINDOWS\System32\upnphost.dll [186880 2008-04-14] (Microsoft Corporation) [File not signed] S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed] S3 VSS; C:\WINDOWS\System32\vssvc.exe [292864 2008-04-14] (Microsoft Corporation) [File not signed] R2 W32Time; C:\WINDOWS\system32\w32time.dll [177152 2008-04-14] (Microsoft Corporation) [File not signed] R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed] R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [145408 2008-04-14] (Microsoft Corporation) [File not signed] S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed] S3 WmiApSrv; C:\WINDOWS\System32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed] R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed] R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed] R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed] S3 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed] S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [188800 2008-04-14] (Microsoft Corporation) [File not signed] R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [12160 2002-08-29] (Microsoft Corporation) [File not signed] S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed] R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-08-04] (Cisco Systems, Inc.) [File not signed] R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed] S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed] S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed] R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed] S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed] R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed] R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG) S3 Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation) [File not signed] R3 BridgeMP; C:\WINDOWS\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation) [File not signed] S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2002-08-29] (Microsoft Corporation) [File not signed] R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed] R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed] R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed] S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [800384 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed] S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [154112 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed] S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2002-08-29] (Microsoft Corp., Veritas Software.) [File not signed] S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed] S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed] R1 DVMIO; C:\WINDOWS\System32\DRIVERS\dvmio.sys [18136 2010-05-07] (DeviceVM, Inc.) S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed] S1 Fdc; C:\WINDOWS\system32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed] R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44672 2008-04-14] (Microsoft Corporation) [File not signed] S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed] R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed] U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2002-08-29] (Microsoft Corporation) [File not signed] R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [126336 2002-08-29] (Microsoft Corporation) [File not signed] S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-06-10] (GFI Software) R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed] R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider) [File not signed] R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed] R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed] S1 i8042prt; C:\WINDOWS\system32\Drivers\i8042prt.sys [52992 2008-04-14] (Microsoft Corporation) [File not signed] R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed] S3 ip6fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed] S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2002-08-29] (Microsoft Corporation) [File not signed] S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed] R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed] R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed] S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed] R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37632 2008-04-14] (Microsoft Corporation) [File not signed] R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [25216 2008-04-14] (Microsoft Corporation) [File not signed] R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14720 2008-04-14] (Microsoft Corporation) [File not signed] R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed] R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed] R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2002-08-29] (Microsoft Corporation) [File not signed] S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30336 2008-04-14] (Microsoft Corporation) [File not signed] S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23552 2008-04-14] (Microsoft Corporation) [File not signed] R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12288 2002-08-29] (Microsoft Corporation) [File not signed] R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed] R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed] R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed] S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed] S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed] S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed] R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed] R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () [File not signed] R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed] R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed] R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed] S3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed] R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed] R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed] R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed] R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed] R3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed] R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed] R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed] R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2002-08-29] (Microsoft Corporation) [File not signed] R3 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation) S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2002-08-29] (Microsoft Corporation) [File not signed] S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2002-08-29] (Microsoft Corporation) [File not signed] R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed] S3 Parport; C:\WINDOWS\system32\Drivers\Parport.sys [80384 2008-04-14] (Microsoft Corporation) [File not signed] R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed] S2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [7040 2002-08-29] (Microsoft Corporation) [File not signed] R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed] R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2002-08-29] (Microsoft Corporation) [File not signed] S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120576 2008-04-14] (Microsoft Corporation) [File not signed] R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed] R1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [39936 2008-04-14] (Microsoft Corporation) [File not signed] R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed] R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Parallel Technologies, Inc.) [File not signed] S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed] R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2002-08-29] (Microsoft Corporation) [File not signed] R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed] R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed] R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2002-08-29] (Microsoft Corporation) [File not signed] R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed] R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2002-08-29] (Microsoft Corporation) [File not signed] R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57728 2008-04-14] (Microsoft Corporation) [File not signed] S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1173992 2012-10-13] (Realtek Semiconductor Corporation ) R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [22064 2012-09-12] (GFI Software) R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [66344 2012-09-12] (GFI Software) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed] R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [65536 2008-04-14] (Microsoft Corporation) [File not signed] S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed] R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed] R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed] R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] () [File not signed] R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed] S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed] R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed] R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed] S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed] S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed] R0 Teefer; C:\WINDOWS\System32\Drivers\Teefer.sys [60496 2004-10-15] (Sygate Technologies, Inc.) [File not signed] R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed] R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed] R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed] R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed] R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed] R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2008-04-13] (Microsoft Corporation) [File not signed] R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed] S3 usbser; C:\WINDOWS\System32\DRIVERS\usbser.sys [26240 2013-08-29] (Microsoft Corporation) [File not signed] R3 usbstor; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed] R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed] R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [53760 2008-04-14] (Microsoft Corporation) [File not signed] R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed] R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed] R2 wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [14568 2004-10-15] (Sygate Technologies, Inc.) R2 wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [14568 2004-10-15] (Sygate Technologies, Inc.) R2 wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [14568 2004-10-15] (Sygate Technologies, Inc.) R2 wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [14568 2004-10-15] (Sygate Technologies, Inc.) R1 WmiAcpi; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation) [File not signed] S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed] R1 wpsdrvnt; C:\WINDOWS\System32\drivers\wpsdrvnt.sys [21075 2004-10-15] (Sygate Technologies, Inc.) [File not signed] R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2002-08-29] (Microsoft Corporation) [File not signed] R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed] S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed] S3 XPTWOPORT; C:\WINDOWS\System32\DRIVERS\XPTWOPORT.SYS [15872 2012-06-18] (Realtek Semiconductor Corporation ) [File not signed] R3 xusb21; C:\WINDOWS\System32\DRIVERS\xusb21.sys [55808 2007-08-28] (Microsoft Corporation) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S4 IntelIde; No ImagePath S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed] U3 TlntSvr; No ImagePath S4 vsdatant; [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 18:32 - 2015-03-20 18:32 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1426872732.job 2015-03-20 18:32 - 2015-03-20 18:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Opera Software 2015-03-20 18:32 - 2015-03-20 18:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software 2015-03-20 15:32 - 2015-03-20 15:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032015-01.dmp 2015-03-20 14:20 - 2015-03-20 14:20 - 00000000 _____ () C:\WINDOWS\system32\SBRC.dat 2015-03-18 19:13 - 2015-03-18 19:13 - 00105439 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel 2015-03-06 20:03 - 2015-03-06 20:03 - 00000000 ____D () C:\Programme\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 19:04 - 2014-11-30 14:22 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\temp 2015-03-20 19:03 - 2014-11-28 06:57 - 00000000 ____D () C:\FRST 2015-03-20 18:44 - 2014-11-27 20:28 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-20 18:32 - 2013-06-10 19:58 - 00000000 ____D () C:\Programme\Opera 2015-03-20 18:30 - 2013-06-10 20:56 - 00009620 _____ () C:\WINDOWS\system32\nvAppTimestamps 2015-03-20 18:28 - 2013-06-10 19:38 - 01209236 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-20 18:24 - 2013-06-10 19:34 - 00000000 ___RD () C:\Programme 2015-03-20 18:24 - 2013-06-10 19:34 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme 2015-03-20 18:19 - 2013-09-26 16:33 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-03-20 17:50 - 2014-11-30 14:22 - 00000000 ____D () C:\Dokumente und Einstellungen\UpdatusUser\Lokale Einstellungen\temp 2015-03-20 17:44 - 2014-11-27 20:28 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-20 17:18 - 2013-06-10 19:00 - 00000012 ____H () C:\dvmexp.idx 2015-03-20 17:11 - 2013-06-11 16:37 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2015-03-20 17:11 - 2013-06-10 20:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection 2015-03-20 17:10 - 2013-06-10 19:36 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-03-20 17:10 - 2013-06-10 19:36 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-03-20 17:08 - 2014-03-22 13:30 - 00000224 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job 2015-03-20 17:08 - 2013-08-04 09:52 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt 2015-03-20 17:08 - 2013-06-10 18:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-20 17:05 - 2013-06-11 16:36 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2015-03-20 17:05 - 2013-06-10 18:43 - 00000190 ___SH () C:\Dokumente und Einstellungen\Fischi\ntuser.ini 2015-03-20 17:05 - 2013-06-10 18:43 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi 2015-03-20 17:05 - 2013-06-10 18:42 - 00032512 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-20 17:01 - 2014-11-28 16:43 - 00000000 ____D () C:\AdwCleaner 2015-03-20 15:31 - 2013-06-12 15:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$ 2015-03-20 15:18 - 2013-06-10 20:36 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2015-03-20 15:05 - 2013-06-10 18:38 - 00000000 ____D () C:\WINDOWS\Registration 2015-03-20 14:04 - 2014-11-27 16:55 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-20 14:03 - 2014-11-27 16:55 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 2015-03-20 14:03 - 2014-11-27 16:55 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 2015-03-18 19:13 - 2013-09-28 19:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\.gimp-2.8 2015-03-18 17:16 - 2002-08-29 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-03-15 12:00 - 2013-06-10 20:15 - 00000946 _____ () C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job 2015-03-14 13:25 - 2015-01-11 17:41 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Desktop\BBLProfis 2015-03-12 08:44 - 2013-07-19 18:37 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-12 08:34 - 2013-06-11 17:03 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-11 11:21 - 2013-06-10 20:34 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-03-11 11:21 - 2013-06-10 20:34 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-03-08 15:00 - 2014-03-22 13:30 - 00000218 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job 2015-03-08 08:01 - 2013-06-10 19:59 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service 2015-03-06 08:01 - 2014-05-29 10:38 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache 2015-03-05 20:08 - 2014-08-14 19:45 - 00136894 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat 2015-03-05 20:08 - 2014-08-14 19:45 - 00136894 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1844237615-706699826-725345543-1004-0.dat 2015-03-05 16:51 - 2013-06-10 20:35 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira 2015-03-05 16:51 - 2013-06-10 20:34 - 00000000 ____D () C:\Programme\Avira 2015-03-03 09:32 - 2014-10-16 19:01 - 00000034 _____ () C:\WINDOWS\1 2015-03-01 12:55 - 2013-06-20 16:52 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\vlc 2015-02-28 13:30 - 2013-06-10 21:01 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Origin 2015-02-28 13:28 - 2013-06-10 21:01 - 00000000 ____D () C:\Programme\Origin ==================== Files in the root of some directories ======= 2014-11-27 21:10 - 2014-11-27 21:10 - 0184039 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\ars.cache 2014-11-27 21:10 - 2014-11-27 21:10 - 0253859 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\census.cache 2015-01-10 12:29 - 2015-01-10 12:29 - 0003584 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-27 20:56 - 2014-11-27 20:56 - 0000036 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache 2015-03-18 19:13 - 2015-03-18 19:13 - 0105439 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel Some content of TEMP: ==================== C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\temp\avgnt.exe C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\temp\jre-8u40-windows-au.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2002-08-29 13:00] - [2008-04-14 06:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\WINDOWS\system32\winlogon.exe [2002-08-29 13:00] - [2008-04-14 06:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\WINDOWS\system32\svchost.exe [2002-08-29 13:00] - [2008-04-14 06:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\WINDOWS\system32\services.exe [2002-08-29 13:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc C:\WINDOWS\system32\User32.dll [2002-08-29 13:00] - [2008-04-14 06:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\WINDOWS\system32\userinit.exe [2002-08-29 13:00] - [2008-04-14 06:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\WINDOWS\system32\rpcss.dll [2002-08-29 13:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2002-08-29 13:00] - [2008-04-14 06:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ --- --- --- AdwCleaner: Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 20/03/2015 um 19:07:40 # Aktualisiert 23/11/2014 von Xplode # Database : 2014-11-23.7 [Local] # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzername : Fischi - FORSTER-2CEGVPJ # Gestartet von : C:\Dokumente und Einstellungen\Fischi\Eigene Dateien\Downloads\adwcleaner_4.102.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\adawarebp Schlüssel Gefunden : HKLM\SOFTWARE\DeviceVM Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99AD9D6D-A456-49EE-8360-F22EE7AA1272} ***** [ Browser ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v36.0.1 (x86 de) -\\ Google Chrome v41.0.2272.89 -\\ Opera v28.0.1750.48 [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : aaipilfmheplbcghignccoiiebekkdhe [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : elchiiiejkobdbblfejjkbphbddgmljf [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : iklgpchfbohgmghgfagediakopecfmbm [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : edjkooiccbgjhlpfhkknkjhfpmjkmelk [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : bpffalghigmkdghibgickgcnkbcaidch [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : ekpibplnnkfdcafdpoekhoffegcajene [C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc ************************* AdwCleaner[R0].txt - [5776 octets] - [28/11/2014 16:43:19] AdwCleaner[R1].txt - [5836 octets] - [28/11/2014 16:49:50] AdwCleaner[R2].txt - [2100 octets] - [28/11/2014 18:20:15] AdwCleaner[R3].txt - [1407 octets] - [20/03/2015 17:00:34] AdwCleaner[R4].txt - [3096 octets] - [20/03/2015 19:07:40] AdwCleaner[S0].txt - [5949 octets] - [28/11/2014 16:51:03] AdwCleaner[S1].txt - [2161 octets] - [28/11/2014 18:22:55] ########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [3276 octets] ########## Geändert von PcNewbie (20.03.2015 um 19:22 Uhr) |
20.03.2015, 22:09 | #2 |
/// the machine /// TB-Ausbilder | Facebook Login fordert zum Passwort Wechsel auf Hi,
__________________Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
22.03.2015, 07:37 | #3 |
| Facebook Login fordert zum Passwort Wechsel auf Habe ich gemacht - CleanUp war nicht verfügbar, da Nichts gefunden wurde.
__________________Hier das Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.03.21.03 rootkit: v2015.02.25.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Fischi :: FORSTER-2CEGVPJ [administrator] 21.03.2015 07:33:30 mbar-log-2015-03-21 (07-33-30).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 338300 Time elapsed: 2 hour(s), 16 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Auch bei einem Facebook Login auf einem anderen Computer erscheint die Meldung, welche einen Passwort Wechsel fordert. Ist es dann doch echt? Obwohl ich mobil das Passwort schon geändert habe. Hier noch der QuellCode der angezeigten Webseite Code:
ATTFilter <!DOCTYPE html> <html lang="de" id="facebook" class="no_js"> <head><meta charset="utf-8" /><script>function envFlush(a){function b(c){for(var d in a)c[d]=a[d];}if(window.requireLazy){window.requireLazy(['Env'],b);}else{window.Env=window.Env||{};b(window.Env);}}envFlush({"ajaxpipe_token":"AXib0B49igab0TM2","lhsh":"pAQE4-UR6","khsh":"0`sj`e`rm`s-0fdu^gshdoer-0gc^eurf-3gc^eurf;1;enbtldou;fduDmdldourCxO`ld-2YLMIuuqSdptdru;qsnunuxqd;rdoe"});</script><script>CavalryLogger=false;</script><noscript><meta http-equiv="refresh" content="0; URL=/checkpoint/?next&_fb_noscript=1" /></noscript><meta name="referrer" content="default" id="meta_referrer" /><title id="pageTitle">Facebook</title><link rel="alternate" media="only screen and (max-width: 640px)" href="https://www.facebook.com/checkpoint/?next" /><link rel="alternate" media="handheld" href="https://www.facebook.com/checkpoint/?next" /><meta name="robots" content="noodp,noydir" /><noscript><meta http-equiv="X-Frame-Options" content="DENY" /></noscript><link rel="shortcut icon" href="https://fbstatic-a.akamaihd.net/rsrc.php/yl/r/H3nktOa7ZMg.ico" /><link type="text/css" rel="stylesheet" href="https://fbstatic-a.akamaihd.net/rsrc.php/v2/y2/r/rTWcTTOQnyJ.css" data-bootloader-hash="w7sYA" /> <link type="text/css" rel="stylesheet" href="https://fbstatic-a.akamaihd.net/rsrc.php/v2/y0/r/KSl1P3rdqMy.css" data-bootloader-hash="Wuk+P" data-permanent="1" /> <link type="text/css" rel="stylesheet" href="https://fbstatic-a.akamaihd.net/rsrc.php/v2/yJ/r/RpIMwZ3Qy5i.css" data-bootloader-hash="vTIXC" /> <link type="text/css" rel="stylesheet" href="https://fbstatic-a.akamaihd.net/rsrc.php/v2/yA/r/9naO6gNOkDh.css" data-bootloader-hash="kCyYJ" data-permanent="1" /> <script src="https://fbstatic-a.akamaihd.net/rsrc.php/v2/y7/r/wAcQJTqnr2M.js" data-bootloader-hash="5MjVc" crossorigin="anonymous"></script> <script>(require("ServerJSDefine")).handleDefines([["URLFragmentPreludeConfig",[],{"incorporateQuicklingFragment":true,"hashtagRedirect":true},137],["BootloaderConfig",[],{},329],["CSSLoaderConfig",[],{"timeout":5000},619],["AsyncRequestConfig",[],{"retryOnNetworkError":"1"},328],["DTSGInitialData",[],{"token":"KvCoDyemswg="},258],["SiteData",[],{"revision":1653508,"tier":"","push_phase":"V3","pkg_cohort":"EXP1:DEFAULT","vip":"173.252.120.6"},317],["CoreWarningGK",[],{"forceWarning":false},725],["CurrentUserInitialData",[],{"USER_ID":"0","ACCOUNT_ID":"0"},270],["UserAgentData",[],{"browserArchitecture":"32","browserFullVersion":"31.0","browserMinorVersion":0,"browserName":"Firefox","browserVersion":31,"deviceName":"Unknown","engineName":"Gecko","engineVersion":"31.0","platformArchitecture":"32","platformName":"Windows","platformVersion":"XP","platformFullVersion":"XP"},527],["CurrentCommunityInitialData",[],{},490],["ISB",[],{},330],["LSD",[],{},323],["BanzaiConfig",[],{"EXPIRY":86400000,"MAX_SIZE":10000,"MAX_WAIT":150000,"RESTORE_WAIT":150000,"blacklist":["time_spent"],"gks":{"adapterhooks":true,"boosted_pagelikes":true,"boosted_posts":true,"boosted_website":true,"click_ref_logger":true,"jslogger":true,"mercury_send_error_logging":true,"miny_compression":true,"pages_client_logging":true,"reportdata":true,"time_spent_bit_array":true,"useraction":true,"videos":true,"visibility_tracking":true,"vitals":true,"allow_userid_mismatch":true}},7],["FbtNumber",["IntlEnglishNumberType"],{"impl":{"__m":"IntlEnglishNumberType"}},605],["FbtLogger",[],{"logger":null},288],["FbtQTOverrides",[],{"overrides":{"1_fc9e5ed69606dfd03c1f3250e0ae569f":"ADDITIONAL PACKAGES","1_452b4d19f8b930f39a879fcac84ce90f":"CURRENT PACKAGE","1_e954abea12970bc8280ad2e0a0ed8059":"Current package:","1_165852c026de5a92c19aa100722294f2":"Continue with Current Package or Regular Rate","1_cc6247012c96beba161e79817f49ec9b":"You are leaving Facebook. Buy a data package from {carrier} and get more data to chat with friends, read articles and more.","1_9c0e991d114afb863d8eb9e2cefc0127":"You are leaving Internet.org. Buy a data package from {carrier} and get more data to chat with friends, read articles and more.","1_0cbcb2d1165ead7f5be2b3cdf7048031":"You are leaving Messenger. Buy a data package from {carrier} and get more data to chat with friends, read articles and more.","1_e0f7067ca9be01f00614e283938d57fd":"Buy a data package from {carrier} and get more data to watch videos, read articles and more.","1_48f2ba1e7ca3a18566e185de4b3b5015":"Get a Data Package"}},551],["EagleEyeConfig",[],{"seed":"0PA1"},294],["TrackingConfig",[],{"domain":"https:\/\/pixel.facebook.com"},325],["ErrorSignalConfig",[],{"uri":"https:\/\/error.facebook.com\/common\/scribe_endpoint.php"},319],["InitialServerTime",[],{"serverTime":1427006128000},204],["UFIConstants",[],{"UFIActionType":{"COMMENT_LIKE":"fa-type:comment-like","COMMENT_SET_SPAM":"fa-type:mark-spam","DELETE_COMMENT":"fa-type:delete-comment","DISABLE_COMMENTS":"fa-type:disable-comments","LIVE_DELETE_COMMENT":"fa-type:live-delete-comment","LIKE_ACTION":"fa-type:like","SUBSCRIBE_ACTION":"fa-type:subscribe","REMOVE_PREVIEW":"fa-type:remove-preview","MARK_COMMENT_SPAM":"fa-type:mark-spam","CONFIRM_COMMENT_REMOVAL":"fa-type:confirm-remove","TRANSLATE_COMMENT":"fa-type:translate-comment","COMMENT_LIKECOUNT_UPDATE":"fa-type:comment-likecount-update","ADD_COMMENT_ACTION":"fa-type:add-comment"},"UFICommentOrderingMode":{"CHRONOLOGICAL":"chronological","RANKED_THREADED":"ranked_threaded","TOPLEVEL":"toplevel","RECENT_ACTIVITY":"recent_activity","FEATURED":"featured","FILTERED":"filtered"},"UFIFeedbackSourceType":{"PROFILE":0,"NEWS_FEED":1,"OBJECT":2,"MOBILE":3,"EMAIL":4,"PROFILE_APPROVAL":10,"TICKER":12,"NONE":13,"INTERN":14,"ADS":15,"EVENT_GOING_FLYOUT":16,"PHOTOS_SNOWLIFT":17,"PHOTOS_SNOWFLAKE":20,"USER_TIMELINE":21,"PAGE_TIMELINE":22,"SEARCH":23,"PAGE_TAB":24,"TIMELINE_COLLECTION":25,"TOPIC_CONVERSATION":26},"UFIPayloadSourceType":{"UNKNOWN":0,"INITIAL_SERVER":1,"LIVE_SEND":2,"USER_ACTION":3,"ENDPOINT_LIKE":10,"ENDPOINT_COMMENT_LIKE":11,"ENDPOINT_ADD_COMMENT":12,"ENDPOINT_EDIT_COMMENT":13,"ENDPOINT_DELETE_COMMENT":14,"ENDPOINT_COMMENT_SPAM":16,"ENDPOINT_REMOVE_PREVIEW":17,"ENDPOINT_ID_COMMENT_FETCH":18,"ENDPOINT_COMMENT_FETCH":19,"ENDPOINT_TRANSLATE_COMMENT":20,"ENDPOINT_BAN":21,"ENDPOINT_SUBSCRIBE":22,"ENDPOINT_COMMENT_LIKECOUNT_UPDATE":23,"ENDPOINT_DISABLE_COMMENTS":24,"ENDPOINT_ACTOR_CHANGE":25},"UFIStatus":{"DELETED":"status:deleted","SPAM":"status:spam","SPAM_DISPLAY":"status:spam-display","LIVE_DELETED":"status:live-deleted","FAILED_ADD":"status:failed-add","FAILED_EDIT":"status:failed-edit","PENDING_EDIT":"status:pending-edit"},"attachmentTruncationLength":80,"commentTruncationLength":420,"commentTruncationMaxLines":3,"commentTruncationPercent":0.6,"commentURLTruncationLength":60,"defaultPageSize":50,"infiniteScrollRangeForQANDAPermalinks":1000,"minCommentsForOrderingModeSelector":2,"unavailableCommentKey":"unavailable_comment_key"},240]]);new (require("ServerJS"))().handle({"require":[["TimeSlice"],["markJSEnabled"],["lowerDomain"],["URLFragmentPrelude"],["Primer"],["Bootloader"]]});</script></head><body class="UIPage_LoggedOut _2gsg gecko win x1 Locale_de_DE" dir="ltr"><div class="_li"><div id="pagelet_bluebar" role="banner" data-click="bluebar" data-click-phase="0"><div id="blueBarDOMInspector" class="_21mm"><div id="blueBarNAXAnchor" class="_4f7n _xxp"><div class="_uaw clearfix" role="banner"><h1 class="_5lus"><a class="logo" href="#" role="button"></a></h1><div class="clearfix"><div class="lfloat _ohe"></div><div class="rfloat _ohf"><ul class="_2exj clearfix" role="navigation"><li class="navItem"><a class="_1ayn" href="https://www.facebook.com/logout.php?h=AfcGq4jpqrVfszBr&t=1427006128&ref=mb">Abmelden</a></li></ul></div></div></div></div></div></div><div id="globalContainer" class="uiContextualLayerParent"><div class="fb_content clearfix " id="content" role="main"><div class="_2d14"><form class="checkpoint" action="/checkpoint/?next" method="post" title="Bitte ändere dein Passwort" onsubmit="return window.Event && Event.__inlineSubmit && Event.__inlineSubmit(this,event)" id="u_0_0"><input type="hidden" name="fb_dtsg" value="KvCoDyemswg=" autocomplete="off" /><input type="hidden" autocomplete="off" name="nh" value="fdc40324166f86b5344dbd455be2bc47d478ffcd" /><div class="_4-u2 _5x_7 _p0k _5x_9"><div class="_2e9n" id="u_0_2"><strong id="u_0_3">Bitte ändere dein Passwort</strong></div><div class="_2ph_"><div class="mvm uiP fsm">Damit dein Facebook-Konto sicher bleibt, begleiten wir dich durch unser <a href="/help/290656277791437">automatisiertes Sicherheitsverfahren</a>. Dabei werden Passwörter abgeglichen, die von anderen Webseiten geklaut und online veröffentlicht wurden.</div><div class="mvm uiP fsm">Das von dir auf einer dieser Webseiten verwendete Passwort stimmt mit deinem Facebook-Passwort überein. Wir haben aktuell keine verdächtigen Anmeldeaktivitäten bei deinem Konto festgestellt. Wir begleiten dich aber bei einigen Schritten zum Ändern deines Passworts und helfen dir dabei, die Sicherheit deines Kontos zu gewährleisten.</div></div><div class="_5x_5" id="u_0_4"><div class="clearfix _5hzs" id="checkpointBottomBar"><div class="lfloat _ohe" id="u_0_1"></div><div class="rfloat _ohf"><button value="Weiter" class="_42ft _4jy0 _5x_e _4jy4 _4jy1 selected _51sy" id="checkpointSubmitButton" name="submit[Continue]" type="submit">Weiter</button></div></div></div></div></form></div><div class="_2d15"><ul class="uiList localeSelectorList _509- _4ki _6-h _6-j _6-i"><li><a dir="ltr" href="https://de-de.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("de_DE", "https:\/\/de-de.facebook.com\/checkpoint\/?next");" title="German">Deutsch</a></li><li><a dir="ltr" href="https://www.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("en_US", "https:\/\/www.facebook.com\/checkpoint\/?next");" title="English (US)">English (US)</a></li><li><a dir="ltr" href="https://tr-tr.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("tr_TR", "https:\/\/tr-tr.facebook.com\/checkpoint\/?next");" title="Turkish">Türkçe</a></li><li><a dir="ltr" href="https://pl-pl.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("pl_PL", "https:\/\/pl-pl.facebook.com\/checkpoint\/?next");" title="Polish">Polski</a></li><li><a dir="ltr" href="https://it-it.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("it_IT", "https:\/\/it-it.facebook.com\/checkpoint\/?next");" title="Italian">Italiano</a></li><li><a dir="ltr" href="https://ro-ro.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("ro_RO", "https:\/\/ro-ro.facebook.com\/checkpoint\/?next");" title="Romanian">Română</a></li><li><a dir="ltr" href="https://fr-fr.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("fr_FR", "https:\/\/fr-fr.facebook.com\/checkpoint\/?next");" title="French (France)">Français (France)</a></li><li><a dir="ltr" href="https://ru-ru.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("ru_RU", "https:\/\/ru-ru.facebook.com\/checkpoint\/?next");" title="Russian">Русский</a></li><li><a dir="rtl" href="https://ar-ar.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("ar_AR", "https:\/\/ar-ar.facebook.com\/checkpoint\/?next");" title="Arabic">العربية</a></li><li><a dir="ltr" href="https://es-la.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale("es_LA", "https:\/\/es-la.facebook.com\/checkpoint\/?next");" title="Spanish">Español</a></li><li><a class="showMore" rel="dialog" ajaxify="/settings/language/language/?uri=https%3A%2F%2Fwww.facebook.com%2Fcheckpoint%2F%3Fnext&source=TOP_LOCALES_DIALOG" title="Weitere Sprachen anzeigen" href="#" role="button">…</a></li></ul></div></div><div id="pageFooter" data-referrer="page_footer"><div id="contentCurve"></div><div role="contentinfo" aria-label="Facebook-Webseitenlinks"><table class="uiGrid _51mz navigationGrid" cellspacing="0" cellpadding="0"><tbody><tr class="_51mx"><td class="_51m- hLeft plm"><a href="/r.php" title="Für Facebook registrieren">Registrieren</a></td><td class="_51m- hLeft plm"><a href="/login/" title="Bei Facebook anmelden">Anmelden</a></td><td class="_51m- hLeft plm"><a href="/mobile/?ref=pf" title="Probiere Facebook-Handy aus.">Handy</a></td><td class="_51m- hLeft plm"><a href="/find-friends?ref=pf" title="Finde jeden im Internet.">Freunde finden</a></td><td class="_51m- hLeft plm"><a href="/badges/?ref=pf" title="Bette ein Facebook-Banner auf deiner Website ein.">Banner</a></td><td class="_51m- hLeft plm"><a href="/directory/people/" title="Browse unser Personenverzeichnis.">Nutzer</a></td><td class="_51m- hLeft plm"><a href="/directory/pages/" title="Browse unser Seitenverzeichnis.">Seiten</a></td><td class="_51m- hLeft plm"><a href="/places/" title="Probiere beliebte Orte auf Facebook aus.">Orte</a></td><td class="_51m- hLeft plm _51mw"><a href="/games/" title="Probiere Spiele auf Facebook aus.">Spiele</a></td></tr><tr class="_51mx"><td class="_51m- hLeft plm"><a href="/directory/places/" title="Browse unser Orteverzeichnis.">Orte</a></td><td class="_51m- hLeft plm"><a href="/facebook" accesskey="8" title="Lies unseren Blog, entdecke unseren Ressourcenbereich und suche nach Jobs.">Über uns</a></td><td class="_51m- hLeft plm"><a href="/campaign/landing.php?placement=pflo&campaign_id=402047449186&extra_1=auto" title="Wirb auf Facebook.">Werbeanzeige erstellen</a></td><td class="_51m- hLeft plm"><a href="/pages/create/?ref_type=sitefooter" title="Seite erstellen">Seite erstellen</a></td><td class="_51m- hLeft plm"><a href="https://developers.facebook.com/?ref=pf" title="Entwickle Apps auf unserer Plattform.">Entwickler</a></td><td class="_51m- hLeft plm"><a href="/careers/?ref=pf" title="Mach deinen nächsten Karriereschritt und bewirb dich bei unserem großartigen Unternehmen.">Karrieren</a></td><td class="_51m- hLeft plm"><a href="/privacy/explanation" title="Erfahre mehr über deine Privatsphäre und Facebook.">Datenschutz</a></td><td class="_51m- hLeft plm"><a href="/help/cookies/?ref=sitefooter" title="Erfahre mehr über Cookies und Facebook.">Cookies</a></td><td class="_51m- hLeft plm _51mw"><a href="/policies/?ref=pf" accesskey="9" title="Unsere Nutzungsbedingungen und Richtlinien.">Impressum/Nutzungsbedingungen</a></td></tr><tr class="_51mx"><td class="_51m- hLeft plm"><a href="/help/?ref=pf" accesskey="0" title="Besuche unseren Hilfebereich.">Hilfe</a></td></tr></tbody></table></div><div class="mvl copyright"><div><span> Facebook © 2015</span><div class="fsm fwn fcg"><a rel="dialog" ajaxify="/settings/language/language/?uri=https%3A%2F%2Fwww.facebook.com%2Fcheckpoint%2F%3Fnext&source=TOP_LOCALES_DIALOG" title="Benutze Facebook in einer anderen Sprache." href="#" role="button">Deutsch</a></div></div></div></div></div></div><script type="text/javascript">/*<![CDATA[*/(function(){function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=4860"+"&m="+m;},5000);}if(top!=self && !false){try{if(parent!=top){throw 1;}var si_cj_d=["apps.facebook.com","apps.beta.facebook.com"];var href=top.location.href.toLowerCase();for(var i=0;i<si_cj_d.length;i++){if (href.indexOf(si_cj_d[i])>=0){throw 1;}}si_cj("3 https:\/\/de-de.facebook.com\/");}catch(e){si_cj("1 \thttps:\/\/de-de.facebook.com\/");window.document.write("\u003Cstyle>body * {display:none !important;}\u003C\/style>\u003Ca href=\"#\" onclick=\"top.location.href=window.location.href\" style=\"display:block !important;padding:10px\">\u003Ci class=\"img sp_ot43-fcCTjR sx_1786d5\" style=\"display:block !important\">\u003C\/i>Gehe zu facebook.com\u003C\/a>");/*is3v0eFj*/}}}())/*]]>*/</script> <script>requireLazy(["Bootloader"], function(Bootloader) {Bootloader.setResourceMap({"tHpo2":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yy\/r\/15ZQ-zQ3v3U.js"},"wkV0d":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y3\/r\/OHKEaij0Gu7.js"},"Uk8LO":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yb\/r\/DtznNfYQzWV.js"},"Mfdlt":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yu\/r\/sv0vS7XBCzp.js"},"T3iWz":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yZ\/r\/s9QnTF4eofX.js"},"5lV\/Y":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y_\/r\/2Vm04qDS1oE.js"},"4vv8\/":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yd\/r\/KzPBZimeKDr.js"},"urvAd":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yA\/r\/uRsOjqaRQpe.js"},"FB7kW":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y7\/r\/qg_jRu7jRLs.js"},"3aQFk":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yl\/r\/ErEEr3iINxu.js"},"Wuk+P":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y0\/r\/KSl1P3rdqMy.css"},"ruxjH":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y9\/r\/d47nnDakVWf.js"},"W2CMJ":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/ye\/r\/nkG-qzuC60R.js"},"20549":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yO\/r\/RUvbAoY6I6X.js"},"A2SQ6":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y1\/r\/PIb2M_XC2HU.js"},"AZqY0":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yx\/r\/upbWcApCoPf.js"},"sOe4L":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y2\/r\/AufM9vzACc9.js"},"ccpBO":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yz\/r\/VAI9TSC8ZQd.js"},"+ClWy":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yR\/r\/ifldbZpl6pk.js"},"oE4Do":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y4\/r\/rOyGh2ZVRlF.js"},"cNca2":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yn\/r\/30EnHY4MoaE.js"},"AlKkJ":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yN\/r\/6ogdNfw4dyf.js"},"viEt9":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yb\/r\/gzk1ZXqoIj-.js"},"azMl0":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yg\/r\/Vuy-nJwq1ca.css"},"MWvZC":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yQ\/r\/dY2KpnpWKGE.js"},"IEwU\/":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y5\/r\/uQ4ucjFthGl.js"},"d7V4X":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yz\/r\/DbVL0yMlRcI.js"},"b27nG":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yZ\/r\/byEdIHRGUNQ.js"},"BgQkM":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y0\/r\/76D9bErr3lq.css"},"1NaDb":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y0\/r\/vVJafgxY_F4.js"},"VDymv":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y0\/r\/rU2aYJbp6Np.css"},"Rs18G":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yK\/r\/jJ7AayeMLeP.js"},"6AU0l":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yz\/r\/fmwOgg1apT6.js"},"v8nAH":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yF\/r\/Us5Za6pVLOP.js"},"AtxWD":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yW\/r\/mf10nKW6oX5.js"},"zyFOp":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yK\/r\/GIF2Tlc0Im6.js"}});if (true) {Bootloader.enableBootload({"React":{"resources":["Uk8LO","FB7kW"],"module":true},"ExceptionDialog":{"resources":["Uk8LO","3aQFk","FB7kW","Wuk+P","ruxjH","W2CMJ","20549"],"module":true},"AsyncDOM":{"resources":["Uk8LO","A2SQ6"],"module":true},"QuickSandSolver":{"resources":["T3iWz","Uk8LO","Wuk+P","AZqY0","sOe4L","ccpBO","+ClWy"],"module":true},"ConfirmationDialog":{"resources":["Uk8LO","Wuk+P","FB7kW","oE4Do"],"module":true},"Dialog":{"resources":["Uk8LO","FB7kW","Wuk+P","3aQFk"],"module":true},"ErrorSignal":{"resources":["Uk8LO","cNca2"],"module":true},"Event":{"resources":[],"module":true},"AsyncDialog":{"resources":["Uk8LO","3aQFk","FB7kW","Wuk+P"],"module":true},"AsyncRequest":{"resources":["Uk8LO"],"module":true},"DialogX":{"resources":["Uk8LO","3aQFk","FB7kW","Wuk+P"],"module":true},"XUIDialogTitle.react":{"resources":["Uk8LO","FB7kW","Wuk+P","3aQFk"],"module":true},"XUIDialogBody.react":{"resources":["Uk8LO","FB7kW","Wuk+P","ruxjH"],"module":true},"XUIDialogButton.react":{"resources":["Uk8LO","FB7kW","Wuk+P","ruxjH"],"module":true},"XUIDialogFooter.react":{"resources":["Uk8LO","FB7kW","Wuk+P","ruxjH"],"module":true},"XUIGrayText.react":{"resources":["Uk8LO","FB7kW","Wuk+P"],"module":true},"PhotoSnowlift":{"resources":["Uk8LO","FB7kW","Wuk+P","3aQFk","AlKkJ","viEt9","azMl0","ruxjH"],"module":true},"PhotoTagger":{"resources":["Uk8LO","MWvZC","Wuk+P","FB7kW","IEwU\/","AlKkJ"],"module":true},"Live":{"resources":["Uk8LO","A2SQ6","FB7kW","d7V4X"],"module":true},"PhotoTagApproval":{"resources":["Uk8LO","AlKkJ","MWvZC"],"module":true},"PhotoTags":{"resources":["Uk8LO","AlKkJ","Wuk+P","MWvZC"],"module":true},"TagTokenizer":{"resources":["Uk8LO","b27nG","Wuk+P","BgQkM","AZqY0","MWvZC","FB7kW","1NaDb"],"module":true},"css:fb-photos-snowlift-fullscreen-css":{"resources":["VDymv"]},"PhotosButtonTooltips":{"resources":["Uk8LO","FB7kW","Wuk+P","Rs18G"],"module":true},"VideoRotate":{"resources":["Uk8LO","FB7kW","Wuk+P","3aQFk","6AU0l"],"module":true},"AsyncResponse":{"resources":["Uk8LO"],"module":true},"PhotoInlineEditor":{"resources":["Uk8LO","FB7kW","v8nAH","Wuk+P","AlKkJ","3aQFk","MWvZC","IEwU\/","1NaDb","b27nG","BgQkM","AZqY0","AtxWD"],"module":true},"Form":{"resources":["Uk8LO","Wuk+P"],"module":true},"SpotlightShareViewer":{"resources":["Uk8LO","FB7kW","3aQFk","zyFOp"],"module":true},"Toggler":{"resources":["Uk8LO","Wuk+P","FB7kW"],"module":true},"Tooltip":{"resources":["Uk8LO","FB7kW","Wuk+P"],"module":true},"DOM":{"resources":["Uk8LO"],"module":true},"Input":{"resources":["Uk8LO","Wuk+P"],"module":true},"trackReferrer":{"resources":[],"module":true},"DimensionTracking":{"resources":["Uk8LO","FB7kW","d7V4X"],"module":true},"HighContrastMode":{"resources":["Uk8LO","1NaDb","d7V4X"],"module":true},"DetectBrokenProxyCache":{"resources":["Uk8LO","d7V4X"],"module":true}});}}); requireLazy(["ix"], function(ix) {ix.add({"arrow-right:white:small":{"sprited":true,"spriteMapCssClass":"sp_kvEOsfTDz_6","spriteCssClass":"sx_a8f5f4"}});});</script> <script>requireLazy(["InitialJSLoader"], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady(["tHpo2","wkV0d","Uk8LO","Mfdlt","T3iWz","5lV\/Y","4vv8\/","urvAd"]);});</script> <script> (require("ServerJSDefine")).handleDefines([["TimeSpentConfig",[],{"0_delay":0,"0_timeout":8,"delay":200000,"timeout":64},142],["ImmediateActiveSecondsConfig",[],{"sampling_rate":0},423]]);require("InitialJSLoader").handleServerJS({"instances":[["m_0_6",["CheckpointSlideController","m_0_1","m_0_2","m_0_3","m_0_0","m_0_4","m_0_5"],[{"__m":"m_0_1"},{"__m":"m_0_2"},{"__m":"m_0_3"},{"checkpointSubmitButton":{"__m":"m_0_0"}},{"__m":"m_0_4"},{"__m":"m_0_5"}],1],["m_0_8",["UIForm","m_0_7","FormDisableOnSubmit"],[{"__m":"m_0_7"},null,false,null,[{"__m":"FormDisableOnSubmit"}]],1]],"elements":[["m_0_5","u_0_0",2],["m_0_4","u_0_1",2],["m_0_0","checkpointSubmitButton",2],["m_0_7","u_0_0",2],["m_0_1","u_0_2",2],["m_0_2","u_0_3",2],["m_0_3","u_0_4",2]],"require":[["PixelRatio","startDetecting",[],[1]],["m_0_6"],["m_0_8"],["Intl","setPhonologicalRules",[],[{"meta":{"\/_B\/":"([.,!?\\s]|^)","\/_E\/":"([.,!?\\s]|$)"},"patterns":{"\/(\u00df|s|z|x)\u0001s_E\/":"$1\u0001$2","\/_\u0001([^\u0001]*)\u0001\/e":"mb_strtolower(\"\u0001$1\u0001\")","\/\\^\\x01([^\\x01])(?=[^\\x01]*\\x01)\/e":"mb_strtoupper(\"\u0001$1\")","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}}]],["PostLoadJS","loadAndRequire",[],["DimensionTracking"]],["PostLoadJS","loadAndCall",[],["HighContrastMode","init",[{"isHCM":false,"spacerImage":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y4\/r\/-PAXP-deijE.gif"}]]],["PostLoadJS","loadAndCall",[],["DetectBrokenProxyCache","run",[0,"c_user"]]],["Artillery"],["ScriptPath","set",[],["WebCheckpointController","01afab33",{"imp_id":"b2d0358d"}]],["ClickRefLogger"],["userAction","setUATypeConfig",[],[{"ua:e":false}]],["ScriptPathState","setUserURISampleRate",[],[0.0002]],["userAction","setCustomSampleConfig",[],[{"ua:n":{"test":{"ua_id":{"test":true}}},"ua:i":{"snowlift":{"action":{"open":true,"close":true}},"snowflake":{"action":{"open":true,"close":true}},"canvas":{"action":{"mouseover":true,"mouseout":true}}}}]],["Chromedome","start",[],[{"wipe":1,"hardConsole":1,"warnings":[["\u0025cCareful. This might not do what you think.","font-size:40px; background-color:red; color:yellow; font-weight:bold; font-family:tahoma;"],["\u0025cThis is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account,\u0025c it is probably a scam and will give them access to your Facebook account.","font-size:20px; font-family:tahoma","font-size:20px; font-family:tahoma; font-weight:bold"]],"block":"The developer console is temporarily disabled; see https:\/\/www.facebook.com\/selfxss for more information"}]],["UserActionHistory"],["ScriptPathLogger","startLogging",[],[]],["TimeSpentBitArrayLogger","init",[],[]],["NavigationClickPointHandler"],["TinyViewport"],["WebStorageMonster","schedule",[],[false]],["ModuleErrorLogger","init",[],[]]]}); </script> <!-- BigPipe construction and first response --> <script>var bigPipe = new (require("BigPipe"))({"lid":"0","forceFinish":true});</script> <script>bigPipe.beforePageletArrive("first_response")</script> <script>require("TimeSlice").guard(function() {bigPipe.onPageletArrive({"id":"first_response","phase":0,"jsmods":{},"is_last":true,"css":["w7sYA","Wuk+P","vTIXC","kCyYJ"],"resource_map":{"w7sYA":{"type":"css","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y2\/r\/rTWcTTOQnyJ.css"},"vTIXC":{"type":"css","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yJ\/r\/RpIMwZ3Qy5i.css"},"kCyYJ":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yA\/r\/9naO6gNOkDh.css"}},"ixData":{"arrow-right:white:small":{"sprited":true,"spriteMapCssClass":"sp_kvEOsfTDz_6","spriteCssClass":"sx_a8f5f4"}},"js":["tHpo2","wkV0d","Uk8LO","Mfdlt","T3iWz","5lV\/Y","4vv8\/","urvAd"]});}, "onPageletArrive first_response")();</script><script>bigPipe.beforePageletArrive("")</script> <script>require("TimeSlice").guard(function() {bigPipe.onPageletArrive({"id":"","phase":1,"jsmods":{},"is_last":true,"css":["w7sYA","Wuk+P","vTIXC","kCyYJ"],"js":["tHpo2","wkV0d","Uk8LO","Mfdlt","T3iWz","5lV\/Y","4vv8\/","urvAd"],"the_end":true});}, "onPageletArrive ")();</script> </body></html> |
22.03.2015, 11:40 | #4 |
/// the machine /// TB-Ausbilder | Facebook Login fordert zum Passwort Wechsel auf Fraglich ob Facebook das rafft wenn Du das am Handy machst. Ich würde es auf der Website ändern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Facebook Login fordert zum Passwort Wechsel auf |
anhang, erhalte, facebook, facebook login, facebook passwort, firefox, fordert, geändert, heute, hierbei, hoffe, keinerlei, login, melde, meldung, msiexec.exe, nicht mehr, opera, passwort, passwort diebstahl, probleme, profil, rechner, sorge, sorgen, stimmen, tritt, webseite, wechsel |