Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Facebook Login fordert zum Passwort Wechsel auf

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.03.2015, 19:01   #1
PcNewbie
 
Facebook Login fordert zum Passwort Wechsel auf - Standard

Facebook Login fordert zum Passwort Wechsel auf



Seit heute werde ich nach dem Facebook Login am Rechner aufgefordert mein Passwort zu ändern. Ich habe hierbei keinerlei Chance dies zu umgehen. (Meldung siehe Anhang)

Dies tritt bei mir mit Opera, Firefox und dem IE auf. Was ich jedoch gemacht habe ist, dass ich mobil mein Passwort geändert habe. Doch auch wenn ich mich hiermit anmelde (die Meldung im Anhang kann somit nicht mehr stimmen) erhalte ich weiterhin diese Meldung. Mit meinem Zweitprofil (engerer Freundeskreis), kann ich mich jedoch weiterhin ohne Probleme anmelden.

Woran kann das liegen? Habe Sorgen die Änderung auf der Webseite durchzuführen. Hoffe, ihr könnt mir hierbei helfen.

FRST Log:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Fischi (administrator) on FORSTER-2CEGVPJ on 20-03-2015 19:03:45
Running from C:\Dokumente und Einstellungen\Fischi\Eigene Dateien\Downloads
Loaded Profiles: Fischi & UpdatusUser (Available profiles: Fischi & UpdatusUser)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sygate Technologies, Inc.) C:\Programme\Sygate\SPF\Smc.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\sched.exe
(Renesas Electronics Corporation) C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Lavasoft) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Programme\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
(Lavasoft Limited) C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avguard.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(GFI Software) C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
(Lavasoft Limited) C:\PROGRA~1\AD-AWA~1\AdAware.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe
() C:\Programme\Opera\28.0.1750.48\opera_crashreporter.exe
(Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Programme\Opera\28.0.1750.48\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [ExpressGateBIOSSwitch] => C:\ASUS.SYS\config\EGSwitch.exe [618600 2010-05-10] (DeviceVM, Inc.)
HKLM\...\Run: [SmcService] => C:\Programme\Sygate\SPF\Smc.exe [2577632 2004-10-15] (Sygate Technologies, Inc.)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] => "C:\Programme\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [avgnt] => C:\Programme\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [Nvtmru] => C:\Programme\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => C:\Programme\NVIDIA Corporation\nview\nwiz.exe [2562848 2013-05-12] ()
HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Programme\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ASUS USB-N13 WLAN Control Center.lnk
ShortcutTarget: ASUS USB-N13 WLAN Control Center.lnk -> C:\Programme\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe (ASUSTeK Computer Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-706699826-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1844237615-706699826-725345543-1004] => localhost:21320
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844237615-706699826-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKU\S-1-5-21-1844237615-706699826-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1844237615-706699826-725345543-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1844237615-706699826-725345543-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
URLSearchHook: [S-1-5-21-1844237615-706699826-725345543-1006] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-1844237615-706699826-725345543-1004 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-706699826-725345543-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll [2008-04-14] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Mozilla\Firefox\Profiles\qhacth6t.default-1426872528046
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Programme\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Programme\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1844237615-706699826-725345543-1004: sony.com/MediaGoDetector -> C:\Programme\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-20]

Chrome: 
=======
CHR Profile: C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27]
CHR Extension: (Google Docs) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]
CHR Extension: (Google Drive) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]
CHR Extension: (YouTube) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]
CHR Extension: (Google Search) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]
CHR Extension: (Google Sheets) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27]
CHR Extension: (Avira Browser Safety) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-11-27]
CHR Extension: (Gmail) - C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Programme\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\adawaretb\toolbar\chrome\toolbar.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Programme\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Avira.OE.ServiceHost; C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [127488 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [225280 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [24064 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [133120 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [111104 2009-02-09] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\System32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Microsoft Corporation) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-11-27] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-11-27] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-09] (Google)
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [148080 2015-03-06] (Mozilla Foundation)
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [294400 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [114176 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [114176 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [247296 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\System32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [438272 2008-04-14] (Microsoft Corporation) [File not signed]
R2 nvUpdatusService; C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592 2013-05-16] (NVIDIA Corporation)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [111104 2009-02-09] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [143360 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\System32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\System32\rsvp.exe [132608 2002-08-29] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SBAMSvc; C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [99840 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [193536 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [334336 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Microsoft Corporation) [File not signed]
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
R2 SmcService; C:\Programme\Sygate\SPF\smc.exe [2577632 2004-10-15] (Sygate Technologies, Inc.)
S3 Sony PC Companion; C:\Programme\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [334336 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [94208 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [297472 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [186880 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [292864 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [177152 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [145408 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\System32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [188800 2008-04-14] (Microsoft Corporation) [File not signed]
R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [12160 2002-08-29] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-08-04] (Cisco Systems, Inc.) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [105864 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation) [File not signed]
R3 BridgeMP; C:\WINDOWS\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2002-08-29] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [800384 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [154112 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2002-08-29] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R1 DVMIO; C:\WINDOWS\System32\DRIVERS\dvmio.sys [18136 2010-05-07] (DeviceVM, Inc.)
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Fdc; C:\WINDOWS\system32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44672 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2002-08-29] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [126336 2002-08-29] (Microsoft Corporation) [File not signed]
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-06-10] (GFI Software)
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider) [File not signed]
R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\system32\Drivers\i8042prt.sys [52992 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ip6fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2002-08-29] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37632 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [25216 2008-04-14] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14720 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2002-08-29] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30336 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23552 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12288 2002-08-29] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
S3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2002-08-29] (Microsoft Corporation) [File not signed]
R3 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2002-08-29] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2002-08-29] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS\system32\Drivers\Parport.sys [80384 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
S2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [7040 2002-08-29] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2002-08-29] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [39936 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2002-08-29] (Parallel Technologies, Inc.) [File not signed]
S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2002-08-29] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2002-08-29] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2002-08-29] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57728 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1173992 2012-10-13] (Realtek Semiconductor Corporation                           )
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [22064 2012-09-12] (GFI Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [66344 2012-09-12] (GFI Software)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [65536 2008-04-14] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] () [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Teefer; C:\WINDOWS\System32\Drivers\Teefer.sys [60496 2004-10-15] (Sygate Technologies, Inc.) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
S3 usbser; C:\WINDOWS\System32\DRIVERS\usbser.sys [26240 2013-08-29] (Microsoft Corporation) [File not signed]
R3 usbstor; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [53760 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
R2 wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [14568 2004-10-15] (Sygate Technologies, Inc.)
R2 wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [14568 2004-10-15] (Sygate Technologies, Inc.)
R2 wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [14568 2004-10-15] (Sygate Technologies, Inc.)
R2 wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [14568 2004-10-15] (Sygate Technologies, Inc.)
R1 WmiAcpi; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
R1 wpsdrvnt; C:\WINDOWS\System32\drivers\wpsdrvnt.sys [21075 2004-10-15] (Sygate Technologies, Inc.) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2002-08-29] (Microsoft Corporation) [File not signed]
R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S3 XPTWOPORT; C:\WINDOWS\System32\DRIVERS\XPTWOPORT.SYS [15872 2012-06-18] (Realtek Semiconductor Corporation                           ) [File not signed]
R3 xusb21; C:\WINDOWS\System32\DRIVERS\xusb21.sys [55808 2007-08-28] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U3 TlntSvr; No ImagePath
S4 vsdatant;  [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 18:32 - 2015-03-20 18:32 - 00000414 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1426872732.job
2015-03-20 18:32 - 2015-03-20 18:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\Opera Software
2015-03-20 18:32 - 2015-03-20 18:32 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software
2015-03-20 15:32 - 2015-03-20 15:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini032015-01.dmp
2015-03-20 14:20 - 2015-03-20 14:20 - 00000000 _____ () C:\WINDOWS\system32\SBRC.dat
2015-03-18 19:13 - 2015-03-18 19:13 - 00105439 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
2015-03-06 20:03 - 2015-03-06 20:03 - 00000000 ____D () C:\Programme\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 19:04 - 2014-11-30 14:22 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\temp
2015-03-20 19:03 - 2014-11-28 06:57 - 00000000 ____D () C:\FRST
2015-03-20 18:44 - 2014-11-27 20:28 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 18:32 - 2013-06-10 19:58 - 00000000 ____D () C:\Programme\Opera
2015-03-20 18:30 - 2013-06-10 20:56 - 00009620 _____ () C:\WINDOWS\system32\nvAppTimestamps
2015-03-20 18:28 - 2013-06-10 19:38 - 01209236 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-20 18:24 - 2013-06-10 19:34 - 00000000 ___RD () C:\Programme
2015-03-20 18:24 - 2013-06-10 19:34 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-03-20 18:19 - 2013-09-26 16:33 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-20 17:50 - 2014-11-30 14:22 - 00000000 ____D () C:\Dokumente und Einstellungen\UpdatusUser\Lokale Einstellungen\temp
2015-03-20 17:44 - 2014-11-27 20:28 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-20 17:18 - 2013-06-10 19:00 - 00000012 ____H () C:\dvmexp.idx
2015-03-20 17:11 - 2013-06-11 16:37 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-20 17:11 - 2013-06-10 20:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
2015-03-20 17:10 - 2013-06-10 19:36 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-03-20 17:10 - 2013-06-10 19:36 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-03-20 17:08 - 2014-03-22 13:30 - 00000224 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job
2015-03-20 17:08 - 2013-08-04 09:52 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2015-03-20 17:08 - 2013-06-10 18:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-20 17:05 - 2013-06-11 16:36 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-03-20 17:05 - 2013-06-10 18:43 - 00000190 ___SH () C:\Dokumente und Einstellungen\Fischi\ntuser.ini
2015-03-20 17:05 - 2013-06-10 18:43 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi
2015-03-20 17:05 - 2013-06-10 18:42 - 00032512 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-20 17:01 - 2014-11-28 16:43 - 00000000 ____D () C:\AdwCleaner
2015-03-20 15:31 - 2013-06-12 15:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2015-03-20 15:18 - 2013-06-10 20:36 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-03-20 15:05 - 2013-06-10 18:38 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-20 14:04 - 2014-11-27 16:55 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 14:03 - 2014-11-27 16:55 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware 
2015-03-20 14:03 - 2014-11-27 16:55 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware 
2015-03-18 19:13 - 2013-09-28 19:15 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\.gimp-2.8
2015-03-18 17:16 - 2002-08-29 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-15 12:00 - 2013-06-10 20:15 - 00000946 _____ () C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2015-03-14 13:25 - 2015-01-11 17:41 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Desktop\BBLProfis
2015-03-12 08:44 - 2013-07-19 18:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 08:34 - 2013-06-11 17:03 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-11 11:21 - 2013-06-10 20:34 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-11 11:21 - 2013-06-10 20:34 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-08 15:00 - 2014-03-22 13:30 - 00000218 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2015-03-08 08:01 - 2013-06-10 19:59 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2015-03-06 08:01 - 2014-05-29 10:38 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
2015-03-05 20:08 - 2014-08-14 19:45 - 00136894 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-03-05 20:08 - 2014-08-14 19:45 - 00136894 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1844237615-706699826-725345543-1004-0.dat
2015-03-05 16:51 - 2013-06-10 20:35 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
2015-03-05 16:51 - 2013-06-10 20:34 - 00000000 ____D () C:\Programme\Avira
2015-03-03 09:32 - 2014-10-16 19:01 - 00000034 _____ () C:\WINDOWS\1
2015-03-01 12:55 - 2013-06-20 16:52 - 00000000 ____D () C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\vlc
2015-02-28 13:30 - 2013-06-10 21:01 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Origin
2015-02-28 13:28 - 2013-06-10 21:01 - 00000000 ____D () C:\Programme\Origin

==================== Files in the root of some directories =======

2014-11-27 21:10 - 2014-11-27 21:10 - 0184039 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\ars.cache
2014-11-27 21:10 - 2014-11-27 21:10 - 0253859 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\census.cache
2015-01-10 12:29 - 2015-01-10 12:29 - 0003584 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-27 20:56 - 2014-11-27 20:56 - 0000036 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
2015-03-18 19:13 - 2015-03-18 19:13 - 0105439 _____ () C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel

Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\temp\avgnt.exe
C:\Dokumente und Einstellungen\Fischi\Lokale Einstellungen\temp\jre-8u40-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2002-08-29 13:00] - [2008-04-14 06:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e     

C:\WINDOWS\system32\winlogon.exe
[2002-08-29 13:00] - [2008-04-14 06:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a     

C:\WINDOWS\system32\svchost.exe
[2002-08-29 13:00] - [2008-04-14 06:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366     

C:\WINDOWS\system32\services.exe
[2002-08-29 13:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc     

C:\WINDOWS\system32\User32.dll
[2002-08-29 13:00] - [2008-04-14 06:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd     

C:\WINDOWS\system32\userinit.exe
[2002-08-29 13:00] - [2008-04-14 06:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106     

C:\WINDOWS\system32\rpcss.dll
[2002-08-29 13:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b     

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2002-08-29 13:00] - [2008-04-14 06:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d     


==================== End Of Log ============================
         
--- --- ---

--- --- ---

AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.102 - Bericht erstellt am 20/03/2015 um 19:07:40
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-23.7 [Local]
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzername : Fischi - FORSTER-2CEGVPJ
# Gestartet von : C:\Dokumente und Einstellungen\Fischi\Eigene Dateien\Downloads\adwcleaner_4.102.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gefunden : HKLM\SOFTWARE\DeviceVM
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v36.0.1 (x86 de)


-\\ Google Chrome v41.0.2272.89


-\\ Opera v28.0.1750.48

[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : edjkooiccbgjhlpfhkknkjhfpmjkmelk
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : bpffalghigmkdghibgickgcnkbcaidch
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Dokumente und Einstellungen\Fischi\Anwendungsdaten\Opera Software\Opera Stable\preferences] - Gefunden [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc

*************************

AdwCleaner[R0].txt - [5776 octets] - [28/11/2014 16:43:19]
AdwCleaner[R1].txt - [5836 octets] - [28/11/2014 16:49:50]
AdwCleaner[R2].txt - [2100 octets] - [28/11/2014 18:20:15]
AdwCleaner[R3].txt - [1407 octets] - [20/03/2015 17:00:34]
AdwCleaner[R4].txt - [3096 octets] - [20/03/2015 19:07:40]
AdwCleaner[S0].txt - [5949 octets] - [28/11/2014 16:51:03]
AdwCleaner[S1].txt - [2161 octets] - [28/11/2014 18:22:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [3276 octets] ##########
         
Miniaturansicht angehängter Grafiken
Facebook Login fordert zum Passwort Wechsel auf-fb.jpg  

Geändert von PcNewbie (20.03.2015 um 19:22 Uhr)

Alt 20.03.2015, 22:09   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Facebook Login fordert zum Passwort Wechsel auf - Standard

Facebook Login fordert zum Passwort Wechsel auf



Hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 22.03.2015, 07:37   #3
PcNewbie
 
Facebook Login fordert zum Passwort Wechsel auf - Standard

Facebook Login fordert zum Passwort Wechsel auf



Habe ich gemacht - CleanUp war nicht verfügbar, da Nichts gefunden wurde.
Hier das Log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.21.03
  rootkit: v2015.02.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Fischi :: FORSTER-2CEGVPJ [administrator]

21.03.2015 07:33:30
mbar-log-2015-03-21 (07-33-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 338300
Time elapsed: 2 hour(s), 16 minute(s), 29 second(s) 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
kann leider den alten Beitrag nicht mehr editieren - daher hier eine weitere Information.

Auch bei einem Facebook Login auf einem anderen Computer erscheint die Meldung, welche einen Passwort Wechsel fordert. Ist es dann doch echt? Obwohl ich mobil das Passwort schon geändert habe.

Hier noch der QuellCode der angezeigten Webseite
Code:
ATTFilter
<!DOCTYPE html>
<html lang="de" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>function envFlush(a){function b(c){for(var d in a)c[d]=a[d];}if(window.requireLazy){window.requireLazy(['Env'],b);}else{window.Env=window.Env||{};b(window.Env);}}envFlush({"ajaxpipe_token":"AXib0B49igab0TM2","lhsh":"pAQE4-UR6","khsh":"0`sj`e`rm`s-0fdu^gshdoer-0gc^eurf-3gc^eurf;1;enbtldou;fduDmdldourCxO`ld-2YLMIuuqSdptdru;qsnunuxqd;rdoe"});</script><script>CavalryLogger=false;</script><noscript><meta http-equiv="refresh" content="0; URL=/checkpoint/?next&amp;_fb_noscript=1" /></noscript><meta name="referrer" content="default" id="meta_referrer" /><title id="pageTitle">Facebook</title><link rel="alternate" media="only screen and (max-width: 640px)" href="https://www.facebook.com/checkpoint/?next" /><link rel="alternate" media="handheld" href="https://www.facebook.com/checkpoint/?next" /><meta name="robots" content="noodp,noydir" /><noscript><meta http-equiv="X-Frame-Options" content="DENY" /></noscript><link rel="shortcut icon" href="https://fbstatic-a.akamaihd.net/rsrc.php/yl/r/H3nktOa7ZMg.ico" /><link type="text/css" rel="stylesheet" href="https://fbstatic-a.akamaihd.net/rsrc.php/v2/y2/r/rTWcTTOQnyJ.css" data-bootloader-hash="w7sYA" />
<link type="text/css" rel="stylesheet" href="https://fbstatic-a.akamaihd.net/rsrc.php/v2/y0/r/KSl1P3rdqMy.css" data-bootloader-hash="Wuk+P" data-permanent="1" />
<link type="text/css" rel="stylesheet" href="https://fbstatic-a.akamaihd.net/rsrc.php/v2/yJ/r/RpIMwZ3Qy5i.css" data-bootloader-hash="vTIXC" />
<link type="text/css" rel="stylesheet" href="https://fbstatic-a.akamaihd.net/rsrc.php/v2/yA/r/9naO6gNOkDh.css" data-bootloader-hash="kCyYJ" data-permanent="1" />
<script src="https://fbstatic-a.akamaihd.net/rsrc.php/v2/y7/r/wAcQJTqnr2M.js" data-bootloader-hash="5MjVc" crossorigin="anonymous"></script>
<script>(require("ServerJSDefine")).handleDefines([["URLFragmentPreludeConfig",[],{"incorporateQuicklingFragment":true,"hashtagRedirect":true},137],["BootloaderConfig",[],{},329],["CSSLoaderConfig",[],{"timeout":5000},619],["AsyncRequestConfig",[],{"retryOnNetworkError":"1"},328],["DTSGInitialData",[],{"token":"KvCoDyemswg="},258],["SiteData",[],{"revision":1653508,"tier":"","push_phase":"V3","pkg_cohort":"EXP1:DEFAULT","vip":"173.252.120.6"},317],["CoreWarningGK",[],{"forceWarning":false},725],["CurrentUserInitialData",[],{"USER_ID":"0","ACCOUNT_ID":"0"},270],["UserAgentData",[],{"browserArchitecture":"32","browserFullVersion":"31.0","browserMinorVersion":0,"browserName":"Firefox","browserVersion":31,"deviceName":"Unknown","engineName":"Gecko","engineVersion":"31.0","platformArchitecture":"32","platformName":"Windows","platformVersion":"XP","platformFullVersion":"XP"},527],["CurrentCommunityInitialData",[],{},490],["ISB",[],{},330],["LSD",[],{},323],["BanzaiConfig",[],{"EXPIRY":86400000,"MAX_SIZE":10000,"MAX_WAIT":150000,"RESTORE_WAIT":150000,"blacklist":["time_spent"],"gks":{"adapterhooks":true,"boosted_pagelikes":true,"boosted_posts":true,"boosted_website":true,"click_ref_logger":true,"jslogger":true,"mercury_send_error_logging":true,"miny_compression":true,"pages_client_logging":true,"reportdata":true,"time_spent_bit_array":true,"useraction":true,"videos":true,"visibility_tracking":true,"vitals":true,"allow_userid_mismatch":true}},7],["FbtNumber",["IntlEnglishNumberType"],{"impl":{"__m":"IntlEnglishNumberType"}},605],["FbtLogger",[],{"logger":null},288],["FbtQTOverrides",[],{"overrides":{"1_fc9e5ed69606dfd03c1f3250e0ae569f":"ADDITIONAL PACKAGES","1_452b4d19f8b930f39a879fcac84ce90f":"CURRENT PACKAGE","1_e954abea12970bc8280ad2e0a0ed8059":"Current package:","1_165852c026de5a92c19aa100722294f2":"Continue with Current Package or Regular Rate","1_cc6247012c96beba161e79817f49ec9b":"You are leaving Facebook. Buy a data package from {carrier} and get more data to chat with friends, read articles and more.","1_9c0e991d114afb863d8eb9e2cefc0127":"You are leaving Internet.org. Buy a data package from {carrier} and get more data to chat with friends, read articles and more.","1_0cbcb2d1165ead7f5be2b3cdf7048031":"You are leaving Messenger. Buy a data package from {carrier} and get more data to chat with friends, read articles and more.","1_e0f7067ca9be01f00614e283938d57fd":"Buy a data package from {carrier} and get more data to watch videos, read articles and more.","1_48f2ba1e7ca3a18566e185de4b3b5015":"Get a Data Package"}},551],["EagleEyeConfig",[],{"seed":"0PA1"},294],["TrackingConfig",[],{"domain":"https:\/\/pixel.facebook.com"},325],["ErrorSignalConfig",[],{"uri":"https:\/\/error.facebook.com\/common\/scribe_endpoint.php"},319],["InitialServerTime",[],{"serverTime":1427006128000},204],["UFIConstants",[],{"UFIActionType":{"COMMENT_LIKE":"fa-type:comment-like","COMMENT_SET_SPAM":"fa-type:mark-spam","DELETE_COMMENT":"fa-type:delete-comment","DISABLE_COMMENTS":"fa-type:disable-comments","LIVE_DELETE_COMMENT":"fa-type:live-delete-comment","LIKE_ACTION":"fa-type:like","SUBSCRIBE_ACTION":"fa-type:subscribe","REMOVE_PREVIEW":"fa-type:remove-preview","MARK_COMMENT_SPAM":"fa-type:mark-spam","CONFIRM_COMMENT_REMOVAL":"fa-type:confirm-remove","TRANSLATE_COMMENT":"fa-type:translate-comment","COMMENT_LIKECOUNT_UPDATE":"fa-type:comment-likecount-update","ADD_COMMENT_ACTION":"fa-type:add-comment"},"UFICommentOrderingMode":{"CHRONOLOGICAL":"chronological","RANKED_THREADED":"ranked_threaded","TOPLEVEL":"toplevel","RECENT_ACTIVITY":"recent_activity","FEATURED":"featured","FILTERED":"filtered"},"UFIFeedbackSourceType":{"PROFILE":0,"NEWS_FEED":1,"OBJECT":2,"MOBILE":3,"EMAIL":4,"PROFILE_APPROVAL":10,"TICKER":12,"NONE":13,"INTERN":14,"ADS":15,"EVENT_GOING_FLYOUT":16,"PHOTOS_SNOWLIFT":17,"PHOTOS_SNOWFLAKE":20,"USER_TIMELINE":21,"PAGE_TIMELINE":22,"SEARCH":23,"PAGE_TAB":24,"TIMELINE_COLLECTION":25,"TOPIC_CONVERSATION":26},"UFIPayloadSourceType":{"UNKNOWN":0,"INITIAL_SERVER":1,"LIVE_SEND":2,"USER_ACTION":3,"ENDPOINT_LIKE":10,"ENDPOINT_COMMENT_LIKE":11,"ENDPOINT_ADD_COMMENT":12,"ENDPOINT_EDIT_COMMENT":13,"ENDPOINT_DELETE_COMMENT":14,"ENDPOINT_COMMENT_SPAM":16,"ENDPOINT_REMOVE_PREVIEW":17,"ENDPOINT_ID_COMMENT_FETCH":18,"ENDPOINT_COMMENT_FETCH":19,"ENDPOINT_TRANSLATE_COMMENT":20,"ENDPOINT_BAN":21,"ENDPOINT_SUBSCRIBE":22,"ENDPOINT_COMMENT_LIKECOUNT_UPDATE":23,"ENDPOINT_DISABLE_COMMENTS":24,"ENDPOINT_ACTOR_CHANGE":25},"UFIStatus":{"DELETED":"status:deleted","SPAM":"status:spam","SPAM_DISPLAY":"status:spam-display","LIVE_DELETED":"status:live-deleted","FAILED_ADD":"status:failed-add","FAILED_EDIT":"status:failed-edit","PENDING_EDIT":"status:pending-edit"},"attachmentTruncationLength":80,"commentTruncationLength":420,"commentTruncationMaxLines":3,"commentTruncationPercent":0.6,"commentURLTruncationLength":60,"defaultPageSize":50,"infiniteScrollRangeForQANDAPermalinks":1000,"minCommentsForOrderingModeSelector":2,"unavailableCommentKey":"unavailable_comment_key"},240]]);new (require("ServerJS"))().handle({"require":[["TimeSlice"],["markJSEnabled"],["lowerDomain"],["URLFragmentPrelude"],["Primer"],["Bootloader"]]});</script></head><body class="UIPage_LoggedOut _2gsg gecko win x1 Locale_de_DE" dir="ltr"><div class="_li"><div id="pagelet_bluebar" role="banner" data-click="bluebar" data-click-phase="0"><div id="blueBarDOMInspector" class="_21mm"><div id="blueBarNAXAnchor" class="_4f7n _xxp"><div class="_uaw clearfix" role="banner"><h1 class="_5lus"><a class="logo" href="#" role="button"></a></h1><div class="clearfix"><div class="lfloat _ohe"></div><div class="rfloat _ohf"><ul class="_2exj clearfix" role="navigation"><li class="navItem"><a class="_1ayn" href="https://www.facebook.com/logout.php?h=AfcGq4jpqrVfszBr&amp;t=1427006128&amp;ref=mb">Abmelden</a></li></ul></div></div></div></div></div></div><div id="globalContainer" class="uiContextualLayerParent"><div class="fb_content clearfix " id="content" role="main"><div class="_2d14"><form class="checkpoint" action="/checkpoint/?next" method="post" title="Bitte &#xe4;ndere dein Passwort" onsubmit="return window.Event &amp;&amp; Event.__inlineSubmit &amp;&amp; Event.__inlineSubmit(this,event)" id="u_0_0"><input type="hidden" name="fb_dtsg" value="KvCoDyemswg=" autocomplete="off" /><input type="hidden" autocomplete="off" name="nh" value="fdc40324166f86b5344dbd455be2bc47d478ffcd" /><div class="_4-u2 _5x_7 _p0k _5x_9"><div class="_2e9n" id="u_0_2"><strong id="u_0_3">Bitte ändere dein Passwort</strong></div><div class="_2ph_"><div class="mvm uiP fsm">Damit dein Facebook-Konto sicher bleibt, begleiten wir dich durch unser <a href="/help/290656277791437">automatisiertes Sicherheitsverfahren</a>. Dabei werden Passwörter abgeglichen, die von anderen Webseiten geklaut und online veröffentlicht wurden.</div><div class="mvm uiP fsm">Das von dir auf einer dieser Webseiten verwendete Passwort stimmt mit deinem Facebook-Passwort überein. Wir haben aktuell keine verdächtigen Anmeldeaktivitäten bei deinem Konto festgestellt. Wir begleiten dich aber bei einigen Schritten zum Ändern deines Passworts und helfen dir dabei, die Sicherheit deines Kontos zu gewährleisten.</div></div><div class="_5x_5" id="u_0_4"><div class="clearfix _5hzs" id="checkpointBottomBar"><div class="lfloat _ohe" id="u_0_1"></div><div class="rfloat _ohf"><button value="Weiter" class="_42ft _4jy0 _5x_e _4jy4 _4jy1 selected _51sy" id="checkpointSubmitButton" name="submit[Continue]" type="submit">Weiter</button></div></div></div></div></form></div><div class="_2d15"><ul class="uiList localeSelectorList _509- _4ki _6-h _6-j _6-i"><li><a dir="ltr" href="https://de-de.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;de_DE&quot;, &quot;https:\/\/de-de.facebook.com\/checkpoint\/?next&quot;);" title="German">Deutsch</a></li><li><a dir="ltr" href="https://www.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;en_US&quot;, &quot;https:\/\/www.facebook.com\/checkpoint\/?next&quot;);" title="English (US)">English (US)</a></li><li><a dir="ltr" href="https://tr-tr.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;tr_TR&quot;, &quot;https:\/\/tr-tr.facebook.com\/checkpoint\/?next&quot;);" title="Turkish">Türkçe</a></li><li><a dir="ltr" href="https://pl-pl.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;pl_PL&quot;, &quot;https:\/\/pl-pl.facebook.com\/checkpoint\/?next&quot;);" title="Polish">Polski</a></li><li><a dir="ltr" href="https://it-it.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;it_IT&quot;, &quot;https:\/\/it-it.facebook.com\/checkpoint\/?next&quot;);" title="Italian">Italiano</a></li><li><a dir="ltr" href="https://ro-ro.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;ro_RO&quot;, &quot;https:\/\/ro-ro.facebook.com\/checkpoint\/?next&quot;);" title="Romanian">Română</a></li><li><a dir="ltr" href="https://fr-fr.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;fr_FR&quot;, &quot;https:\/\/fr-fr.facebook.com\/checkpoint\/?next&quot;);" title="French (France)">Français (France)</a></li><li><a dir="ltr" href="https://ru-ru.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;ru_RU&quot;, &quot;https:\/\/ru-ru.facebook.com\/checkpoint\/?next&quot;);" title="Russian">Русский</a></li><li><a dir="rtl" href="https://ar-ar.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;ar_AR&quot;, &quot;https:\/\/ar-ar.facebook.com\/checkpoint\/?next&quot;);" title="Arabic">العربية</a></li><li><a dir="ltr" href="https://es-la.facebook.com/checkpoint/?next" onclick="intl_set_cookie_locale(&quot;es_LA&quot;, &quot;https:\/\/es-la.facebook.com\/checkpoint\/?next&quot;);" title="Spanish">Español</a></li><li><a class="showMore" rel="dialog" ajaxify="/settings/language/language/?uri=https%3A%2F%2Fwww.facebook.com%2Fcheckpoint%2F%3Fnext&amp;source=TOP_LOCALES_DIALOG" title="Weitere Sprachen anzeigen" href="#" role="button">…</a></li></ul></div></div><div id="pageFooter" data-referrer="page_footer"><div id="contentCurve"></div><div role="contentinfo" aria-label="Facebook-Webseitenlinks"><table class="uiGrid _51mz navigationGrid" cellspacing="0" cellpadding="0"><tbody><tr class="_51mx"><td class="_51m- hLeft plm"><a href="/r.php" title="F&#xfc;r Facebook registrieren">Registrieren</a></td><td class="_51m- hLeft plm"><a href="/login/" title="Bei Facebook anmelden">Anmelden</a></td><td class="_51m- hLeft plm"><a href="/mobile/?ref=pf" title="Probiere Facebook-Handy aus.">Handy</a></td><td class="_51m- hLeft plm"><a href="/find-friends?ref=pf" title="Finde jeden im Internet.">Freunde finden</a></td><td class="_51m- hLeft plm"><a href="/badges/?ref=pf" title="Bette ein Facebook-Banner auf deiner Website ein.">Banner</a></td><td class="_51m- hLeft plm"><a href="/directory/people/" title="Browse unser Personenverzeichnis.">Nutzer</a></td><td class="_51m- hLeft plm"><a href="/directory/pages/" title="Browse unser Seitenverzeichnis.">Seiten</a></td><td class="_51m- hLeft plm"><a href="/places/" title="Probiere beliebte Orte auf Facebook aus.">Orte</a></td><td class="_51m- hLeft plm _51mw"><a href="/games/" title="Probiere Spiele auf Facebook aus.">Spiele</a></td></tr><tr class="_51mx"><td class="_51m- hLeft plm"><a href="/directory/places/" title="Browse unser Orteverzeichnis.">Orte</a></td><td class="_51m- hLeft plm"><a href="/facebook" accesskey="8" title="Lies unseren Blog, entdecke unseren Ressourcenbereich und suche nach Jobs.">Über uns</a></td><td class="_51m- hLeft plm"><a href="/campaign/landing.php?placement=pflo&amp;campaign_id=402047449186&amp;extra_1=auto" title="Wirb auf Facebook.">Werbeanzeige erstellen</a></td><td class="_51m- hLeft plm"><a href="/pages/create/?ref_type=sitefooter" title="Seite erstellen">Seite erstellen</a></td><td class="_51m- hLeft plm"><a href="https://developers.facebook.com/?ref=pf" title="Entwickle Apps auf unserer Plattform.">Entwickler</a></td><td class="_51m- hLeft plm"><a href="/careers/?ref=pf" title="Mach deinen n&#xe4;chsten Karriereschritt und bewirb dich bei unserem gro&#xdf;artigen Unternehmen.">Karrieren</a></td><td class="_51m- hLeft plm"><a href="/privacy/explanation" title="Erfahre mehr &#xfc;ber deine Privatsph&#xe4;re und Facebook.">Datenschutz</a></td><td class="_51m- hLeft plm"><a href="/help/cookies/?ref=sitefooter" title="Erfahre mehr &#xfc;ber Cookies und Facebook.">Cookies</a></td><td class="_51m- hLeft plm _51mw"><a href="/policies/?ref=pf" accesskey="9" title="Unsere Nutzungsbedingungen und Richtlinien.">Impressum/Nutzungsbedingungen</a></td></tr><tr class="_51mx"><td class="_51m- hLeft plm"><a href="/help/?ref=pf" accesskey="0" title="Besuche unseren Hilfebereich.">Hilfe</a></td></tr></tbody></table></div><div class="mvl copyright"><div><span> Facebook © 2015</span><div class="fsm fwn fcg"><a rel="dialog" ajaxify="/settings/language/language/?uri=https%3A%2F%2Fwww.facebook.com%2Fcheckpoint%2F%3Fnext&amp;source=TOP_LOCALES_DIALOG" title="Benutze Facebook in einer anderen Sprache." href="#" role="button">Deutsch</a></div></div></div></div></div></div><script type="text/javascript">/*<![CDATA[*/(function(){function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=4860"+"&m="+m;},5000);}if(top!=self && !false){try{if(parent!=top){throw 1;}var si_cj_d=["apps.facebook.com","apps.beta.facebook.com"];var href=top.location.href.toLowerCase();for(var i=0;i<si_cj_d.length;i++){if (href.indexOf(si_cj_d[i])>=0){throw 1;}}si_cj("3 https:\/\/de-de.facebook.com\/");}catch(e){si_cj("1 \thttps:\/\/de-de.facebook.com\/");window.document.write("\u003Cstyle>body * {display:none !important;}\u003C\/style>\u003Ca href=\"#\" onclick=\"top.location.href=window.location.href\" style=\"display:block !important;padding:10px\">\u003Ci class=\"img sp_ot43-fcCTjR sx_1786d5\" style=\"display:block !important\">\u003C\/i>Gehe zu facebook.com\u003C\/a>");/*is3v0eFj*/}}}())/*]]>*/</script>
<script>requireLazy(["Bootloader"], function(Bootloader) {Bootloader.setResourceMap({"tHpo2":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yy\/r\/15ZQ-zQ3v3U.js"},"wkV0d":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y3\/r\/OHKEaij0Gu7.js"},"Uk8LO":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yb\/r\/DtznNfYQzWV.js"},"Mfdlt":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yu\/r\/sv0vS7XBCzp.js"},"T3iWz":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yZ\/r\/s9QnTF4eofX.js"},"5lV\/Y":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y_\/r\/2Vm04qDS1oE.js"},"4vv8\/":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yd\/r\/KzPBZimeKDr.js"},"urvAd":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yA\/r\/uRsOjqaRQpe.js"},"FB7kW":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y7\/r\/qg_jRu7jRLs.js"},"3aQFk":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yl\/r\/ErEEr3iINxu.js"},"Wuk+P":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y0\/r\/KSl1P3rdqMy.css"},"ruxjH":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y9\/r\/d47nnDakVWf.js"},"W2CMJ":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/ye\/r\/nkG-qzuC60R.js"},"20549":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yO\/r\/RUvbAoY6I6X.js"},"A2SQ6":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y1\/r\/PIb2M_XC2HU.js"},"AZqY0":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yx\/r\/upbWcApCoPf.js"},"sOe4L":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y2\/r\/AufM9vzACc9.js"},"ccpBO":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yz\/r\/VAI9TSC8ZQd.js"},"+ClWy":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yR\/r\/ifldbZpl6pk.js"},"oE4Do":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y4\/r\/rOyGh2ZVRlF.js"},"cNca2":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yn\/r\/30EnHY4MoaE.js"},"AlKkJ":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yN\/r\/6ogdNfw4dyf.js"},"viEt9":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yb\/r\/gzk1ZXqoIj-.js"},"azMl0":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yg\/r\/Vuy-nJwq1ca.css"},"MWvZC":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yQ\/r\/dY2KpnpWKGE.js"},"IEwU\/":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y5\/r\/uQ4ucjFthGl.js"},"d7V4X":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yz\/r\/DbVL0yMlRcI.js"},"b27nG":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yZ\/r\/byEdIHRGUNQ.js"},"BgQkM":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y0\/r\/76D9bErr3lq.css"},"1NaDb":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y0\/r\/vVJafgxY_F4.js"},"VDymv":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y0\/r\/rU2aYJbp6Np.css"},"Rs18G":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yK\/r\/jJ7AayeMLeP.js"},"6AU0l":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yz\/r\/fmwOgg1apT6.js"},"v8nAH":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yF\/r\/Us5Za6pVLOP.js"},"AtxWD":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yW\/r\/mf10nKW6oX5.js"},"zyFOp":{"type":"js","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yK\/r\/GIF2Tlc0Im6.js"}});if (true) {Bootloader.enableBootload({"React":{"resources":["Uk8LO","FB7kW"],"module":true},"ExceptionDialog":{"resources":["Uk8LO","3aQFk","FB7kW","Wuk+P","ruxjH","W2CMJ","20549"],"module":true},"AsyncDOM":{"resources":["Uk8LO","A2SQ6"],"module":true},"QuickSandSolver":{"resources":["T3iWz","Uk8LO","Wuk+P","AZqY0","sOe4L","ccpBO","+ClWy"],"module":true},"ConfirmationDialog":{"resources":["Uk8LO","Wuk+P","FB7kW","oE4Do"],"module":true},"Dialog":{"resources":["Uk8LO","FB7kW","Wuk+P","3aQFk"],"module":true},"ErrorSignal":{"resources":["Uk8LO","cNca2"],"module":true},"Event":{"resources":[],"module":true},"AsyncDialog":{"resources":["Uk8LO","3aQFk","FB7kW","Wuk+P"],"module":true},"AsyncRequest":{"resources":["Uk8LO"],"module":true},"DialogX":{"resources":["Uk8LO","3aQFk","FB7kW","Wuk+P"],"module":true},"XUIDialogTitle.react":{"resources":["Uk8LO","FB7kW","Wuk+P","3aQFk"],"module":true},"XUIDialogBody.react":{"resources":["Uk8LO","FB7kW","Wuk+P","ruxjH"],"module":true},"XUIDialogButton.react":{"resources":["Uk8LO","FB7kW","Wuk+P","ruxjH"],"module":true},"XUIDialogFooter.react":{"resources":["Uk8LO","FB7kW","Wuk+P","ruxjH"],"module":true},"XUIGrayText.react":{"resources":["Uk8LO","FB7kW","Wuk+P"],"module":true},"PhotoSnowlift":{"resources":["Uk8LO","FB7kW","Wuk+P","3aQFk","AlKkJ","viEt9","azMl0","ruxjH"],"module":true},"PhotoTagger":{"resources":["Uk8LO","MWvZC","Wuk+P","FB7kW","IEwU\/","AlKkJ"],"module":true},"Live":{"resources":["Uk8LO","A2SQ6","FB7kW","d7V4X"],"module":true},"PhotoTagApproval":{"resources":["Uk8LO","AlKkJ","MWvZC"],"module":true},"PhotoTags":{"resources":["Uk8LO","AlKkJ","Wuk+P","MWvZC"],"module":true},"TagTokenizer":{"resources":["Uk8LO","b27nG","Wuk+P","BgQkM","AZqY0","MWvZC","FB7kW","1NaDb"],"module":true},"css:fb-photos-snowlift-fullscreen-css":{"resources":["VDymv"]},"PhotosButtonTooltips":{"resources":["Uk8LO","FB7kW","Wuk+P","Rs18G"],"module":true},"VideoRotate":{"resources":["Uk8LO","FB7kW","Wuk+P","3aQFk","6AU0l"],"module":true},"AsyncResponse":{"resources":["Uk8LO"],"module":true},"PhotoInlineEditor":{"resources":["Uk8LO","FB7kW","v8nAH","Wuk+P","AlKkJ","3aQFk","MWvZC","IEwU\/","1NaDb","b27nG","BgQkM","AZqY0","AtxWD"],"module":true},"Form":{"resources":["Uk8LO","Wuk+P"],"module":true},"SpotlightShareViewer":{"resources":["Uk8LO","FB7kW","3aQFk","zyFOp"],"module":true},"Toggler":{"resources":["Uk8LO","Wuk+P","FB7kW"],"module":true},"Tooltip":{"resources":["Uk8LO","FB7kW","Wuk+P"],"module":true},"DOM":{"resources":["Uk8LO"],"module":true},"Input":{"resources":["Uk8LO","Wuk+P"],"module":true},"trackReferrer":{"resources":[],"module":true},"DimensionTracking":{"resources":["Uk8LO","FB7kW","d7V4X"],"module":true},"HighContrastMode":{"resources":["Uk8LO","1NaDb","d7V4X"],"module":true},"DetectBrokenProxyCache":{"resources":["Uk8LO","d7V4X"],"module":true}});}});
requireLazy(["ix"], function(ix) {ix.add({"arrow-right:white:small":{"sprited":true,"spriteMapCssClass":"sp_kvEOsfTDz_6","spriteCssClass":"sx_a8f5f4"}});});</script>
<script>requireLazy(["InitialJSLoader"], function(InitialJSLoader) {InitialJSLoader.loadOnDOMContentReady(["tHpo2","wkV0d","Uk8LO","Mfdlt","T3iWz","5lV\/Y","4vv8\/","urvAd"]);});</script>
<script>

(require("ServerJSDefine")).handleDefines([["TimeSpentConfig",[],{"0_delay":0,"0_timeout":8,"delay":200000,"timeout":64},142],["ImmediateActiveSecondsConfig",[],{"sampling_rate":0},423]]);require("InitialJSLoader").handleServerJS({"instances":[["m_0_6",["CheckpointSlideController","m_0_1","m_0_2","m_0_3","m_0_0","m_0_4","m_0_5"],[{"__m":"m_0_1"},{"__m":"m_0_2"},{"__m":"m_0_3"},{"checkpointSubmitButton":{"__m":"m_0_0"}},{"__m":"m_0_4"},{"__m":"m_0_5"}],1],["m_0_8",["UIForm","m_0_7","FormDisableOnSubmit"],[{"__m":"m_0_7"},null,false,null,[{"__m":"FormDisableOnSubmit"}]],1]],"elements":[["m_0_5","u_0_0",2],["m_0_4","u_0_1",2],["m_0_0","checkpointSubmitButton",2],["m_0_7","u_0_0",2],["m_0_1","u_0_2",2],["m_0_2","u_0_3",2],["m_0_3","u_0_4",2]],"require":[["PixelRatio","startDetecting",[],[1]],["m_0_6"],["m_0_8"],["Intl","setPhonologicalRules",[],[{"meta":{"\/_B\/":"([.,!?\\s]|^)","\/_E\/":"([.,!?\\s]|$)"},"patterns":{"\/(\u00df|s|z|x)\u0001s_E\/":"$1\u0001$2","\/_\u0001([^\u0001]*)\u0001\/e":"mb_strtolower(\"\u0001$1\u0001\")","\/\\^\\x01([^\\x01])(?=[^\\x01]*\\x01)\/e":"mb_strtoupper(\"\u0001$1\")","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}}]],["PostLoadJS","loadAndRequire",[],["DimensionTracking"]],["PostLoadJS","loadAndCall",[],["HighContrastMode","init",[{"isHCM":false,"spacerImage":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y4\/r\/-PAXP-deijE.gif"}]]],["PostLoadJS","loadAndCall",[],["DetectBrokenProxyCache","run",[0,"c_user"]]],["Artillery"],["ScriptPath","set",[],["WebCheckpointController","01afab33",{"imp_id":"b2d0358d"}]],["ClickRefLogger"],["userAction","setUATypeConfig",[],[{"ua:e":false}]],["ScriptPathState","setUserURISampleRate",[],[0.0002]],["userAction","setCustomSampleConfig",[],[{"ua:n":{"test":{"ua_id":{"test":true}}},"ua:i":{"snowlift":{"action":{"open":true,"close":true}},"snowflake":{"action":{"open":true,"close":true}},"canvas":{"action":{"mouseover":true,"mouseout":true}}}}]],["Chromedome","start",[],[{"wipe":1,"hardConsole":1,"warnings":[["\u0025cCareful. This might not do what you think.","font-size:40px; background-color:red; color:yellow; font-weight:bold; font-family:tahoma;"],["\u0025cThis is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account,\u0025c it is probably a scam and will give them access to your Facebook account.","font-size:20px; font-family:tahoma","font-size:20px; font-family:tahoma; font-weight:bold"]],"block":"The developer console is temporarily disabled; see https:\/\/www.facebook.com\/selfxss for more information"}]],["UserActionHistory"],["ScriptPathLogger","startLogging",[],[]],["TimeSpentBitArrayLogger","init",[],[]],["NavigationClickPointHandler"],["TinyViewport"],["WebStorageMonster","schedule",[],[false]],["ModuleErrorLogger","init",[],[]]]});

</script>
<!-- BigPipe construction and first response -->
<script>var bigPipe = new (require("BigPipe"))({"lid":"0","forceFinish":true});</script>
<script>bigPipe.beforePageletArrive("first_response")</script>
<script>require("TimeSlice").guard(function() {bigPipe.onPageletArrive({"id":"first_response","phase":0,"jsmods":{},"is_last":true,"css":["w7sYA","Wuk+P","vTIXC","kCyYJ"],"resource_map":{"w7sYA":{"type":"css","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/y2\/r\/rTWcTTOQnyJ.css"},"vTIXC":{"type":"css","crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yJ\/r\/RpIMwZ3Qy5i.css"},"kCyYJ":{"type":"css","permanent":1,"crossOrigin":1,"src":"https:\/\/fbstatic-a.akamaihd.net\/rsrc.php\/v2\/yA\/r\/9naO6gNOkDh.css"}},"ixData":{"arrow-right:white:small":{"sprited":true,"spriteMapCssClass":"sp_kvEOsfTDz_6","spriteCssClass":"sx_a8f5f4"}},"js":["tHpo2","wkV0d","Uk8LO","Mfdlt","T3iWz","5lV\/Y","4vv8\/","urvAd"]});}, "onPageletArrive first_response")();</script><script>bigPipe.beforePageletArrive("")</script>
<script>require("TimeSlice").guard(function() {bigPipe.onPageletArrive({"id":"","phase":1,"jsmods":{},"is_last":true,"css":["w7sYA","Wuk+P","vTIXC","kCyYJ"],"js":["tHpo2","wkV0d","Uk8LO","Mfdlt","T3iWz","5lV\/Y","4vv8\/","urvAd"],"the_end":true});}, "onPageletArrive ")();</script>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      </body></html>
         
__________________

Alt 22.03.2015, 11:40   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Facebook Login fordert zum Passwort Wechsel auf - Standard

Facebook Login fordert zum Passwort Wechsel auf



Fraglich ob Facebook das rafft wenn Du das am Handy machst. Ich würde es auf der Website ändern.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Facebook Login fordert zum Passwort Wechsel auf
anhang, erhalte, facebook, facebook login, facebook passwort, firefox, fordert, geändert, heute, hierbei, hoffe, keinerlei, login, melde, meldung, msiexec.exe, nicht mehr, opera, passwort, passwort diebstahl, probleme, profil, rechner, sorge, sorgen, stimmen, tritt, webseite, wechsel



Ähnliche Themen: Facebook Login fordert zum Passwort Wechsel auf


  1. Windows 7 : Facebook Login Versuch aus Taiwan
    Log-Analyse und Auswertung - 28.09.2015 (5)
  2. Facebook login-daten durch trojaner o.ä. ermitteln?
    Plagegeister aller Art und deren Bekämpfung - 28.05.2015 (33)
  3. Aufforderung zum Facebook Passwort Wechsel - Echt oder Fake?
    Diskussionsforum - 01.04.2015 (16)
  4. PC bleibt beim anklicken von PDF-Dateien oder dem Facebook-Login mit Firefox kurz hängen
    Alles rund um Windows - 14.03.2015 (2)
  5. Win 7, Login-Screen flackert, kein Login möglich
    Log-Analyse und Auswertung - 08.12.2014 (5)
  6. Win 7, Login-Screen flackert, kein Login möglich
    Log-Analyse und Auswertung - 06.12.2014 (3)
  7. Meldung nach Facebook Login: Dein Computer muss gereinigt werden
    Plagegeister aller Art und deren Bekämpfung - 30.11.2014 (5)
  8. Synology räumt nach Heartbleed auf: Passwort-Wechsel und Updates
    Nachrichten - 15.04.2014 (0)
  9. Facebook-App verschickt Telefonnummer auch ohne Login
    Nachrichten - 29.06.2013 (0)
  10. Problem mit automatischem Login bei Facebook
    Alles rund um Windows - 16.12.2012 (8)
  11. Trojaner (chatfenster öffnet sich, person verlangt geld und hat meine facebook login daten...)
    Log-Analyse und Auswertung - 04.06.2012 (3)
  12. Facebook Account Login in Honk Kong mit IE
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (0)
  13. gleiche IP-Adresse im Netzwek und fremder facebook-Login
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (46)
  14. Facebook mit 2-Faktor-Login und weiteren Sicherheitsverbesserungen
    Nachrichten - 13.05.2011 (0)
  15. Facebook mit Zweifaktor-Login und weiteren Sicherheitsverbesserungen
    Nachrichten - 13.05.2011 (0)
  16. Facebook-Passwort Virus
    Plagegeister aller Art und deren Bekämpfung - 29.03.2011 (1)
  17. kein login nach dropper.gen mehr möglich, hat er mein Passwort geändert?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (1)

Zum Thema Facebook Login fordert zum Passwort Wechsel auf - Seit heute werde ich nach dem Facebook Login am Rechner aufgefordert mein Passwort zu ändern. Ich habe hierbei keinerlei Chance dies zu umgehen. (Meldung siehe Anhang) Dies tritt bei mir - Facebook Login fordert zum Passwort Wechsel auf...
Archiv
Du betrachtest: Facebook Login fordert zum Passwort Wechsel auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.