HitmanPro 2 verdächtige Objekte

	
Code: 

Alles auswählenAufklappen 
ATTFilter

  
	
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : MOSSI-HP
   Windows . . . . . . . : 6.1.1.7601.X64/1
   User name . . . . . . : mossi-HP\mossi
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-01 21:36:55
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 21

   Objects scanned . . . : 1.807.039
   Files scanned . . . . : 22.612
   Remnants scanned  . . : 504.754 files / 1.279.673 keys

Suspicious files ____________________________________________________________

   C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbcl.dll
      Size . . . . . . . : 949.190 bytes
      Age  . . . . . . . : 19.2 days (2013-06-12 16:33:35)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
      Fuzzy  . . . . . . : 30.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -0.2s C:\Program Files (x86)\Steam\SteamApps\common\blacklightretribution\Blacklight Retribution\Live\Binaries\Win32\pb\pbcl.log
         -0.1s C:\Users\mossi\AppData\Local\PunkBuster\
         -0.1s C:\Users\mossi\AppData\Local\PunkBuster\BLR\
         -0.1s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\
         -0.0s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbclgame.cfg
         -0.0s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbcl.cfg
         -0.0s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbcl.db
          0.0s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbcl.dll
          0.0s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbag.dll
          0.1s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbcl.log
          0.2s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\scrnshot\
          0.2s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\dll\
          0.2s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\htm\
          1.2s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\PnkBstrB.exe
          5.2s C:\Windows\SysWOW64\PnkBstrB.xtr
         15.5s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys
         15.6s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\PnkBstrA.exe

   C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys
      Size . . . . . . . : 140.360 bytes
      Age  . . . . . . . : 19.2 days (2013-06-12 16:33:51)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 0F41B3843E2D2D1BB1ACF8B7CAA293309CC1CF8CF478B1AC86DD6BB214928DC4
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -15.7s C:\Program Files (x86)\Steam\SteamApps\common\blacklightretribution\Blacklight Retribution\Live\Binaries\Win32\pb\pbcl.log
         -15.6s C:\Users\mossi\AppData\Local\PunkBuster\
         -15.6s C:\Users\mossi\AppData\Local\PunkBuster\BLR\
         -15.6s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\
         -15.5s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbclgame.cfg
         -15.5s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbcl.cfg
         -15.5s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbcl.db
         -15.5s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbcl.dll
         -15.5s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbag.dll
         -15.3s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\pbcl.log
         -15.3s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\scrnshot\
         -15.3s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\dll\
         -15.3s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\htm\
         -14.2s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\PnkBstrB.exe
         -10.3s C:\Windows\SysWOW64\PnkBstrB.xtr
          0.0s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys
          0.1s C:\Users\mossi\AppData\Local\PunkBuster\BLR\pb\PnkBstrA.exe