Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 19.04.2015, 13:11   #1
paradog
 
Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Standard

Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner



Hallo,

In den letzten Wochen kam es hin und wieder vor, dass wenn ich einen neuen Tab geöffnet habe und aus der in der Browserzeile integrierten Googlesuche eine Suche gestartet habe, eine Captcha Abfrage von Google kam, da sehr laut Google sehr viele Anfragen von meinem System aus eingingen.
War aber nicht bei jeder Suche so, deswegen dachte ich erst mal nichts böses.
Heute kam, als ich mich bei Youtube anmelden wollte, die Meldung jemand hätte versucht sich mit meinem Passwort von wo anders aus anzumelden, ich sollte deswegen doch bitte mein Passwort ändern.

Mails gecheckt, Nachricht von Twitch.tv, da wäre das gleiche passiert, obwohl ich den Account seit über nem Jahr nicht mehr nutze. Habe bei Twitch aber die gleiche Mail-Adresse wie bei Youtube verwendet. Ob das alte Passwort da das gleiche war wie das alte Youtube Passwort kann ich nicht sagen.


Hab dann jedenfalls mal Malwarebytes laufen lassen.
Hier die logfiles:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.04.2015
Suchlauf-Zeit: 10:34:58
Logdatei: mwb,amh,prfg1.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.19.02
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: WB

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 440982
Verstrichene Zeit: 26 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 5
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [c2aca2cc8208ca6c5ab60639a261da26], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, , [c2aca2cc8208ca6c5ab60639a261da26], 
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [135b1d510c7e68ce04423306c53e6997], 
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [135b1d510c7e68ce04423306c53e6997], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, , [7ef0274777135adc506e32ac917204fc], 

Registrierungswerte: 5
Trojan.Agent.Gen, HKU\S-1-5-21-891635277-1297341078-1701692141-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Microsoft Firewall 2.9, C:\Users\WB\AppData\Roaming\WMPRWISE.EXE, , [80ee2a44c9c1c37323921a1d689c5ea2]
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), , [a1cd125c3456ee488dd987ca41c4a060]
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://search.babylon.com/?q={searchTerms}&tt=110112_ncp3&babsrc=SP_def&mntrId=62b5607700000000000000a1b0258e8b, , [6707bfaf47439c9ae87e2f2218ed5da3]
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), , [e18d70feb9d171c5b2b4dc7580850df3]
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://search.babylon.com/?q={searchTerms}&tt=110112_ncp3&babsrc=SP_def&mntrId=62b5607700000000000000a1b0258e8b, , [77f71d51d4b6a19580e657fa14f150b0]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 32
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa, , [c9a594da0c7e1c1ace31160124e13fc1], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\de, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\en, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\es, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\fr, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\it, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ja, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\nl, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pl, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pt, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ru, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\tr, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_CN, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_TW, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR, , [d5990c621971e650ea2e0baf020139c7], 

Dateien: 129
Trojan.Ransom.Gend, C:\Users\WB\AppData\Roaming\ntuser.dat, , [beb0f07e73175cdad50f1c1fac55e21e], 
Trojan.BitMiner, C:\Users\WB\AppData\Roaming\aloj\scvhost.exe, , [3d31650994f6d1652748df02649e30d0], 
Trojan.BitMiner, C:\Users\WB\AppData\Roaming\casa\scvhost.exe, , [15590b636f1bd75f4b2436ab8f73f20e], 
Trojan.BitMiner, C:\Users\WB\AppData\Local\Temp\webyeryb3460vavaw.exe, , [a4ca80ee0b7f2f07e38c25bc877b7888], 
Trojan.Agent.ED, C:\Users\WB\AppData\Local\Temp\webyeryb3461vavaw.exe, , [6b03b8b67515b581e83425f11ae7d729], 
Backdoor.Agent.WLMS, C:\Users\WB\AppData\Local\Temp\webyeryb3462vavaw.exe, , [f5792549a7e3f93d6f9f0d11936eba46], 
PUP.Optional.OpenCandy, C:\Users\WB\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exe, , [323c6b03cdbd3ef8236663c48680d62a], 
Trojan.Agent.ED, C:\Users\WB\AppData\Local\Temp\rtmw3.exe, , [4d213e302268e05615777294936ec33d], 
Adware.InstallCore, C:\Users\WB\AppData\Local\Temp\1003398.Uninstall\Uninstall.exe, , [b0bef6786e1c4cea4ee24f57c53b6c94], 
PUP.Optional.Dealply, C:\Users\WB\AppData\Local\Temp\is1972027439\dealply.exe, , [81ed1f4fb6d4c472411c5ec9c640fc04], 
PUP.Optional.Dealply, C:\Users\WB\AppData\Local\Temp\is2063840535\dealply.exe, , [1e50046ab8d23402f96452d51ee8fb05], 
Virus.Expiro, C:\Users\WB\AppData\Local\Temp\tmp165b2a09\qw.exe, , [9bd39fcfa8e2cb6ba92e3752b24f45bb], 
PUP.Optional.BabylonToolBar.A, C:\Users\WB\AppData\Local\Temp\A036546C-BAB0-7891-85D2-4A11532196B4\MyBabylonTB.exe, , [6fff303e3c4ef2447cd6ea5ea75acd33], 
Adware.InstallCore, C:\Users\WB\AppData\Local\Temp\ICReinstall\AudioConverterSetup.exe, , [c8a648267e0cd16568c8c4e29c6448b8], 
PUP.Optional.BabylonToolBar.A, C:\Users\WB\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe, , [84ea462886048babc092f157bc45966a], 
Virus.Expiro, C:\Users\WB\AppData\Local\Temp\tmp64e3122f\74.exe, , [6608d896048685b132a58801897811ef], 
Exploit.Drop.GS, C:\Users\WB\AppData\Local\Temp\webyeryb3463vavaw.exe, , [cea05e107416e254b621d15a94709868], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\miner.php, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\API.class, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\bio.bat, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\diablo121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\diakgcn121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libblkmaker-0.1-0.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libblkmaker_jansson-0.1-0.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libcurl-4.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libjansson-4.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libusb-1.0.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\pdcurses.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\phatk121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\poclbm121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\pthreadGC2.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\scrypt121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\zlib1.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\miner.php, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\1.bat, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\API.class, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\diablo121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\diakgcn121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\guni.bat, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libblkmaker-0.1-0.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libblkmaker_jansson-0.1-0.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libcurl-4.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libjansson-4.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libusb-1.0.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\pdcurses.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\phatk121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\poclbm121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\pthreadGC2.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\scrypt121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\zlib1.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\background.html, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\background.js, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_freeyoutubedownload.css, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_freeyoutubedownload.js, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo.ico, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo_128.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo_32.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo_48.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\errorRunProgramm.html, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\manifest.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\options.html, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\options.js, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\page_action.html, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\backbar.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\download.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\fs.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\headphone.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\logo.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\manager.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\YoutubeDownloader.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\YoutubeToMp3.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\de\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\en\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\es\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\fr\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\it\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ja\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\nl\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pl\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pt\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ru\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\tr\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_CN\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_TW\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Sieht so aus, als hätte jemand meinen PC irgendwie zum Bitcoin minen missbraucht, der sich unter „scvhost.exe” versteckt hat. Der eigentliche Windows Prozess heißt ja svchost..



Nachdem ich auf ich bei Malwarebytes auf „Entfernen” gedrückt und die Logfile gespeichert habe, Hitman laufen lassen, der auch noch einiges gefunden:
Code:
ATTFilter
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : WB-PC
   Windows . . . . . . . : 6.0.2.6002.X64/3
   User name . . . . . . : WB-PC\WB
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-04-19 11:19:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 39m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 81

   Objects scanned . . . : 6.094.314
   Files scanned . . . . : 74.019
   Remnants scanned  . . : 555.108 files / 5.465.187 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8004B34700
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA8003F782C0 +0
   Solution
      DriverObject . . . : FFFFFA8004B34700
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA6000AF7D08 \SystemRoot\system32\drivers\ataport.SYS+19720

Suspicious files ____________________________________________________________

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll
      Size . . . . . . . : 948.118 bytes
      Age  . . . . . . . : 1177.4 days (2012-01-28 02:37:41)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll
      Size . . . . . . . : 965.329 bytes
      Age  . . . . . . . : 1109.8 days (2012-04-04 16:39:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1108.5 days (2012-04-05 23:42:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 938.9 days (2012-09-22 12:58:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 792.5 days (2013-02-15 22:49:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 579.9 days (2013-09-16 14:26:23)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 1292.5 days (2011-10-04 22:08:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1163.6 days (2012-02-10 21:08:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139.944 bytes
      Age  . . . . . . . : 1292.5 days (2011-10-04 22:08:40)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : E0AB414DBD7AA5888B861AE64B0F9674CED054C755502DDE124A91D6CD6CE97A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 139.552 bytes
      Age  . . . . . . . : 564.5 days (2013-10-02 00:28:43)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 915.149 bytes
      Age  . . . . . . . : 1318.3 days (2011-09-09 03:11:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 138.264 bytes
      Age  . . . . . . . : 1318.3 days (2011-09-09 03:12:29)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733.004 bytes
      Age  . . . . . . . : 1276.7 days (2011-10-20 18:14:42)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\Babylon\ (Babylon)
   C:\Program Files\Babylon\ (Babylon)
   C:\Program Files\Babylon\Babylon-Pro\ (Babylon)
   C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe (Babylon)
      Size . . . . . . . : 129.536 bytes
      Age  . . . . . . . : 1183.4 days (2012-01-22 02:24:48)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 5E68C077375F4F06357CA19F1894DAA4966EEC1864A16D033B6C4F32380F57E0
      Product  . . . . . : BabylonHelper
      Publisher  . . . . : Babylon
      Description  . . . : Support for 64-bit OS
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : Babylon.com  All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Program Files\Babylon\Babylon-Pro\captlib64.dll (Babylon)
      Size . . . . . . . : 286.208 bytes
      Age  . . . . . . . : 1183.4 days (2012-01-22 02:24:46)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 85108948A6DD19929799100C0868C6B51499C77608D3249A3E59306DAF586BDB
      Product  . . . . . : Babylon Client
      Publisher  . . . . : Babylon Ltd.
      Description  . . . : Babylon Information Tool
      Version  . . . . . : 9.0.3.12
      Copyright  . . . . : Copyright © Babylon Ltd. 1997-2011
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Administrator\AppData\Local\Babylon\ (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\ (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.conf (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.log (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\FLStat.dat (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\log_file.txt (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\MyList.dat (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\ocr_cache (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\ (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\convert.dat (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\rates.dat (Babylon)
   HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Prod.cap\ (Claro)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
         

Logfile nach der Bereinigung durch Hitman:
Code:
ATTFilter
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : WB-PC
   Windows . . . . . . . : 6.0.2.6002.X64/3
   User name . . . . . . : WB-PC\WB
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-04-19 11:19:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 39m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 81

   Objects scanned . . . : 6.094.314
   Files scanned . . . . : 74.019
   Remnants scanned  . . : 555.108 files / 5.465.187 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8004B34700
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA8003F782C0 +0
   Solution
      DriverObject . . . : FFFFFA8004B34700
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA6000AF7D08 \SystemRoot\system32\drivers\ataport.SYS+19720

Suspicious files ____________________________________________________________

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll
      Size . . . . . . . : 948.118 bytes
      Age  . . . . . . . : 1177.4 days (2012-01-28 02:37:41)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll
      Size . . . . . . . : 965.329 bytes
      Age  . . . . . . . : 1109.8 days (2012-04-04 16:39:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1108.5 days (2012-04-05 23:42:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 938.9 days (2012-09-22 12:58:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 792.5 days (2013-02-15 22:49:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 579.9 days (2013-09-16 14:26:23)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 1292.5 days (2011-10-04 22:08:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1163.6 days (2012-02-10 21:08:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139.944 bytes
      Age  . . . . . . . : 1292.5 days (2011-10-04 22:08:40)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : E0AB414DBD7AA5888B861AE64B0F9674CED054C755502DDE124A91D6CD6CE97A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 139.552 bytes
      Age  . . . . . . . : 564.5 days (2013-10-02 00:28:43)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 915.149 bytes
      Age  . . . . . . . : 1318.3 days (2011-09-09 03:11:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 138.264 bytes
      Age  . . . . . . . : 1318.3 days (2011-09-09 03:12:29)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733.004 bytes
      Age  . . . . . . . : 1276.7 days (2011-10-20 18:14:42)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\Babylon\ (Babylon) -> Deleted
   C:\Program Files\Babylon\ (Babylon) -> Deleted
   C:\Program Files\Babylon\Babylon-Pro\ (Babylon) -> Deleted
   C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe (Babylon) -> Deleted
      Size . . . . . . . : 129.536 bytes
      Age  . . . . . . . : 1183.4 days (2012-01-22 02:24:48)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 5E68C077375F4F06357CA19F1894DAA4966EEC1864A16D033B6C4F32380F57E0
      Product  . . . . . : BabylonHelper
      Publisher  . . . . : Babylon
      Description  . . . : Support for 64-bit OS
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : Babylon.com  All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Program Files\Babylon\Babylon-Pro\captlib64.dll (Babylon) -> Deleted
      Size . . . . . . . : 286.208 bytes
      Age  . . . . . . . : 1183.4 days (2012-01-22 02:24:46)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 85108948A6DD19929799100C0868C6B51499C77608D3249A3E59306DAF586BDB
      Product  . . . . . : Babylon Client
      Publisher  . . . . : Babylon Ltd.
      Description  . . . : Babylon Information Tool
      Version  . . . . . : 9.0.3.12
      Copyright  . . . . : Copyright © Babylon Ltd. 1997-2011
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Administrator\AppData\Local\Babylon\ (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\ (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.conf (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.log (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\FLStat.dat (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\log_file.txt (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\MyList.dat (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\ocr_cache (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\ (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\convert.dat (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\rates.dat (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr\ (Babylon) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Prod.cap\ (Claro) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted
         




Und nochmal Hitman, nach dem anschließenden Neustart:
Code:
ATTFilter
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : WB-PC
   Windows . . . . . . . : 6.0.2.6002.X64/3
   User name . . . . . . : WB-PC\WB
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-04-19 12:44:54
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 20m 35s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 15

   Objects scanned . . . : 5.820.298
   Files scanned . . . . : 73.424
   Remnants scanned  . . : 550.289 files / 5.196.585 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8004A80E70
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA8003F752C0 +0
   Solution
      DriverObject . . . : FFFFFA8004A80E70
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA6000AFCD08 \SystemRoot\system32\drivers\ataport.SYS+19720

Suspicious files ____________________________________________________________

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll
      Size . . . . . . . : 948.118 bytes
      Age  . . . . . . . : 1177.4 days (2012-01-28 02:37:41)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll
      Size . . . . . . . : 965.329 bytes
      Age  . . . . . . . : 1109.8 days (2012-04-04 16:39:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1108.5 days (2012-04-05 23:42:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 939.0 days (2012-09-22 12:58:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 792.6 days (2013-02-15 22:49:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 579.9 days (2013-09-16 14:26:23)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 1292.6 days (2011-10-04 22:08:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1163.7 days (2012-02-10 21:08:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139.944 bytes
      Age  . . . . . . . : 1292.6 days (2011-10-04 22:08:40)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : E0AB414DBD7AA5888B861AE64B0F9674CED054C755502DDE124A91D6CD6CE97A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 139.552 bytes
      Age  . . . . . . . : 564.5 days (2013-10-02 00:28:43)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 915.149 bytes
      Age  . . . . . . . : 1318.4 days (2011-09-09 03:11:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 138.264 bytes
      Age  . . . . . . . : 1318.4 days (2011-09-09 03:12:29)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733.004 bytes
      Age  . . . . . . . : 1276.8 days (2011-10-20 18:14:42)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         





Und nach dem Neustart auch noch mal Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.04.2015
Suchlauf-Zeit: 13:28:57
Logdatei: mwb,amh,prfg2.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.19.02
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: WB

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 440405
Verstrichene Zeit: 25 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 27
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\es, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\fr, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\it, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ja, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\nl, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pl, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pt, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ru, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\tr, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_CN, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_TW, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR, , [1f4fea842e5c8fa77b9df5c59d6643bd], 

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         



Allerdings ist beim durchlaufen von sowohl von Hitman, als auch von Malwarebytes immer wieder eine Fenster von Avira aufgepopt, dass gesagt hat, der Zugriff auf diese oder jene Datei wäre verhindert worden.

Beispiel:
„Der Zugriff auf die Datei vqlyj.exe wurde verhindert, da sie die Schadsoftware tr/moure.a.19 enthält.” Nicht wortwörtlich so, aber vom Inhalt.

Hätte ich Avira Antivir bei den Durchläufen von Malwarebytes und Hitman ausschalten sollen?
Ich hab Antivir zwar installiert, bin mir aber nicht sicher, ob das nicht ein Fenster von einem Virus ist, der Antivir imitiert.



Wie ratet ihr mir weiter Vorzugehen?

Geändert von paradog (19.04.2015 um 13:22 Uhr)

 

Themen zu Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner
.dll, antivir, avira, bitcoinminer, coinminer, computer, explorer, firewall, google, google-capchas, helper, install.exe, internet, internet explorer, keylogger, logfiles, malwarebytes, microsoft, neue, neustart, passwort, scan, schutz, software, suche, system, temp, updates, vista, windows




Ähnliche Themen: Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner


  1. WIN 7: Google meldet dubiose Aktivitäten und verlangt Captcha
    Log-Analyse und Auswertung - 12.05.2015 (31)
  2. Ständige Google-Captcha Abfrage
    Log-Analyse und Auswertung - 17.04.2015 (11)
  3. Windows 8.1 - Captcha-Abfrage bei Google
    Log-Analyse und Auswertung - 01.01.2015 (13)
  4. Bitcoin Miner c:\windows\logs\logonui.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (8)
  5. ~ 3 BitCoin Miner, Avira + Malwarebytes finden nichts. Beim Start startet sich Browser "unsichtbar"
    Plagegeister aller Art und deren Bekämpfung - 18.09.2014 (13)
  6. Windows 7: Google Redirect leitet auf Werbeseite mit Captcha
    Log-Analyse und Auswertung - 07.09.2014 (3)
  7. Synology-NAS-Geräte als Bitcoin-Miner missbraucht
    Nachrichten - 14.02.2014 (0)
  8. Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner
    Log-Analyse und Auswertung - 10.11.2013 (11)
  9. Windows 7: Ständige Grafikkarten-Treiber Abstürze, Freezes & Bluescreen... Verdacht auf Bitcoin-Miner o.ä!
    Log-Analyse und Auswertung - 31.10.2013 (10)
  10. Bitcoin Miner in svhost.exe erscheint nach Neustart wieder
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (27)
  11. Google sucht nicht und verlangt Captcha
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (13)
  12. Google Captcha Problem - Datenverkehr
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (23)
  13. Google captcha abfrage & bundespolizeivirus
    Log-Analyse und Auswertung - 23.12.2012 (15)
  14. Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (31)
  15. Google fordert Captcha-Eingabe von Suchmaschinennutzern
    Nachrichten - 26.07.2012 (0)
  16. Weiterleitung nach google Suche + amazon Daten ausgepäht
    Log-Analyse und Auswertung - 02.04.2012 (30)
  17. Captcha-Abfragen noch immer leicht zu umgehen
    Nachrichten - 04.11.2011 (0)

Zum Thema Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Hallo, In den letzten Wochen kam es hin und wieder vor, dass wenn ich einen neuen Tab geöffnet habe und aus der in der Browserzeile integrierten Googlesuche eine Suche gestartet - Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner...
Archiv
Du betrachtest: Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.