![]() |
|
Log-Analyse und Auswertung: Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-MinerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner Hallo, In den letzten Wochen kam es hin und wieder vor, dass wenn ich einen neuen Tab geöffnet habe und aus der in der Browserzeile integrierten Googlesuche eine Suche gestartet habe, eine Captcha Abfrage von Google kam, da sehr laut Google sehr viele Anfragen von meinem System aus eingingen. War aber nicht bei jeder Suche so, deswegen dachte ich erst mal nichts böses. Heute kam, als ich mich bei Youtube anmelden wollte, die Meldung jemand hätte versucht sich mit meinem Passwort von wo anders aus anzumelden, ich sollte deswegen doch bitte mein Passwort ändern. Mails gecheckt, Nachricht von Twitch.tv, da wäre das gleiche passiert, obwohl ich den Account seit über nem Jahr nicht mehr nutze. Habe bei Twitch aber die gleiche Mail-Adresse wie bei Youtube verwendet. Ob das alte Passwort da das gleiche war wie das alte Youtube Passwort kann ich nicht sagen. Hab dann jedenfalls mal Malwarebytes laufen lassen. Hier die logfiles: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.04.2015 Suchlauf-Zeit: 10:34:58 Logdatei: mwb,amh,prfg1.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.04.19.02 Rootkit Datenbank: v2015.03.31.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x64 Dateisystem: NTFS Benutzer: WB Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 440982 Verstrichene Zeit: 26 Min, 20 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 5 PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [c2aca2cc8208ca6c5ab60639a261da26], PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, , [c2aca2cc8208ca6c5ab60639a261da26], PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [135b1d510c7e68ce04423306c53e6997], PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [135b1d510c7e68ce04423306c53e6997], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, , [7ef0274777135adc506e32ac917204fc], Registrierungswerte: 5 Trojan.Agent.Gen, HKU\S-1-5-21-891635277-1297341078-1701692141-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Microsoft Firewall 2.9, C:\Users\WB\AppData\Roaming\WMPRWISE.EXE, , [80ee2a44c9c1c37323921a1d689c5ea2] PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), , [a1cd125c3456ee488dd987ca41c4a060] PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://search.babylon.com/?q={searchTerms}&tt=110112_ncp3&babsrc=SP_def&mntrId=62b5607700000000000000a1b0258e8b, , [6707bfaf47439c9ae87e2f2218ed5da3] PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), , [e18d70feb9d171c5b2b4dc7580850df3] PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://search.babylon.com/?q={searchTerms}&tt=110112_ncp3&babsrc=SP_def&mntrId=62b5607700000000000000a1b0258e8b, , [77f71d51d4b6a19580e657fa14f150b0] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 32 Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa, , [c9a594da0c7e1c1ace31160124e13fc1], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\de, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\en, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\es, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\fr, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\it, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ja, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\nl, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pl, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pt, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ru, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\tr, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_CN, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_TW, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR, , [d5990c621971e650ea2e0baf020139c7], Dateien: 129 Trojan.Ransom.Gend, C:\Users\WB\AppData\Roaming\ntuser.dat, , [beb0f07e73175cdad50f1c1fac55e21e], Trojan.BitMiner, C:\Users\WB\AppData\Roaming\aloj\scvhost.exe, , [3d31650994f6d1652748df02649e30d0], Trojan.BitMiner, C:\Users\WB\AppData\Roaming\casa\scvhost.exe, , [15590b636f1bd75f4b2436ab8f73f20e], Trojan.BitMiner, C:\Users\WB\AppData\Local\Temp\webyeryb3460vavaw.exe, , [a4ca80ee0b7f2f07e38c25bc877b7888], Trojan.Agent.ED, C:\Users\WB\AppData\Local\Temp\webyeryb3461vavaw.exe, , [6b03b8b67515b581e83425f11ae7d729], Backdoor.Agent.WLMS, C:\Users\WB\AppData\Local\Temp\webyeryb3462vavaw.exe, , [f5792549a7e3f93d6f9f0d11936eba46], PUP.Optional.OpenCandy, C:\Users\WB\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exe, , [323c6b03cdbd3ef8236663c48680d62a], Trojan.Agent.ED, C:\Users\WB\AppData\Local\Temp\rtmw3.exe, , [4d213e302268e05615777294936ec33d], Adware.InstallCore, C:\Users\WB\AppData\Local\Temp\1003398.Uninstall\Uninstall.exe, , [b0bef6786e1c4cea4ee24f57c53b6c94], PUP.Optional.Dealply, C:\Users\WB\AppData\Local\Temp\is1972027439\dealply.exe, , [81ed1f4fb6d4c472411c5ec9c640fc04], PUP.Optional.Dealply, C:\Users\WB\AppData\Local\Temp\is2063840535\dealply.exe, , [1e50046ab8d23402f96452d51ee8fb05], Virus.Expiro, C:\Users\WB\AppData\Local\Temp\tmp165b2a09\qw.exe, , [9bd39fcfa8e2cb6ba92e3752b24f45bb], PUP.Optional.BabylonToolBar.A, C:\Users\WB\AppData\Local\Temp\A036546C-BAB0-7891-85D2-4A11532196B4\MyBabylonTB.exe, , [6fff303e3c4ef2447cd6ea5ea75acd33], Adware.InstallCore, C:\Users\WB\AppData\Local\Temp\ICReinstall\AudioConverterSetup.exe, , [c8a648267e0cd16568c8c4e29c6448b8], PUP.Optional.BabylonToolBar.A, C:\Users\WB\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe, , [84ea462886048babc092f157bc45966a], Virus.Expiro, C:\Users\WB\AppData\Local\Temp\tmp64e3122f\74.exe, , [6608d896048685b132a58801897811ef], Exploit.Drop.GS, C:\Users\WB\AppData\Local\Temp\webyeryb3463vavaw.exe, , [cea05e107416e254b621d15a94709868], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\miner.php, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\API.class, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\bio.bat, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\diablo121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\diakgcn121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libblkmaker-0.1-0.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libblkmaker_jansson-0.1-0.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libcurl-4.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libjansson-4.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libusb-1.0.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\pdcurses.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\phatk121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\poclbm121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\pthreadGC2.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\scrypt121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\zlib1.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\miner.php, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\1.bat, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\API.class, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\diablo121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\diakgcn121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\guni.bat, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libblkmaker-0.1-0.dll, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libblkmaker_jansson-0.1-0.dll, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libcurl-4.dll, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libjansson-4.dll, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libusb-1.0.dll, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\pdcurses.dll, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\phatk121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\poclbm121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\pthreadGC2.dll, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\scrypt121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\zlib1.dll, , [c9a594da0c7e1c1ace31160124e13fc1], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\background.html, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\background.js, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_freeyoutubedownload.css, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_freeyoutubedownload.js, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo.ico, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo_128.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo_32.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo_48.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\errorRunProgramm.html, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\manifest.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\options.html, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\options.js, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\page_action.html, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\backbar.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\download.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\fs.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\headphone.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\logo.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\manager.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\YoutubeDownloader.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\YoutubeToMp3.png, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\de\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\en\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\es\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\fr\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\it\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ja\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\nl\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pl\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pt\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ru\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\tr\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_CN\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_TW\messages.json, , [1a5481edf991a1955942c1e87d8616ea], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Nachdem ich auf ich bei Malwarebytes auf „Entfernen” gedrückt und die Logfile gespeichert habe, Hitman laufen lassen, der auch noch einiges gefunden: Code:
ATTFilter HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : WB-PC Windows . . . . . . . : 6.0.2.6002.X64/3 User name . . . . . . : WB-PC\WB UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-04-19 11:19:38 Scan mode . . . . . . : Normal Scan duration . . . . : 39m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 81 Objects scanned . . . : 6.094.314 Files scanned . . . . : 74.019 Remnants scanned . . : 555.108 files / 5.465.187 keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA8004B34700 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFFA8003F782C0 +0 Solution DriverObject . . . : FFFFFA8004B34700 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFFA6000AF7D08 \SystemRoot\system32\drivers\ataport.SYS+19720 Suspicious files ____________________________________________________________ C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll Size . . . . . . . : 948.118 bytes Age . . . . . . . : 1177.4 days (2012-01-28 02:37:41) Entropy . . . . . : 7.6 SHA-256 . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll Size . . . . . . . : 965.329 bytes Age . . . . . . . : 1109.8 days (2012-04-04 16:39:05) Entropy . . . . . : 7.6 SHA-256 . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll Size . . . . . . . : 956.681 bytes Age . . . . . . . : 1108.5 days (2012-04-05 23:42:53) Entropy . . . . . : 7.6 SHA-256 . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll Size . . . . . . . : 949.613 bytes Age . . . . . . . : 938.9 days (2012-09-22 12:58:47) Entropy . . . . . : 7.6 SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll Size . . . . . . . : 959.376 bytes Age . . . . . . . : 792.5 days (2013-02-15 22:49:05) Entropy . . . . . : 7.6 SHA-256 . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll Size . . . . . . . : 963.480 bytes Age . . . . . . . : 579.9 days (2013-09-16 14:26:23) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll Size . . . . . . . : 1.014.616 bytes Age . . . . . . . : 140.5 days (2014-11-30 00:24:08) Entropy . . . . . : 7.6 SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcl.dll Size . . . . . . . : 1.014.616 bytes Age . . . . . . . : 140.5 days (2014-11-30 00:24:08) Entropy . . . . . : 7.6 SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbclold.dll Size . . . . . . . : 963.480 bytes Age . . . . . . . : 1292.5 days (2011-10-04 22:08:28) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcls.dll Size . . . . . . . : 956.681 bytes Age . . . . . . . : 1163.6 days (2012-02-10 21:08:26) Entropy . . . . . : 7.6 SHA-256 . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys Size . . . . . . . : 139.944 bytes Age . . . . . . . : 1292.5 days (2011-10-04 22:08:40) Entropy . . . . . : 7.7 SHA-256 . . . . . : E0AB414DBD7AA5888B861AE64B0F9674CED054C755502DDE124A91D6CD6CE97A RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys Size . . . . . . . : 139.552 bytes Age . . . . . . . : 564.5 days (2013-10-02 00:28:43) Entropy . . . . . : 7.7 SHA-256 . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll Size . . . . . . . : 915.149 bytes Age . . . . . . . : 1318.3 days (2011-09-09 03:11:53) Entropy . . . . . : 7.6 SHA-256 . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys Size . . . . . . . : 138.264 bytes Age . . . . . . . : 1318.3 days (2011-09-09 03:12:29) Entropy . . . . . : 7.7 SHA-256 . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91 RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\WAW\pb\pbcl.dll Size . . . . . . . : 733.004 bytes Age . . . . . . . : 1276.7 days (2011-10-20 18:14:42) Entropy . . . . . : 7.5 SHA-256 . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7 Fuzzy . . . . . . : 25.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Potential Unwanted Programs _________________________________________________ C:\Program Files (x86)\Babylon\ (Babylon) C:\Program Files\Babylon\ (Babylon) C:\Program Files\Babylon\Babylon-Pro\ (Babylon) C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe (Babylon) Size . . . . . . . : 129.536 bytes Age . . . . . . . : 1183.4 days (2012-01-22 02:24:48) Entropy . . . . . : 5.7 SHA-256 . . . . . : 5E68C077375F4F06357CA19F1894DAA4966EEC1864A16D033B6C4F32380F57E0 Product . . . . . : BabylonHelper Publisher . . . . : Babylon Description . . . : Support for 64-bit OS Version . . . . . : 1.0.0.1 Copyright . . . . : Babylon.com All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 0.0 C:\Program Files\Babylon\Babylon-Pro\captlib64.dll (Babylon) Size . . . . . . . : 286.208 bytes Age . . . . . . . : 1183.4 days (2012-01-22 02:24:46) Entropy . . . . . : 5.9 SHA-256 . . . . . : 85108948A6DD19929799100C0868C6B51499C77608D3249A3E59306DAF586BDB Product . . . . . : Babylon Client Publisher . . . . : Babylon Ltd. Description . . . : Babylon Information Tool Version . . . . . : 9.0.3.12 Copyright . . . . : Copyright © Babylon Ltd. 1997-2011 LanguageID . . . . : 1033 Fuzzy . . . . . . : 0.0 C:\Users\Administrator\AppData\Local\Babylon\ (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\ (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.conf (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.log (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\FLStat.dat (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\log_file.txt (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\MyList.dat (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\ocr_cache (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\updates\ (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\updates\convert.dat (Babylon) C:\Users\Administrator\AppData\Roaming\Babylon\updates\rates.dat (Babylon) HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon) HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Prod.cap\ (Claro) HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Babylon\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Babylon\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) Logfile nach der Bereinigung durch Hitman: Code:
ATTFilter HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : WB-PC Windows . . . . . . . : 6.0.2.6002.X64/3 User name . . . . . . : WB-PC\WB UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-04-19 11:19:38 Scan mode . . . . . . : Normal Scan duration . . . . : 39m 26s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 0 Traces . . . . . . . : 81 Objects scanned . . . : 6.094.314 Files scanned . . . . : 74.019 Remnants scanned . . : 555.108 files / 5.465.187 keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA8004B34700 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFFA8003F782C0 +0 Solution DriverObject . . . : FFFFFA8004B34700 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFFA6000AF7D08 \SystemRoot\system32\drivers\ataport.SYS+19720 Suspicious files ____________________________________________________________ C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll Size . . . . . . . : 948.118 bytes Age . . . . . . . : 1177.4 days (2012-01-28 02:37:41) Entropy . . . . . : 7.6 SHA-256 . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll Size . . . . . . . : 965.329 bytes Age . . . . . . . : 1109.8 days (2012-04-04 16:39:05) Entropy . . . . . : 7.6 SHA-256 . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll Size . . . . . . . : 956.681 bytes Age . . . . . . . : 1108.5 days (2012-04-05 23:42:53) Entropy . . . . . : 7.6 SHA-256 . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll Size . . . . . . . : 949.613 bytes Age . . . . . . . : 938.9 days (2012-09-22 12:58:47) Entropy . . . . . : 7.6 SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll Size . . . . . . . : 959.376 bytes Age . . . . . . . : 792.5 days (2013-02-15 22:49:05) Entropy . . . . . : 7.6 SHA-256 . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll Size . . . . . . . : 963.480 bytes Age . . . . . . . : 579.9 days (2013-09-16 14:26:23) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll Size . . . . . . . : 1.014.616 bytes Age . . . . . . . : 140.5 days (2014-11-30 00:24:08) Entropy . . . . . : 7.6 SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcl.dll Size . . . . . . . : 1.014.616 bytes Age . . . . . . . : 140.5 days (2014-11-30 00:24:08) Entropy . . . . . : 7.6 SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbclold.dll Size . . . . . . . : 963.480 bytes Age . . . . . . . : 1292.5 days (2011-10-04 22:08:28) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcls.dll Size . . . . . . . : 956.681 bytes Age . . . . . . . : 1163.6 days (2012-02-10 21:08:26) Entropy . . . . . : 7.6 SHA-256 . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys Size . . . . . . . : 139.944 bytes Age . . . . . . . : 1292.5 days (2011-10-04 22:08:40) Entropy . . . . . : 7.7 SHA-256 . . . . . : E0AB414DBD7AA5888B861AE64B0F9674CED054C755502DDE124A91D6CD6CE97A RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys Size . . . . . . . : 139.552 bytes Age . . . . . . . : 564.5 days (2013-10-02 00:28:43) Entropy . . . . . : 7.7 SHA-256 . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll Size . . . . . . . : 915.149 bytes Age . . . . . . . : 1318.3 days (2011-09-09 03:11:53) Entropy . . . . . : 7.6 SHA-256 . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys Size . . . . . . . : 138.264 bytes Age . . . . . . . : 1318.3 days (2011-09-09 03:12:29) Entropy . . . . . : 7.7 SHA-256 . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91 RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\WAW\pb\pbcl.dll Size . . . . . . . : 733.004 bytes Age . . . . . . . : 1276.7 days (2011-10-20 18:14:42) Entropy . . . . . : 7.5 SHA-256 . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7 Fuzzy . . . . . . : 25.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Potential Unwanted Programs _________________________________________________ C:\Program Files (x86)\Babylon\ (Babylon) -> Deleted C:\Program Files\Babylon\ (Babylon) -> Deleted C:\Program Files\Babylon\Babylon-Pro\ (Babylon) -> Deleted C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe (Babylon) -> Deleted Size . . . . . . . : 129.536 bytes Age . . . . . . . : 1183.4 days (2012-01-22 02:24:48) Entropy . . . . . : 5.7 SHA-256 . . . . . : 5E68C077375F4F06357CA19F1894DAA4966EEC1864A16D033B6C4F32380F57E0 Product . . . . . : BabylonHelper Publisher . . . . : Babylon Description . . . : Support for 64-bit OS Version . . . . . : 1.0.0.1 Copyright . . . . : Babylon.com All rights reserved. LanguageID . . . . : 1033 Fuzzy . . . . . . : 0.0 C:\Program Files\Babylon\Babylon-Pro\captlib64.dll (Babylon) -> Deleted Size . . . . . . . : 286.208 bytes Age . . . . . . . : 1183.4 days (2012-01-22 02:24:46) Entropy . . . . . : 5.9 SHA-256 . . . . . : 85108948A6DD19929799100C0868C6B51499C77608D3249A3E59306DAF586BDB Product . . . . . : Babylon Client Publisher . . . . : Babylon Ltd. Description . . . : Babylon Information Tool Version . . . . . : 9.0.3.12 Copyright . . . . : Copyright © Babylon Ltd. 1997-2011 LanguageID . . . . : 1033 Fuzzy . . . . . . : 0.0 C:\Users\Administrator\AppData\Local\Babylon\ (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\ (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.conf (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.log (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\FLStat.dat (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\log_file.txt (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\MyList.dat (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\ocr_cache (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\updates\ (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\updates\convert.dat (Babylon) -> Deleted C:\Users\Administrator\AppData\Roaming\Babylon\updates\rates.dat (Babylon) -> Deleted HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods) -> Deleted HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) -> Deleted HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) -> Deleted HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) -> Deleted HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon) -> Deleted HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) -> Deleted HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) -> Deleted HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods) -> PendingDelete HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) -> Deleted HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) -> Deleted HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) -> PendingDelete HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr\ (Babylon) -> PendingDelete HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) -> Deleted HKLM\SOFTWARE\Classes\Wow6432Node\Prod.cap\ (Claro) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete HKU\S-1-5-21-891635277-1297341078-1701692141-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Babylon\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Babylon\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted Und nochmal Hitman, nach dem anschließenden Neustart: Code:
ATTFilter HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : WB-PC Windows . . . . . . . : 6.0.2.6002.X64/3 User name . . . . . . : WB-PC\WB UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-04-19 12:44:54 Scan mode . . . . . . : Normal Scan duration . . . . : 20m 35s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 15 Objects scanned . . . : 5.820.298 Files scanned . . . . : 73.424 Remnants scanned . . : 550.289 files / 5.196.585 keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA8004A80E70 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFFA8003F752C0 +0 Solution DriverObject . . . : FFFFFA8004A80E70 DriverName . . . . : \Driver\atapi DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFFA6000AFCD08 \SystemRoot\system32\drivers\ataport.SYS+19720 Suspicious files ____________________________________________________________ C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll Size . . . . . . . : 948.118 bytes Age . . . . . . . : 1177.4 days (2012-01-28 02:37:41) Entropy . . . . . : 7.6 SHA-256 . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll Size . . . . . . . : 965.329 bytes Age . . . . . . . : 1109.8 days (2012-04-04 16:39:05) Entropy . . . . . : 7.6 SHA-256 . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll Size . . . . . . . : 956.681 bytes Age . . . . . . . : 1108.5 days (2012-04-05 23:42:53) Entropy . . . . . : 7.6 SHA-256 . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll Size . . . . . . . : 949.613 bytes Age . . . . . . . : 939.0 days (2012-09-22 12:58:47) Entropy . . . . . : 7.6 SHA-256 . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll Size . . . . . . . : 959.376 bytes Age . . . . . . . : 792.6 days (2013-02-15 22:49:05) Entropy . . . . . : 7.6 SHA-256 . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll Size . . . . . . . : 963.480 bytes Age . . . . . . . : 579.9 days (2013-09-16 14:26:23) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll Size . . . . . . . : 1.014.616 bytes Age . . . . . . . : 140.5 days (2014-11-30 00:24:08) Entropy . . . . . : 7.6 SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcl.dll Size . . . . . . . : 1.014.616 bytes Age . . . . . . . : 140.5 days (2014-11-30 00:24:08) Entropy . . . . . : 7.6 SHA-256 . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbclold.dll Size . . . . . . . : 963.480 bytes Age . . . . . . . : 1292.6 days (2011-10-04 22:08:28) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcls.dll Size . . . . . . . : 956.681 bytes Age . . . . . . . : 1163.7 days (2012-02-10 21:08:26) Entropy . . . . . : 7.6 SHA-256 . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys Size . . . . . . . : 139.944 bytes Age . . . . . . . : 1292.6 days (2011-10-04 22:08:40) Entropy . . . . . : 7.7 SHA-256 . . . . . : E0AB414DBD7AA5888B861AE64B0F9674CED054C755502DDE124A91D6CD6CE97A RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys Size . . . . . . . : 139.552 bytes Age . . . . . . . : 564.5 days (2013-10-02 00:28:43) Entropy . . . . . : 7.7 SHA-256 . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll Size . . . . . . . : 915.149 bytes Age . . . . . . . : 1318.4 days (2011-09-09 03:11:53) Entropy . . . . . : 7.6 SHA-256 . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys Size . . . . . . . : 138.264 bytes Age . . . . . . . : 1318.4 days (2011-09-09 03:12:29) Entropy . . . . . : 7.7 SHA-256 . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91 RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\WB\AppData\Local\PunkBuster\WAW\pb\pbcl.dll Size . . . . . . . : 733.004 bytes Age . . . . . . . : 1276.8 days (2011-10-20 18:14:42) Entropy . . . . . : 7.5 SHA-256 . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7 Fuzzy . . . . . . : 25.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Und nach dem Neustart auch noch mal Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.04.2015 Suchlauf-Zeit: 13:28:57 Logdatei: mwb,amh,prfg2.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.04.19.02 Rootkit Datenbank: v2015.03.31.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x64 Dateisystem: NTFS Benutzer: WB Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 440405 Verstrichene Zeit: 25 Min, 47 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 27 PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\es, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\fr, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\it, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ja, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\nl, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pl, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pt, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ru, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\tr, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_CN, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_TW, , [99d52d41dbaf2313eead2d7cd23144bc], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK, , [1f4fea842e5c8fa77b9df5c59d6643bd], PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR, , [1f4fea842e5c8fa77b9df5c59d6643bd], Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Allerdings ist beim durchlaufen von sowohl von Hitman, als auch von Malwarebytes immer wieder eine Fenster von Avira aufgepopt, dass gesagt hat, der Zugriff auf diese oder jene Datei wäre verhindert worden. Beispiel: „Der Zugriff auf die Datei vqlyj.exe wurde verhindert, da sie die Schadsoftware tr/moure.a.19 enthält.” Nicht wortwörtlich so, aber vom Inhalt. Hätte ich Avira Antivir bei den Durchläufen von Malwarebytes und Hitman ausschalten sollen? Ich hab Antivir zwar installiert, bin mir aber nicht sicher, ob das nicht ein Fenster von einem Virus ist, der Antivir imitiert. Wie ratet ihr mir weiter Vorzugehen? Geändert von paradog (19.04.2015 um 13:22 Uhr) |
Themen zu Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner |
.dll, antivir, avira, bitcoinminer, coinminer, computer, explorer, firewall, google, google-capchas, helper, install.exe, internet, internet explorer, keylogger, logfiles, malwarebytes, microsoft, neue, neustart, passwort, scan, schutz, software, suche, system, temp, updates, vista, windows |