Problem resolved. It was a 1and1 mistake.
Thank you
I received this mail:
…
Your 1&1 hosting account has been attacked via an insecure PHP script you
installed on your webspace.
…
2. Required measures
2.1 Secure all security leaks in your following PHP scripts. Please contact
your software vendor for further advice:
/**************/piwik.php
…
Did this happen to someone before?