Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hitman meldet svchost.exe als verdächtig (https://www.trojaner-board.de/195137-hitman-meldet-svchost-exe-verdaechtig.html)

januskopf198 26.02.2019 19:50
Hitman meldet svchost.exe als verdächtig
 
Hallo,

seit gestern ist mein Internet extrem langsam. Hab mal MWBAM, AddWare Cleaner und Hitman laufen lassen. Ergebnis:
MWBAM und AddWare Cleaner finden nichts, Hitman meldet svchost.exe als verdächtig. Die Hitman Logfile findet ihr unten.
ESET läuft gerade noch. Logfile reiche ich dann nach, falls der was findet

Code:


       
Code:

       
HitmanPro 3.8.0.295
www.hitmanpro.com

   Computer name . . . . : DESKTOP-2M6NKLL
   Windows . . . . . . . : 10.0.0.17763.X64/4
   User name . . . . . . : DESKTOP-2M6NKLL\Chris
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2019-02-26 18:07:24
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 310

   Objects scanned . . . : 2.371.798
   Files scanned . . . . : 94.936
   Remnants scanned  . . : 670.499 files / 1.606.363 keys

Suspicious files ____________________________________________________________

   C:\WINDOWS\system32\svchost.exe
      Size . . . . . . . : 51.696 bytes
      Age  . . . . . . . : 69.1 days (2018-12-19 16:24:24)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 7FD065BAC18C5278777AE44908101CDFED72D26FA741367F0AD4D02020787AB6
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Host Process for Windows Services
      Version  . . . . . : 10.0.17763.1
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      RSA Key Size . . . : 2048
      Service  . . . . . : WpnUserService_70d98e
      Process Type . . . : Critical
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Running processes  : 520, 828, 912, 948, 972, 1168, 1260, 1288, 1304, 1316, 1324, 1332, 1420, 1468, 1480, 1580, 1648, 1656, 1716, 1804, 1908, 2124, 2136, 2184, 2256, 2264, 2328, 2620, 2648, 2704, 2712, 2720, 2752, 2852, 2952, 2992, 3092, 3328, 3336, 3364, 3372, 3380, 3400, 3416, 3564, 3608, 3620, 3656, 3676, 3724, 3828, 4052, 4180, 4552, 4956, 5176, 5376, 5788, 6184, 6324, 6352, 6416, 7644, 7868, 8100, 8396, 8632, 8656, 9980, 10060, 10164, 10188, 10444
      Fuzzy  . . . . . . : 24.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         This program is actively listening for inbound network connections.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         This file's process is marked as system critical.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\CaptureService_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\cbdhsvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\ConsentUxUserSvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\MessagingService_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_70d98e\
         HKLM\SYSTEM\ControlSet001\Services\WpnUserService_70d98e\
         HKLM\SYSTEM\CurrentControlSet\Services\AJRouter\
         HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\
         HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness\
         HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\
         HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\
         HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\
         HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService\
         HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\BDESVC\
         HKLM\SYSTEM\CurrentControlSet\Services\BFE\
         HKLM\SYSTEM\CurrentControlSet\Services\BITS\
         HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService\
         HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\
         HKLM\SYSTEM\CurrentControlSet\Services\BTAGService\
         HKLM\SYSTEM\CurrentControlSet\Services\BthAvctpSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\bthserv\
         HKLM\SYSTEM\CurrentControlSet\Services\camsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\CaptureService\
         HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC\
         HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar\
         HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\
         HKLM\SYSTEM\CurrentControlSet\Services\defragsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\
         HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall\
         HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker\
         HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\
         HKLM\SYSTEM\CurrentControlSet\Services\diagsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\
         HKLM\SYSTEM\CurrentControlSet\Services\DisplayEnhancementService\
         HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice\
         HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\
         HKLM\SYSTEM\CurrentControlSet\Services\DoSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\
         HKLM\SYSTEM\CurrentControlSet\Services\DPS\
         HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DusmSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\
         HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode\
         HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\EventLog\
         HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\
         HKLM\SYSTEM\CurrentControlSet\Services\fdPHost\
         HKLM\SYSTEM\CurrentControlSet\Services\FDResPub\
         HKLM\SYSTEM\CurrentControlSet\Services\fhsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\FontCache\
         HKLM\SYSTEM\CurrentControlSet\Services\FrameServer\
         HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\GraphicsPerfSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\hidserv\
         HKLM\SYSTEM\CurrentControlSet\Services\HvHost\
         HKLM\SYSTEM\CurrentControlSet\Services\icssvc\
         HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\
         HKLM\SYSTEM\CurrentControlSet\Services\InstallService\
         HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\irmon\
         HKLM\SYSTEM\CurrentControlSet\Services\KtmRm\
         HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
         HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\
         HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\
         HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\lmhosts\
         HKLM\SYSTEM\CurrentControlSet\Services\LSM\
         HKLM\SYSTEM\CurrentControlSet\Services\LxpSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker\
         HKLM\SYSTEM\CurrentControlSet\Services\MessagingService\
         HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\mpssvc\
         HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\
         HKLM\SYSTEM\CurrentControlSet\Services\NaturalAuthentication\
         HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\NcbService\
         HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup\
         HKLM\SYSTEM\CurrentControlSet\Services\Netman\
         HKLM\SYSTEM\CurrentControlSet\Services\netprofm\
         HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\nsi\
         HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\pla\
         HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\
         HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\
         HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\
         HKLM\SYSTEM\CurrentControlSet\Services\Power\
         HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify\
         HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PushToInstall\
         HKLM\SYSTEM\CurrentControlSet\Services\QWAVE\
         HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\
         HKLM\SYSTEM\CurrentControlSet\Services\RasMan\
         HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\
         HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\
         HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo\
         HKLM\SYSTEM\CurrentControlSet\Services\RmSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper\
         HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\
         HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\
         HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\
         HKLM\SYSTEM\CurrentControlSet\Services\Schedule\
         HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\
         HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC\
         HKLM\SYSTEM\CurrentControlSet\Services\seclogon\
         HKLM\SYSTEM\CurrentControlSet\Services\SEMgrSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\SENS\
         HKLM\SYSTEM\CurrentControlSet\Services\SensorService\
         HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\
         HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
         HKLM\SYSTEM\CurrentControlSet\Services\SharedRealitySvc\
         HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
         HKLM\SYSTEM\CurrentControlSet\Services\shpamsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\smphost\
         HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\
         HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\
         HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\
         HKLM\SYSTEM\CurrentControlSet\Services\stisvc\
         HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\svsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\swprv\
         HKLM\SYSTEM\CurrentControlSet\Services\SysMain\
         HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\
         HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService\
         HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\
         HKLM\SYSTEM\CurrentControlSet\Services\TermService\
         HKLM\SYSTEM\CurrentControlSet\Services\Themes\
         HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\TokenBroker\
         HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\
         HKLM\SYSTEM\CurrentControlSet\Services\tzautoupdate\
         HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService\
         HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\upnphost\
         HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\UserManager\
         HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\VacSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\
         HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\
         HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\
         HKLM\SYSTEM\CurrentControlSet\Services\W32Time\
         HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WalletService\
         HKLM\SYSTEM\CurrentControlSet\Services\WarpJITSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc\
         HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost\
         HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost\
         HKLM\SYSTEM\CurrentControlSet\Services\WebClient\
         HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\
         HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport\
         HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc\
         HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\
         HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\
         HKLM\SYSTEM\CurrentControlSet\Services\WinRM\
         HKLM\SYSTEM\CurrentControlSet\Services\wisvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\wlpasvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WManSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WpcMonSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum\
         HKLM\SYSTEM\CurrentControlSet\Services\WpnService\
         HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService\
         HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_16f6a21\
         HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\
         HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager\
         HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave\
         HKLM\SYSTEM\CurrentControlSet\Services\XboxGipSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\
      Network Ports
         0.0.0.0:135       
         0.0.0.0:49665       
         0.0.0.0:49666       
         0.0.0.0:5040       
         10.248.202.174:53142        93.184.220.29:80

Nachtrag: ESET hat auch nichts gefunden

cosinus 26.02.2019 20:53
Dann auch einfach mal die Hysterie ablegen und den Rechner als nicht infiziert betrachten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131