Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hitman Fund svchost.exe (https://www.trojaner-board.de/190276-hitman-fund-svchost-exe.html)

januskopf198 06.05.2018 21:30
Hitman Fund svchost.exe
 
Hallo,

nach dem letzten Windows 10 Update und dem turnusgemäßen Lauf von Hitman filtert das Programm die Datei "svchost.exe" auf einmal als verdächtig.
Malwarebytes und AdwCleaner haben nichts gefunden. ESET läuft zur Zeit noch. Sollte hier was gefunden werden, reiche ich die Logs noch nach

Log-Datei von Hitmann:

Code:


       
Code:

       
HitmanPro 3.8.0.292
www.hitmanpro.com

   Computer name . . . . : DESKTOP-2M6NKLL
   Windows . . . . . . . : 10.0.0.17134.X64/4
   User name . . . . . . : DESKTOP-2M6NKLL\Chris
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2018-05-06 18:19:14
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 20s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 292

   Objects scanned . . . : 2.562.665
   Files scanned . . . . : 68.222
   Remnants scanned  . . : 866.651 files / 1.627.792 keys

Suspicious files ____________________________________________________________

   C:\WINDOWS\system32\svchost.exe
      Size . . . . . . . : 51.288 bytes
      Age  . . . . . . . : 1.3 days (2018-05-05 10:49:24)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : C9A28DC8004C3E043CBF8E3A194FDA2B756CE90740DF2175488337281B485F69
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Host Process for Windows Services
      Version  . . . . . : 10.0.17134.1
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      RSA Key Size . . . : 2048
      Service  . . . . . : WpnUserService_5f81d7d
      Process Type . . . : Critical
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Running processes  : 508, 524, 588, 780, 840, 884, 940, 984, 1100, 1116, 1184, 1216, 1372, 1500, 1536, 1568, 1724, 1844, 1860, 1872, 1880, 1888, 1928, 2000, 2108, 2136, 2148, 2188, 2212, 2240, 2244, 2260, 2324, 2336, 2468, 2488, 2628, 2668, 2768, 2920, 2988, 3108, 3284, 3296, 3320, 3328, 3440, 3716, 3772, 3964, 4132, 4628, 4648, 4816, 5004, 5056, 5876, 6028, 6080, 6136, 7492, 8400, 10376, 10812, 11472, 11496
      Fuzzy  . . . . . . : 26.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         This program is actively listening for inbound network connections.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         This file's process is marked as system critical.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\MessagingService_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_5f81d7d\
         HKLM\SYSTEM\ControlSet001\Services\WpnUserService_5f81d7d\
         HKLM\SYSTEM\CurrentControlSet\Services\AJRouter\
         HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\
         HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness\
         HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\
         HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\
         HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\
         HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService\
         HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\BDESVC\
         HKLM\SYSTEM\CurrentControlSet\Services\BFE\
         HKLM\SYSTEM\CurrentControlSet\Services\BITS\
         HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService\
         HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\
         HKLM\SYSTEM\CurrentControlSet\Services\BTAGService\
         HKLM\SYSTEM\CurrentControlSet\Services\BthAvctpSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\bthserv\
         HKLM\SYSTEM\CurrentControlSet\Services\camsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC\
         HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar\
         HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\
         HKLM\SYSTEM\CurrentControlSet\Services\defragsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\
         HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall\
         HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker\
         HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\
         HKLM\SYSTEM\CurrentControlSet\Services\diagsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\
         HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice\
         HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\
         HKLM\SYSTEM\CurrentControlSet\Services\DoSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\
         HKLM\SYSTEM\CurrentControlSet\Services\DPS\
         HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\DusmSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\
         HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode\
         HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\EventLog\
         HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\
         HKLM\SYSTEM\CurrentControlSet\Services\fdPHost\
         HKLM\SYSTEM\CurrentControlSet\Services\FDResPub\
         HKLM\SYSTEM\CurrentControlSet\Services\fhsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\FontCache\
         HKLM\SYSTEM\CurrentControlSet\Services\FrameServer\
         HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\GraphicsPerfSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\hidserv\
         HKLM\SYSTEM\CurrentControlSet\Services\HvHost\
         HKLM\SYSTEM\CurrentControlSet\Services\icssvc\
         HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\
         HKLM\SYSTEM\CurrentControlSet\Services\InstallService\
         HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\irmon\
         HKLM\SYSTEM\CurrentControlSet\Services\KtmRm\
         HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
         HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\
         HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\
         HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\lmhosts\
         HKLM\SYSTEM\CurrentControlSet\Services\LSM\
         HKLM\SYSTEM\CurrentControlSet\Services\LxpSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker\
         HKLM\SYSTEM\CurrentControlSet\Services\MessagingService\
         HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\mpssvc\
         HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\
         HKLM\SYSTEM\CurrentControlSet\Services\NaturalAuthentication\
         HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\NcbService\
         HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup\
         HKLM\SYSTEM\CurrentControlSet\Services\Netman\
         HKLM\SYSTEM\CurrentControlSet\Services\netprofm\
         HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\nsi\
         HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\pla\
         HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\
         HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\
         HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\
         HKLM\SYSTEM\CurrentControlSet\Services\Power\
         HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify\
         HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\PushToInstall\
         HKLM\SYSTEM\CurrentControlSet\Services\QWAVE\
         HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\
         HKLM\SYSTEM\CurrentControlSet\Services\RasMan\
         HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\
         HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\
         HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo\
         HKLM\SYSTEM\CurrentControlSet\Services\RmSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper\
         HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\
         HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\
         HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\
         HKLM\SYSTEM\CurrentControlSet\Services\Schedule\
         HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\
         HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC\
         HKLM\SYSTEM\CurrentControlSet\Services\seclogon\
         HKLM\SYSTEM\CurrentControlSet\Services\SEMgrSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\SENS\
         HKLM\SYSTEM\CurrentControlSet\Services\SensorService\
         HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\
         HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
         HKLM\SYSTEM\CurrentControlSet\Services\SharedRealitySvc\
         HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
         HKLM\SYSTEM\CurrentControlSet\Services\shpamsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\smphost\
         HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\
         HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\
         HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\
         HKLM\SYSTEM\CurrentControlSet\Services\stisvc\
         HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\svsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\swprv\
         HKLM\SYSTEM\CurrentControlSet\Services\SysMain\
         HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\
         HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService\
         HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\
         HKLM\SYSTEM\CurrentControlSet\Services\TermService\
         HKLM\SYSTEM\CurrentControlSet\Services\Themes\
         HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\TokenBroker\
         HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\
         HKLM\SYSTEM\CurrentControlSet\Services\tzautoupdate\
         HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService\
         HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\upnphost\
         HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\UserManager\
         HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\VacSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\
         HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\
         HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\
         HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\
         HKLM\SYSTEM\CurrentControlSet\Services\W32Time\
         HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WalletService\
         HKLM\SYSTEM\CurrentControlSet\Services\WarpJITSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc\
         HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost\
         HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost\
         HKLM\SYSTEM\CurrentControlSet\Services\WebClient\
         HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\
         HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport\
         HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc\
         HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\
         HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\
         HKLM\SYSTEM\CurrentControlSet\Services\WinRM\
         HKLM\SYSTEM\CurrentControlSet\Services\wisvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\wlpasvc\
         HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WpcMonSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum\
         HKLM\SYSTEM\CurrentControlSet\Services\WpnService\
         HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService\
         HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_7669a2b\
         HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\
         HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\
         HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager\
         HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave\
         HKLM\SYSTEM\CurrentControlSet\Services\XboxGipSvc\
         HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\
      Network Ports
         0.0.0.0:135       
         0.0.0.0:49665       
         0.0.0.0:49687       
         0.0.0.0:5040       
         192.168.2.100:58643        40.77.229.69:443

ESET hat nichts gefunden

cosinus 06.05.2018 21:35
Das ist ein Fehlalarm --> https://www.virustotal.com/de/file/c...5f69/analysis/


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132