Register Account

Britec Tech Support Forum Computer Security Security, Viruses, Trojans & Malware Removal Need Help

Thread Closed 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options  
Need Help
VamP Offline
Member
***
Registered
Posts: 55
Threads: 13
Joined: Jan 2015
Reputation: 0
#5
05-13-2018, 09:10 AM
Hi I'm having the same problem I scaned with hitman pro and get svchost.exe Suspicious I can only sollect Ignor and nothing else I scaned with Malwarebytes and found nothing I then scaned with Adwcleaner and still nothing found. Do you have any info on this problem? this is a copyof hitman pro log

Code:
HitmanPro 3.8.0.292
www.hitmanpro.com

  Computer name . . . . :
  Windows . . . . . . . : 10.0.0.17134.X64/4
  User name . . . . . . :
  UAC . . . . . . . . . : Enabled
  License . . . . . . . :

  Scan date . . . . . . : 2018-05-12 07:06:09
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 7m 51s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 308

  Objects scanned . . . : 1,577,903
  Files scanned . . . . : 48,507
  Remnants scanned  . . : 229,222 files / 1,300,174 keys

Suspicious files ____________________________________________________________

  C:\WINDOWS\system32\svchost.exe
     Size . . . . . . . : 51,288 bytes
     Age  . . . . . . . : 10.4 days (2018-05-01 21:31:07)
     Entropy  . . . . . : 6.1
     SHA-256  . . . . . : C9A28DC8004C3E043CBF8E3A194FDA2B756CE90740DF2175488337281B485F69
     Product  . . . . . : Microsoft® Windows® Operating System
     Publisher  . . . . : Microsoft Corporation
     Description  . . . : Host Process for Windows Services
     Version  . . . . . : 10.0.17134.1
     Copyright  . . . . : © Microsoft Corporation. All rights reserved.
     RSA Key Size . . . : 2048
     Service  . . . . . : WpnUserService_64d90
     Process Type . . . : Critical
     LanguageID . . . . : 1033
     Authenticode . . . : Valid
     Running processes  : 68, 492, 572, 904, 940, 1076, 1156, 1168, 1220, 1248, 1352, 1400, 1408, 1448, 1556, 1636, 1712, 1752, 1756, 1808, 1880, 1920, 1936, 1948, 1988, 2036, 2140, 2172, 2240, 2248, 2340, 2356, 2416, 2512, 2520, 2540, 2568, 2612, 2656, 2748, 2756, 2996, 3104, 3240, 3268, 3492, 3576, 3612, 3640, 3644, 3664, 3700, 3736, 3748, 3848, 3904, 3924, 4180, 4384, 4684, 5156, 5592, 6216, 6664, 6972, 7084, 8068, 8360, 11300, 11464, 11712, 12332, 12676, 13880
     Fuzzy  . . . . . . : 25.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        This program is actively listening for inbound network connections.
        Program starts automatically without user intervention.
        The file is in use by one or more active processes.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        Starts automatically as a service during system bootup.
        Time indicates that the file appeared recently on this computer.
        This file's process is marked as system critical.
        The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
        Program is code signed with a valid Authenticode certificate.
     Startup
        HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_64d90\
        HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_64d90\
        HKLM\SYSTEM\ControlSet001\Services\CaptureService_64d90\
        HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_64d90\
        HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_64d90\
        HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_64d90\
        HKLM\SYSTEM\ControlSet001\Services\MessagingService_64d90\
        HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_64d90\
        HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_64d90\
        HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_64d90\
        HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_64d90\
        HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_64d90\
        HKLM\SYSTEM\ControlSet001\Services\WpnUserService_64d90\
        HKLM\SYSTEM\CurrentControlSet\Services\AJRouter\
        HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\
        HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\
        HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness\
        HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\AssignedAccessManagerSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\
        HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\
        HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\
        HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService\
        HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\BDESVC\
        HKLM\SYSTEM\CurrentControlSet\Services\BFE\
        HKLM\SYSTEM\CurrentControlSet\Services\BITS\
        HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService\
        HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\
        HKLM\SYSTEM\CurrentControlSet\Services\BTAGService\
        HKLM\SYSTEM\CurrentControlSet\Services\BthAvctpSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\bthserv\
        HKLM\SYSTEM\CurrentControlSet\Services\camsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\CaptureService\
        HKLM\SYSTEM\CurrentControlSet\Services\CaptureService_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC\
        HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar\
        HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\CscService\
        HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\
        HKLM\SYSTEM\CurrentControlSet\Services\defragsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\
        HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall\
        HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker\
        HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\
        HKLM\SYSTEM\CurrentControlSet\Services\diagsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\
        HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice\
        HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\
        HKLM\SYSTEM\CurrentControlSet\Services\DoSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\
        HKLM\SYSTEM\CurrentControlSet\Services\DPS\
        HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\DusmSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\
        HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode\
        HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\EventLog\
        HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\
        HKLM\SYSTEM\CurrentControlSet\Services\fdPHost\
        HKLM\SYSTEM\CurrentControlSet\Services\FDResPub\
        HKLM\SYSTEM\CurrentControlSet\Services\fhsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\FontCache\
        HKLM\SYSTEM\CurrentControlSet\Services\FrameServer\
        HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\GraphicsPerfSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\hidserv\
        HKLM\SYSTEM\CurrentControlSet\Services\HvHost\
        HKLM\SYSTEM\CurrentControlSet\Services\icssvc\
        HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\
        HKLM\SYSTEM\CurrentControlSet\Services\InstallService\
        HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\irmon\
        HKLM\SYSTEM\CurrentControlSet\Services\KtmRm\
        HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
        HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\
        HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\
        HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\lmhosts\
        HKLM\SYSTEM\CurrentControlSet\Services\LSM\
        HKLM\SYSTEM\CurrentControlSet\Services\LxpSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker\
        HKLM\SYSTEM\CurrentControlSet\Services\MessagingService\
        HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\mpssvc\
        HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\
        HKLM\SYSTEM\CurrentControlSet\Services\NaturalAuthentication\
        HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\NcbService\
        HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup\
        HKLM\SYSTEM\CurrentControlSet\Services\Netman\
        HKLM\SYSTEM\CurrentControlSet\Services\netprofm\
        HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\nsi\
        HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\
        HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\PeerDistSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\pla\
        HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\
        HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\
        HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\
        HKLM\SYSTEM\CurrentControlSet\Services\Power\
        HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify\
        HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\PushToInstall\
        HKLM\SYSTEM\CurrentControlSet\Services\QWAVE\
        HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\
        HKLM\SYSTEM\CurrentControlSet\Services\RasMan\
        HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\
        HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\
        HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo\
        HKLM\SYSTEM\CurrentControlSet\Services\RmSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper\
        HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\
        HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\
        HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\
        HKLM\SYSTEM\CurrentControlSet\Services\Schedule\
        HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\
        HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC\
        HKLM\SYSTEM\CurrentControlSet\Services\seclogon\
        HKLM\SYSTEM\CurrentControlSet\Services\SEMgrSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\SENS\
        HKLM\SYSTEM\CurrentControlSet\Services\SensorService\
        HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\
        HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
        HKLM\SYSTEM\CurrentControlSet\Services\SharedRealitySvc\
        HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
        HKLM\SYSTEM\CurrentControlSet\Services\shpamsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\smphost\
        HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\
        HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\
        HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\
        HKLM\SYSTEM\CurrentControlSet\Services\stisvc\
        HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\svsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\swprv\
        HKLM\SYSTEM\CurrentControlSet\Services\SysMain\
        HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\
        HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService\
        HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\
        HKLM\SYSTEM\CurrentControlSet\Services\TermService\
        HKLM\SYSTEM\CurrentControlSet\Services\Themes\
        HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\TokenBroker\
        HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\
        HKLM\SYSTEM\CurrentControlSet\Services\tzautoupdate\
        HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService\
        HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\upnphost\
        HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\UserManager\
        HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\VacSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\
        HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\
        HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\
        HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\
        HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\
        HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\
        HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\
        HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\
        HKLM\SYSTEM\CurrentControlSet\Services\W32Time\
        HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\WalletService\
        HKLM\SYSTEM\CurrentControlSet\Services\WarpJITSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc\
        HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost\
        HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost\
        HKLM\SYSTEM\CurrentControlSet\Services\WebClient\
        HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\
        HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport\
        HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc\
        HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\
        HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\
        HKLM\SYSTEM\CurrentControlSet\Services\WinRM\
        HKLM\SYSTEM\CurrentControlSet\Services\wisvc\
        HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\wlpasvc\
        HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc\
        HKLM\SYSTEM\CurrentControlSet\Services\WpcMonSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum\
        HKLM\SYSTEM\CurrentControlSet\Services\WpnService\
        HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService\
        HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_317354d\
        HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\
        HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\
        HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager\
        HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave\
        HKLM\SYSTEM\CurrentControlSet\Services\XboxGipSvc\
        HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\
     
Find

« Next Oldest
Next Newest »
Thread Closed 


Messages In This Thread
Need Help - maa - 05-04-2018, 03:40 PM
RE: Need Help - Compton - 05-04-2018, 05:45 PM
RE: Need Help - maa - 05-05-2018, 04:41 PM
RE: Need Help - smirk24 - 05-05-2018, 05:03 PM
RE: Need Help - VamP - 05-13-2018, 09:10 AM
RE: Need Help - GuiltySpark - 05-13-2018, 09:27 AM
RE: Need Help - VamP - 05-13-2018, 10:21 AM
RE: Need Help - Britec - 05-13-2018, 08:10 PM

Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.