Author Topic: Bad processes svchost.exe (Read 5632 times)

khuntim · « **on:** September 23, 2014, 06:54:19 AM »

¤¤¤ Bad processes : 2 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\windows\system32\svchost.exe

-> [NoKill]

[Proc.Svchost] svchost.exe -- C:\windows\SysWow64\svchost.exe

-> [NoKill]

this is all that remains after a serious malware removal run. Is this normal to see this?

Thanks!

here is the full log:

RogueKiller V9.2.11.0 (x64) [Sep 9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim [Admin rights]
Mode : Scan -- Date : 09/22/2014 21:11:41

¤¤¤ Bad processes : 2 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\windows\system32\svchost.exe

-> [NoKill]

[Proc.Svchost] svchost.exe -- C:\windows\SysWow64\svchost.exe

-> [NoKill]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 05ca50ed5ba34e1dbeeb536b28312b62
[BSP] 8d78fc930b9866eff7e6d8dc6ae222a2 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_09222014_150336.log - RKreport_DEL_09222014_154607.log - RKreport_DEL_09222014_161223.log - RKreport_DEL_09222014_162031.log
RKreport_DEL_09222014_164426.log - RKreport_DEL_09222014_165727.log - RKreport_DEL_09222014_170441.log - RKreport_DEL_09222014_173222.log
RKreport_DEL_09222014_195822.log - RKreport_SCN_09222014_145936.log - RKreport_SCN_09222014_154256.log - RKreport_SCN_09222014_155154.log
RKreport_SCN_09222014_155835.log - RKreport_SCN_09222014_162015.log - RKreport_SCN_09222014_164331.log - RKreport_SCN_09222014_165712.log
RKreport_SCN_09222014_170255.log - RKreport_SCN_09222014_173209.log - RKreport_SCN_09222014_195625.log - RKreport_SCN_09222014_201733.log

Tigzy · « **Reply #1 on:** September 23, 2014, 01:23:29 PM »

Looks malware.
Can you try a scan with Malwarebytes?

khuntim · « **Reply #2 on:** September 23, 2014, 08:51:48 PM »

Malwarebytes scan comes clean. Also: adwcleaner, JRT. something still going on , i can feel it!

used 9.2.12.0 this morning. same thing.

Tigzy · « **Reply #3 on:** September 24, 2014, 06:31:03 AM »

Could you post a scan with OTL?
http://www.bleepingcomputer.com/download/otl/

Author Topic: Bad processes svchost.exe (Read 5632 times)

khuntim

Bad processes svchost.exe

Tigzy

Re: Bad processes svchost.exe

khuntim

Re: Bad processes svchost.exe

Tigzy

Re: Bad processes svchost.exe