Generic.malware.g!wx!g.69467997
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="C:\Program Files\BitDefender\BitDefender 2008\Lang\log_format.xsl"?>
<ScanSession creator="BitDefender Total Security 2008" version="BitDefender UIScanner v.11" creationDate="21:19:40 25/01/2008" originalPath="C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1201288780_3_02.xml">
<ScanOptions
showWarnings="1" >
<ScanPaths>
<path id="0000">C:\</path>
<path id="0001">E:\</path>
<path id="0002">G:\</path>
</ScanPaths>
<ScanObjects
scanViruses="1"
scanAddware="1"
scanSpyware="1"
scanApplications="1"
scanDialers="1"
scanRootkits="1"
/>
<TargetSelection
heuristicScan="1"
scanArchives="1"
scanRegistryKeys="1"
scanRegistry="1"
scanCookies="1"
memoryProcesses="1"
scanBootSectors="1"
scanEmail="1"
scanAllFiles="1"
scanPackedFiles="1"
scanSubfolders="0"
includeExtensions=""
/>
<TargetProcessing
infectedAction="3"
suspiciousAction="1"
hiddenAction="1"
/>
</ScanOptions>
<EngineSummary
archivePlugins="41"
mailPlugins="6"
scanPlugins="12"
totalSignatures="960825"
systemPlugins="4"
unpackPlugins="7"
/>
<ScanSummary
scannedItems="566"
infectedItems="1"
suspiciousItems="0"
resolvedItems="0"
scannedArchives="9"
bootSectorCount="5"
scannedDirectories="13"
inputOutputErrors="0"
virusesNumber="1"
scanTime="00:00:00:03"
filesPerSecond="55"
>
<FileSummary
scanned="167"
archives="9"
packed="2"
infected="1"
suspicious="0"
resolved="0"
deleted="0"
moved="0"
copied="0"
/>
<RegistryKeySummary
scanned="359"
infected="0"
suspicious="0"
/>
<CookieSummary
scanned="0"
infected="0"
suspicious="0"
/>
<ProcessSummary
scanned="40"
infected="0"
suspicious="0"
/>
<MailSummary
scanned="0"
infected="0"
suspicious="0"
/>
</ScanSummary>
<ScanDetails>
<AffectedItem itemType ="Process" path="[system]=]C:\WINDOWS\system32\svchost.exe (memory dump)" threatType="virus" threatName="Generic.Malware.G!WX!!g.69467997" action="disinfect" finalStatus= "infected" error= "disinfect failed"/>
</ScanDetails>
</ScanSession>
Please help me. This malware Generic.Malware.G!WX!!g.69467997 infected my svchost.exe (please note it's NOT svehost.exe).
What should I do?
Comments
-
I had check in Regedit (current user and local machine as stated in a previous topic) but the is nothing except for my Bitdefender registry, MSN and other harmless registries.
In System 32, there's no svehost.exe file. No hidden files or folders as I had my show hidden files and folders turned on.
I had followed the guidelines as to the topic posted by Eugene but I still don't know and can't find the solution out of this.0 -
Please someone help me.
I do need your helping hands.
Thank you0 -
Hi,
Please download http://www.tehnica.org/BDAspySetup.exe , install it and run it of course. Go to Syslog info, select the place where you want to save the log file and than click Start Enum to do that.
Zip the log file and post it in this thread as an attachment to have a look at it.
Probably you have a malware that injects itself (or some code) in a svchost process.
If you have any problems please ask.0 -
This is the syslog zip file..
Please advise...
Thank you/applications/core/interface/file/attachment.php?id=1394" data-fileid="1394" rel="">bd_sys_log.rar
0 -
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="C:\Program Files\BitDefender\BitDefender 2008\Lang\log_format.xsl"?>
<ScanSession creator="BitDefender Total Security 2008" version="BitDefender UIScanner v.11" creationDate="21:19:40 25/01/2008" originalPath="C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1201288780_3_02.xml">
<ScanOptions
showWarnings="1" >
<ScanPaths>
<path id="0000">C:\</path>
<path id="0001">E:\</path>
<path id="0002">G:\</path>
</ScanPaths>
<ScanObjects
scanViruses="1"
scanAddware="1"
scanSpyware="1"
scanApplications="1"
scanDialers="1"
scanRootkits="1"
/>
<TargetSelection
heuristicScan="1"
scanArchives="1"
scanRegistryKeys="1"
scanRegistry="1"
scanCookies="1"
memoryProcesses="1"
scanBootSectors="1"
scanEmail="1"
scanAllFiles="1"
scanPackedFiles="1"
scanSubfolders="0"
includeExtensions=""
/>
<TargetProcessing
infectedAction="3"
suspiciousAction="1"
hiddenAction="1"
/>
</ScanOptions>
<EngineSummary
archivePlugins="41"
mailPlugins="6"
scanPlugins="12"
totalSignatures="960825"
systemPlugins="4"
unpackPlugins="7"
/>
<ScanSummary
scannedItems="566"
infectedItems="1"
suspiciousItems="0"
resolvedItems="0"
scannedArchives="9"
bootSectorCount="5"
scannedDirectories="13"
inputOutputErrors="0"
virusesNumber="1"
scanTime="00:00:00:03"
filesPerSecond="55"
>
<FileSummary
scanned="167"
archives="9"
packed="2"
infected="1"
suspicious="0"
resolved="0"
deleted="0"
moved="0"
copied="0"
/>
<RegistryKeySummary
scanned="359"
infected="0"
suspicious="0"
/>
<CookieSummary
scanned="0"
infected="0"
suspicious="0"
/>
<ProcessSummary
scanned="40"
infected="0"
suspicious="0"
/>
<MailSummary
scanned="0"
infected="0"
suspicious="0"
/>
</ScanSummary>
<ScanDetails>
<AffectedItem itemType ="Process" path="[system]=]C:\WINDOWS\system32\svchost.exe (memory dump)" threatType="virus" threatName="Generic.Malware.G!WX!!g.69467997" action="disinfect" finalStatus= "infected" error= "disinfect failed"/>
</ScanDetails>
</ScanSession>0 -
We need more information... You may have a rootkit.
Please download Process Explorer from http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx
Take a screenshot with the Process Explorer window maximized. Save it.
In Process Explorer goto Find->Find Handle or DLL. Search for "icmp" (without quotes). Note the PIDs (the number from the second column from a svchost.exe process).
Go to that process with that PID, right click it and choose Properties (A window with multiple tabs should appear; you should select "Image" tab (it's selected by default)). Take a screenshot and save it. If there are more than one PIDs found at the step above repeat the process.
Send us the above screenshots.
Download Rootkit Revealer: http://technet.microsoft.com/en-us/sysinte...s/bb897445.aspx and do a scan. If anything is found save the list and send it to us.0 -
This is info from Process Explorer
Process PID CPU Description Company Name
System Idle Process 0 91.26
Interrupts n/a 0.97 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 404 Windows NT Session Manager Microsoft Corporation
csrss.exe 452 1.94 Client Server Runtime Process Microsoft Corporation
winlogon.exe 476 Windows NT Logon Application Microsoft Corporation
services.exe 520 1.94 Services and Controller app Microsoft Corporation
ati2evxx.exe 672
svchost.exe 684 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 776 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 812 0.97 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 1972 Windows Security Center Notification App Microsoft Corporation
svchost.exe 868 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 968 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1104 Spooler SubSystem App Microsoft Corporation
btwdins.exe 1216 Bluetooth Support Server WIDCOMM, Inc.
MDM.EXE 1256 Machine Debug Manager Microsoft Corporation
HPZipm12.exe 1300 PML Driver HP
SMAgent.exe 1376 SoundMAX service agent component Analog Devices, Inc.
svchost.exe 1396 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1424 Generic Host Process for Win32 Services Microsoft Corporation
xcommsvr.exe 1460 BitDefender Communicator Server BitDefender
livesrv.exe 1488 BitDefender Security Service BitDefender S.R.L.
vsserv.exe 1584 BitDefender Security Service BitDefender S.R.L.
svchost.exe 1680 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 1708 Application Layer Gateway Service Microsoft Corporation
svchost.exe 980 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 532 LSA Shell (Export Version) Microsoft Corporation
BTTray.exe 1960 Bluetooth Tray Application WIDCOMM, Inc.
svchost.exe 2168 Generic Host Process for Win32 Services Microsoft Corporation
explorer.exe 2000 Windows Explorer Microsoft Corporation
SynTPLpr.exe 1776 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 564 Synaptics TouchPad Enhancements Synaptics, Inc.
bdagent.exe 1860 BitDefender Agent Application BitDefender S.R.L.
ctfmon.exe 1896 CTF Loader Microsoft Corporation
RootkitRevealer.exe 2456 Rootkit detection utility Sysinternals - www.sysinternals.com
procexp.exe 3476 2.91 Sysinternals Process Explorer Sysinternals
iexplore.exe 3364 Internet Explorer Microsoft Corporation
Next is Process PID CPU Description Company Name
System Idle Process 0 93.33
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 0.95
smss.exe 404 Windows NT Session Manager Microsoft Corporation
csrss.exe 452 Client Server Runtime Process Microsoft Corporation
winlogon.exe 476 Windows NT Logon Application Microsoft Corporation
services.exe 520 2.86 Services and Controller app Microsoft Corporation
ati2evxx.exe 672
svchost.exe 684 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 776 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 812 0.95 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 1972 Windows Security Center Notification App Microsoft Corporation
svchost.exe 868 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 968 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1104 Spooler SubSystem App Microsoft Corporation
btwdins.exe 1216 Bluetooth Support Server WIDCOMM, Inc.
MDM.EXE 1256 Machine Debug Manager Microsoft Corporation
HPZipm12.exe 1300 PML Driver HP
SMAgent.exe 1376 SoundMAX service agent component Analog Devices, Inc.
svchost.exe 1396 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1424 Generic Host Process for Win32 Services Microsoft Corporation
xcommsvr.exe 1460 BitDefender Communicator Server BitDefender
livesrv.exe 1488 BitDefender Security Service BitDefender S.R.L.
vsserv.exe 1584 BitDefender Security Service BitDefender S.R.L.
svchost.exe 1680 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 1708 Application Layer Gateway Service Microsoft Corporation
svchost.exe 980 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 532 LSA Shell (Export Version) Microsoft Corporation
BTTray.exe 1960 Bluetooth Tray Application WIDCOMM, Inc.
svchost.exe 2168 Generic Host Process for Win32 Services Microsoft Corporation
explorer.exe 2000 Windows Explorer Microsoft Corporation
SynTPLpr.exe 1776 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 564 0.95 Synaptics TouchPad Enhancements Synaptics, Inc.
bdagent.exe 1860 BitDefender Agent Application BitDefender S.R.L.
ctfmon.exe 1896 CTF Loader Microsoft Corporation
RootkitRevealer.exe 2456 Rootkit detection utility Sysinternals - www.sysinternals.com
iexplore.exe 3364 Internet Explorer Microsoft Corporation
procexp.exe 4012 0.95 Sysinternals Process Explorer Sysinternals
procexp.exe 4064 Sysinternals Process Explorer Sysinternals
Process: svchost.exe Pid: 812
Name Description Company Name Version
unicode.nls
locale.nls
sortkey.nls
sorttbls.nls
ctype.nls
SYNCOR11.DLL SynthCore R2.0 Midi Interface Driver SoundMAX 0.01.0002.0003
USP10.dll Uniscribe Unicode ****** processor Microsoft Corporation 1.420.2600.2180
COMRes.dll Microsoft Corporation 2001.12.4414.0258
MfcSubs.dll Microsoft Corporation 2001.12.4414.0258
CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308
es.dll Microsoft Corporation 2001.12.4414.0308
comsvcs.dll Microsoft Corporation 2001.12.4414.0308
colbact.DLL Microsoft Corporation 2001.12.4414.0308
catsrvut.dll Microsoft Corporation 2001.12.4414.0308
catsrv.dll Microsoft Corporation 2001.12.4414.0308
MTXCLU.DLL MS DTC amd MTS clustering support DLL Microsoft Corporation 2001.12.4414.0311
msi.dll Windows Installer Microsoft Corporation 3.01.4000.4039
ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.01.2600.2180
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
ShimEng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
AcGenral.DLL Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180
IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180
LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180
NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.01.2600.2180
WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180
WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.2180
WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
wzcsvc.dll Wireless Zero Configuration Service Microsoft Corporation 5.01.2600.2180
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
WMI.dll WMI DC and DP functionality Microsoft Corporation 5.01.2600.2180
MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
irmon.dll Infrared Monitor Microsoft Corporation 5.01.2600.2180
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180
hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180
wshirda.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180
rastls.dll Remote Access PPP EAP-TLS Microsoft Corporation 5.01.2600.2180
IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180
ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180
adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180
SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
RASAPI32.dll Remote Access API Microsoft Corporation 5.01.2600.2180
rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.2180
TAPI32.dll Microsoft® Windows Telephony API Client DLL Microsoft Corporation 5.01.2600.2180
WinSCard.dll Microsoft Smart Card API Microsoft Corporation 5.01.2600.2180
raschap.dll Remote Access PPP CHAP Microsoft Corporation 5.01.2600.2180
schedsvc.dll Task Scheduler Engine Microsoft Corporation 5.01.2600.2180
NTDSAPI.dll NT5DS Microsoft Corporation 5.01.2600.2180
audiosrv.dll Windows Audio Service Microsoft Corporation 5.01.2600.2180
MPR.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
WINHTTP.dll Windows HTTP Services Microsoft Corporation 5.01.2600.2180
cryptsvc.dll Cryptographic Services Microsoft Corporation 5.01.2600.2180
certcli.dll Microsoft® Certificate Services Client Microsoft Corporation 5.01.2600.2180
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180
ersvc.dll Windows Error Reporting Service Microsoft Corporation 5.01.2600.2180
pchsvc.dll Microsoft PCHealth Service Holder Microsoft Corporation 5.01.2600.2180
hidserv.dll HID Audio Service Microsoft Corporation 5.01.2600.2180
HID.DLL Hid User Library Microsoft Corporation 5.01.2600.2180
netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180
credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180
WZCSAPI.DLL Wireless Zero Configuration service API Microsoft Corporation 5.01.2600.2180
seclogon.dll Secondary Logon Service DLL Microsoft Corporation 5.01.2600.2180
sens.dll System Event Notification Service (SENS) Microsoft Corporation 5.01.2600.2180
srsvc.dll System Restore Service Microsoft Corporation 5.01.2600.2180
trkwks.dll Distributed Link Tracking Client Microsoft Corporation 5.01.2600.2180
w32time.dll Windows Time Service Microsoft Corporation 5.01.2600.2180
wmisvc.dll WMI Microsoft Corporation 5.01.2600.2180
VSSAPI.DLL Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL Microsoft Corporation 5.01.2600.2180
WSOCK32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
CLUSAPI.DLL Cluster API Library Microsoft Corporation 5.01.2600.2180
RESUTILS.DLL Microsoft Cluster Resource Utility DLL Microsoft Corporation 5.01.2600.2180
browser.dll Computer Browser Service DLL Microsoft Corporation 5.01.2600.2180
ipnathlp.dll Microsoft NAT Helper Components Microsoft Corporation 5.01.2600.2180
wscsvc.dll Windows Security Center Service Microsoft Corporation 5.01.2600.2180
wbemcomn.dll WMI Microsoft Corporation 5.01.2600.2180
wbemcore.dll WMI Microsoft Corporation 5.01.2600.2180
esscli.dll WMI Microsoft Corporation 5.01.2600.2180
FastProx.dll WMI Microsoft Corporation 5.01.2600.2180
wmiutils.dll WMI Microsoft Corporation 5.01.2600.2180
repdrvfs.dll WMI Microsoft Corporation 5.01.2600.2180
wmiprvsd.dll WMI Microsoft Corporation 5.01.2600.2180
NCObjAPI.DLL Microsoft Corporation 5.01.2600.2180
wbemess.dll WMI Microsoft Corporation 5.01.2600.2180
ncprov.dll Non-COM WMI Event Provision APIs Microsoft Corporation 5.01.2600.2180
netcfgx.dll Network Configuration Objects Microsoft Corporation 5.01.2600.2180
PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180
WINIPSEC.DLL Windows IPSec SPD Client DLL Microsoft Corporation 5.01.2600.2180
rastapi.dll Remote Access TAPI Compliance Layer Microsoft Corporation 5.01.2600.2180
unimdm.tsp Unimodem 5 Service Provider Microsoft Corporation 5.01.2600.2180
uniplat.dll Unimodem AT Mini Driver Platform Driver for Windows NT Microsoft Corporation 5.01.2600.2180
unimdmat.dll Unimodem Service Provider AT Mini Driver Microsoft Corporation 5.01.2600.2180
modemui.dll Windows Modem Properties Microsoft Corporation 5.01.2600.2180
kmddsp.tsp TAPI Kernel-Mode Service Provider Microsoft Corporation 5.01.2600.2180
ndptsp.tsp NDIS Proxy TAPI Service Provider Microsoft Corporation 5.01.2600.2180
ipconf.tsp Microsoft Multicast Conference TAPI Service Provider Microsoft Corporation 5.01.2600.2180
h323.tsp Microsoft H.323 Telephony Service Provider Microsoft Corporation 5.01.2600.2180
hidphone.tsp Microsoft HID Phone TSP Microsoft Corporation 5.01.2600.2180
rasppp.dll Remote Access PPP Microsoft Corporation 5.01.2600.2180
ntlsapi.dll Microsoft® License Server Interface DLL Microsoft Corporation 5.01.2600.2180
cryptdll.dll Cryptography Manager Microsoft Corporation 5.01.2600.2180
rasauto.dll Remote Access AutoDial Manager Microsoft Corporation 5.01.2600.2180
icmp.dll ICMP DLL Microsoft Corporation 5.01.2600.2180
SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 5.01.2600.2180
RASDLG.dll Remote Access Common Dialog API Microsoft Corporation 5.01.2600.2180
upnp.dll Universal Plug and Play API Microsoft Corporation 5.01.2600.2180
Apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation 5.01.2600.2180
wbemsvc.dll WMI Microsoft Corporation 5.01.2600.2180
srvsvc.dll Server Service DLL Microsoft Corporation 5.01.2600.2577
AUTHZ.dll Authorization Framework Microsoft Corporation 5.01.2600.2622
kerberos.dll Kerberos Security Package Microsoft Corporation 5.01.2600.2698
tapisrv.dll Microsoft® Windows Telephony Server Microsoft Corporation 5.01.2600.2716
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
netman.dll Network Connections Manager Microsoft Corporation 5.01.2600.2743
ESENT.dll Server Database Storage Engine Microsoft Corporation 5.01.2600.2780
rasmans.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.2908
dhcpcsvc.dll DHCP Client Service Microsoft Corporation 5.01.2600.2912
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938
NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976
wkssvc.dll Workstation Service DLL Microsoft Corporation 5.01.2600.2976
SXS.DLL Fusion 2.5 Microsoft Corporation 5.01.2600.3019
upnphost.dll UPnP Device Host Microsoft Corporation 5.01.2600.3077
USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119
SCHANNEL.dll TLS / SSL Security Provider Microsoft Corporation 5.01.2600.3126
OLEAUT32.dll Microsoft Corporation 5.01.2600.3139
GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159
CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
CRYPTUI.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180
WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982
UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
MSIDLE.DLL User Idle Monitor Microsoft Corporation 6.00.2900.2180
SHFOLDER.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180
POWRPROF.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982
SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2995
SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3051
shsvcs.dll Windows Shell Services Dll Microsoft Corporation 6.00.2900.3051
Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000
MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000
qmgr.dll Background Intelligent Transfer Service Microsoft Corporation 6.06.2600.2180
qmgrprxy.dll Background Intelligent Transfer Service Proxy Microsoft Corporation 6.06.2600.2180
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
wuapi.dll Windows Update Client API Microsoft Corporation 7.00.6000.0381
WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16512
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16512
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16512
Another svchost.exe P
Process PID CPU Description Company Name
System Idle Process 0 93.33
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 0.95
smss.exe 404 Windows NT Session Manager Microsoft Corporation
csrss.exe 452 Client Server Runtime Process Microsoft Corporation
winlogon.exe 476 Windows NT Logon Application Microsoft Corporation
services.exe 520 2.86 Services and Controller app Microsoft Corporation
ati2evxx.exe 672
svchost.exe 684 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 776 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 812 0.95 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 1972 Windows Security Center Notification App Microsoft Corporation
svchost.exe 868 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 968 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1104 Spooler SubSystem App Microsoft Corporation
btwdins.exe 1216 Bluetooth Support Server WIDCOMM, Inc.
MDM.EXE 1256 Machine Debug Manager Microsoft Corporation
HPZipm12.exe 1300 PML Driver HP
SMAgent.exe 1376 SoundMAX service agent component Analog Devices, Inc.
svchost.exe 1396 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1424 Generic Host Process for Win32 Services Microsoft Corporation
xcommsvr.exe 1460 BitDefender Communicator Server BitDefender
livesrv.exe 1488 BitDefender Security Service BitDefender S.R.L.
vsserv.exe 1584 BitDefender Security Service BitDefender S.R.L.
svchost.exe 1680 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 1708 Application Layer Gateway Service Microsoft Corporation
svchost.exe 980 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 532 LSA Shell (Export Version) Microsoft Corporation
BTTray.exe 1960 Bluetooth Tray Application WIDCOMM, Inc.
svchost.exe 2168 Generic Host Process for Win32 Services Microsoft Corporation
explorer.exe 2000 Windows Explorer Microsoft Corporation
SynTPLpr.exe 1776 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 564 0.95 Synaptics TouchPad Enhancements Synaptics, Inc.
bdagent.exe 1860 BitDefender Agent Application BitDefender S.R.L.
ctfmon.exe 1896 CTF Loader Microsoft Corporation
RootkitRevealer.exe 2456 Rootkit detection utility Sysinternals - www.sysinternals.com
iexplore.exe 3364 Internet Explorer Microsoft Corporation
procexp.exe 4012 0.95 Sysinternals Process Explorer Sysinternals
procexp.exe 4064 Sysinternals Process Explorer Sysinternals
Process: svchost.exe Pid: 2168
Name Description Company Name Version
unicode.nls
locale.nls
sortkey.nls
sorttbls.nls
ctype.nls
index.dat
index.dat
index.dat
SYNCOR11.DLL SynthCore R2.0 Midi Interface Driver SoundMAX 0.01.0002.0003
USP10.dll Uniscribe Unicode ****** processor Microsoft Corporation 1.420.2600.2180
COMRes.dll Microsoft Corporation 2001.12.4414.0258
CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308
odbc32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000
odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation 3.525.1117.0000
avicap32.dll AVI Capture window class Microsoft Corporation 5.01.2600.0000
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.01.2600.2180
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
WSOCK32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
MPR.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
ShimEng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
AcGenral.DLL Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
MSACM32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180
IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180
LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180
Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
icmp.dll ICMP DLL Microsoft Corporation 5.01.2600.2180
MSVFW32.dll Microsoft Video for Windows DLL Microsoft Corporation 5.01.2600.2180
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180
appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
RASAPI32.dll Remote Access API Microsoft Corporation 5.01.2600.2180
rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.2180
TAPI32.dll Microsoft® Windows Telephony API Client DLL Microsoft Corporation 5.01.2600.2180
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976
USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119
OLEAUT32.dll Microsoft Corporation 5.01.2600.3139
GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2982
UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982
SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2995
SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3051
Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
wininet.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16512
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16512
SynTPFcs.dll SynTPFcs Synaptics, Inc. 7.12.0007.00000 -
No rootkit was revealed by Rootkit Revealer
0 -
Please help...
These are saved files (3) from Process Explorer./applications/core/interface/file/attachment.php?id=1396" data-fileid="1396" rel="">csrss.exe.txt
/applications/core/interface/file/attachment.php?id=1397" data-fileid="1397" rel="">svchost.exe.txt
0 -
Please help...
These are saved files (3) from Process Explorer.
I'm waiting for what I've re-requested on private.0
