Detailed guide to remove svchost.exe virus.

Navigation

Users of stationary computers or laptops who from time to time suffer from a sharp decrease in the performance of their devices and freezing of the operating system Windows 7 are trying to solve this problem by disabling unnecessary processes. By launching the "Task Manager", they discover an incredible number of active processes svchost.exe that consume all processor resources, clog up RAM and thereby significantly reduce the performance of the device.

Most users have no idea how to get out of this unpleasant situation and therefore resort to the most radical measures. We will try to tell you as much as possible about how to permanently solve the problem with the consumption of computer resources by a virus svchost.exe and return it to its former performance.

• Svchost.exe is considered an important executable file that gives rise to the launch of a number of services and functions vital for the operating system, and also allows you to run user-installed applications, programs and games. The standard system process does not cause any damage to the computer, does not load the processor and RAM, and the presence of " Task manager»Multiple active processes svchost.exe not yet a reason to panic. This is done by viruses that have infiltrated the device and take on guise svchost.exe, and thus complicate the process of their removal.
• File svchost.exe located in the partition of the disk on which the operating system was installed, in the folder / Windows / System32, while malware disguised as it often lies in directories “ Windows», « Program Files" and " Documents and Settings". In addition, viruses are often introduced into the system folders " drivers», « config», « system" other.

Formal process svchost.exe can be run exclusively on behalf of SYSTEM, LOCAL SSERVICE or NETWORK SSERVICE... In order to determine on whose behalf the process was launched, do the following:

• Step 1... Right-click on the free space on the taskbar and in the window that opens, select the line " Launch Task Manager", Or simultaneously hold down the combination of buttons on the keyboard Ctrl + Shift + Esc.

• Step 2... In the window that appears, go to the section " Processes"And for convenience, sort the processes by name. Find the processes " svchost.exe»And look carefully under which user or service they were activated. If the name of your account is opposite the process, then you have before your eyes a clearly viral program that prevents the operating system from functioning correctly.

How to neutralize the svchost.exe virus using standard Windows 7 operating system tools?

If you find among your processes a malicious program disguised as svchost.exe, then you can try to get rid of it using standard operating system tools Windows 7... To do this, follow these steps:

• Step 1... The first step is to disable the service that causes the virus to activate. Open " Task Manager"And find the malicious process in the list svchost.exe... Click on it with the right mouse button and in the window that appears, select the line " Go to services».

Figure 1. How to neutralize the svchost.exe virus using standard Windows 7 operating system tools?

• Step 2... In the window that opens, the services that activate the malicious software will be highlighted. It is necessary to remember their names, and then open " Control Panel"And go to the section" Administration».

• Step 3... In chapter " Administration"You need to go to the" Services"And among the complete list, find by name those that activate the virus. In the column “ Launch type"Set the state" Disable"For each of the services, then click the" Apply" and " OK».

• Step 4... Now go back to " Task Manager", Click on the malicious process with the right mouse button and select the line" End the process". After these actions and restarting the computer, the virus will no longer be activated. However, it will still remain on the computer. In order to completely remove it, you need to resort to the help of third-party software.

Preventing a virus from starting by disabling operating system services is only a temporary measure. Even if you manage to find a program infected with a virus and delete it, the system will still contain files created by this program, which are also infected. To get rid of them, you need to resort to the help of specialized programs.

Unfortunately, most modern free antivirus programs are ineffective, and someone simply may not have money for paid ones. However, there is a free utility called “ Dr.Web CureIt", Which performs a deep disk scan, scans files for viruses and successfully" cures "them. You can download it from official site manufacturer by this link... To get rid of the virus svchost.exe using this utility, do the following:

• Step 1... Program " Dr.Web CureIt"Does not require installation, so just download it from official site and run. Next, open on your computer “ Task Manager"And find the malicious process. Right-click on it and select the line “ Open file storage location».

• Step 2... The folder containing the virus-infected file will open. At the top of the window, you can see the exact address of its location. Remember this address and switch to the utility window.

• Step 3... Since the program may lose sight of some infected files during the full scan, it is best to scan the computer in separate directories. We should start with the one in which our infected file is located. To do this, on the main screen of the program, click on the button " Select objects to check».

• Step 4... In the window that opens, standard directories for checking will appear, including RAM, Windows root directory, documents and much more. It is necessary to press the button " Click to select files and folders", Manually find the directory with the infected file, mark it with a tick and press the button" OK».

• Step 5... After selecting the directory, press the button " Run check"And wait for the process to complete. If the utility cannot "cure" the files infected by the virus, it will automatically send them to quarantine. After spot checking the directories, you can perform a full scan of your computer. It is recommended to check your computer with this program at least once a week. " Dr. Web CureIt»Constantly improving and updating the virus databases. Therefore, with each update, you will have to re-download the program from official site .

IMPORTANT: The processes and services depicted in the screenshots are not viral and are taken solely for example. Do not under any circumstances delete or disable them on your computer!

VIDEO: svchost overloads the processor. Solution

The svchost system file is quite often the target of hacker attacks. Moreover, virus writers disguise their malware as its software "appearance". One of the brightest representatives of the "fake-svchost" viruses is Win32.HLLP.Neshta (Dr.Web classification).

This "impostor" copies itself to the Windows directory, infects files with the "exe" extension and takes system resources (RAM, Internet traffic). However, he is capable of other nasty things. There are known cases of infection when the viral svchost loads the computer's RAM by 98-100%, disconnects the Internet channel, and disrupts the functioning of the local network.

Svсhost files - good and bad, or who is who

The whole difficulty of neutralizing viruses of this type is that there is a risk of damaging / deleting a trusted Windows file with an identical name. And without it, the OS will not work, it will have to be reinstalled. Therefore, before proceeding with the cleaning procedure, let us familiarize ourselves with the special features of a trusted file and an "outsider".

True process

Manages system functions that are run from dynamic link libraries (.DLL): checks and loads them. Listens to network ports, transmits data through them. It is actually a Windows service application. It is located in the C: → Windows → System 32 directory. In XP / 7/8 OS versions, in 76% of cases it has a size of 20.992 bytes. But there are other options as well. More details can be found on the filecheck.ru/process/svchost.exe.html recognition resource (link - “29 more options”).

Has the following digital signatures (in the task manager, the "Users" column):

• SYSTEM;
• LOCAL SERVICE;
• NETWORK SERVICE.

Hacker fake

It can be located in the following directories:

• C: \ Windows
• C: \ My Documents
• C: \ Program Files
• C: \ Windows \ System32 \ drivers
• C: \ Program Files \ Common Files
• C: \ Program Files
• C: \ My Documents

In addition to alternative directories, hackers use almost identical names similar to the system process as a disguise for the virus.

For example:

• svch0st (the number "zero" instead of the letter "o");
• svrhost (instead of "c" the letter "r");
• svhost (no "c").

There are countless versions of the "free interpretation" of the name. Therefore, it is necessary to show increased attention when analyzing existing processes.

Attention! The virus may have a different extension (other than exe). For example, "com" (Neshta virus).

So, knowing the enemy (virus!) In person, you can safely proceed to its destruction.

Method # 1: cleaning with Comodo Cleaning Essentials

Cleaning Essentials is an antivirus scanner. Used as an alternative system cleaning software. It comes with two utilities for detecting and monitoring Windows objects (files and registry keys).

Where to download and how to install?

1. Open comodo.com (manufacturer's official website) in your browser.

Advice! It is better to download the distribution kit of the utility on a "healthy" computer (if possible), and then run it from a USB flash drive or CD-disk.

2. On the home page, hover over the Small & Medium Business section. In the submenu that opens, select the Comodo Cleaning Essentials program.

3. In the boot block, in the drop-down menu, select the bitness of your OS (32 or 64 bit).

Advice! The bit depth can be found through the system menu: open “Start” → enter “System Information” into the line → click on the utility with the same name in the “Programs” list → look at the “Type” line.

4. Click the "Free Download" button. Wait for the download to complete.

5. Unpack the downloaded archive: right-click on the file → "Extract all ...".

6. Open the unpacked folder and double-click the left button on the "CCE" file.

How to set up and clean your OS?

1. Select the "Custom scan" mode.

2. Wait a little while the utility updates its signature bases.

3. In the scan settings window, check the box opposite drive C. And also enable the check of all additional elements ("Memory", "Critical Areas ..", etc.).

4. Click "Scan".

5. Upon completion of the scan, allow the anti-virus to remove the found imposter virus and other dangerous objects.

Note. In addition to Comodo Cleaning Essentials, you can use other similar antivirus utilities to clean your PC. For example, Dr. Web CureIt !.

Helper utilities

The Cleaning Essentials package includes two auxiliary tools for real-time system monitoring and manual malware detection. They can be used if the virus cannot be neutralized during the automatic scan process.

Application for quick and convenient work with registry keys, files, services and services. Autorun Analyzer determines the location of the selected object, if necessary, it can delete or copy it.

To automatically search for svchost.exe files in the "File" section, select "Find" and specify a file name. Analyze the found processes, guided by the properties described above (see "Hacker forgery"). If necessary, remove suspicious objects through the context menu of the utility.

Monitors running processes, network connections, physical memory and CPU load. To catch a fake svchost using KillSwitch, follow these steps:

1. On the System tab, open the Processes section.
2. Analyze all activated svchost processes:
   • right-click on the file;
   • select "Properties";
   • look at its current directory. If it is different from C: \ Windows \ system32 \, it is most likely that the object under investigation is a virus.

If malware is detected:

1. Additionally, look in its field for the column "Assessment" (safe - safe) and the signature.
2. If these properties also do not correspond to the characteristics of the trusted system file, reactivate the context menu (right-click). And then run the "Pause" and "Delete" functions sequentially.
3. Continue checking, the virus may have created and launched copies of itself. It is also imperative to get rid of them!

Method number 2: using system functions

Autoload check

1. Click "Start".
2. Type msconfig in the search box and press Enter.
3. In the System Configuration window, go to the Startup tab.
4. Look at the commands (the "Command" column) that launch the items at Windows startup, and their location (directories, registry keys in the "Location" column):
   • Disable all directives containing svchost (uncheck the box next to the entry by clicking). It is 100% virus. The system process with the same name is never registered in startup.
   • Open the directory of the malware (specified in the "Location") and delete it. To neutralize the key in the registry, use the regular regedit editor: "Win + R" → regedit → Enter.

Analysis of active processes

1. Press Ctrl + Alt + Del.
2. Click on the "Processes" tab.
3. Check properties of all active svchost (name, extension, size, location). When analyzing, be guided by the data of the filecheck.ru service and the characteristics given in this article.

Right click on the name of the image. Select Properties from the menu.

If a virus is found:

• in the properties of the object, find out its location (copy or remember);
• click "End process";
• go to the malware directory and delete it using the standard function (right-click → Delete).

If it is difficult to determine: trusted or a virus?

Sometimes it's hard to tell if svchost is real or fake. In such a situation, it is recommended to carry out additional detection using the free online scanner "Virustotal". This service uses 50-55 antiviruses to scan an object for viruses.

1. Open virustotal.com in your browser.
2. Click Select File.
3. In Windows Explorer, open the directory of the process you want to check, select it by clicking, and then click "Open".
4. Click "Check!" To start scanning. The file will be downloaded from the PC to the service and scanning will start automatically.
5. Check out the test results. If the majority of antiviruses detect an object as a virus, it must be removed.

Greetings dear friends, readers, visitors and other personalities. Today we'll talk about such a thing as svchost.

Often, users, seeing a lot of svchost.exe in the list of processes (and there are almost a dozen or more of them), begin to panic and urgently write letters about the one that flooded their system and literally rushing out of the case, beforehand (apparently for intimidation) , :)

Today I want to close the question once and for all with what this most evil svchost virus is, how to deal with it and whether it should be done at all (and is it a virus at all :)).

What is this SVCHOST process and a virus or not?

Let's begin with that Generic Host Process for Win32 Services(namely, there is that very svchost) is a system process that is universally important in existence, namely those services, programs and services of the system that use the so-called DLL libraries.

Of these very svchost.exe, there really can be a lot of things in the system, because it is quite difficult for services and programs to use and mess around with one (there are a lot of them, and there is just one poor defenseless svchost), and therefore, usually the system starts several instances of this happiness, but with different numbers (process IDs, to be precise).

Accordingly, each svchost.exe serves its own set of services and programs, and therefore, depending on the number of them in Windows, the number of these very svchost processes can vary from one to several dozen. Once again, for those who did not understand: these are system processes and you do not need to touch them.

But in fact, there are situations when viruses are disguised under this process (I want to draw your attention once again: it is the viruses that are disguised, and not the process itself that is malicious). Let's figure out how to calculate them and what to do with them.

How to recognize the svchost virus and the file itself

To begin with, the system svchost.exe lives exclusively in the folder:

• C: \ WINDOWS \ system32
• C: \ WINDOWS \ ServicePackFiles \ i386
• C: \ WINDOWS \ Prefetch
• C: \ WINDOWS \ winsxs \ *

Where C: \ is the drive where the system is installed, and * is the long name of the folder like amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_f65efa35122fa5be

If it is located in any other place, and especially by some miracle it settled in the WINDOWS folder itself, then it is most likely (almost 95.5%) that it is a virus (with rare exceptions).

Here are some of the most ways viruses disguise themselves for this process:

• C: \ WINDOWS \ svchost.exe
• C: \ WINDOWS \ system \ svchost.exe
• C: \ WINDOWS \ config \ svchost.exe
• C: \ WINDOWS \ inet20000 \ svchost.exe
• C: \ WINDOWS \ inetsponsor \ svchost.exe
• C: \ WINDOWS \ sistem \ svchost.exe
• C: \ WINDOWS \ windows \ svchost.exe
• C: \ WINDOWS \ drivers \ svchost.exe

And some of the most commonly used file names, viruses masquerading as:

• svс host.exe (instead of the English "c", the Russian "c" is used)
• svch0 st.exe (zero is used instead of "o")
• svchos1 .exe (one is used instead of "t")
• svcc host.exe (2 "c")
• svhost.exe (skipped "c")
• svchosl .exe ("l" is used instead of "t")
• svchost32 .exe (added "32" at the end)
• svchosts32 .exe (added "s32" at the end)
• svchosts .exe (added "s" at the end)
• svchoste .exe (added "e" at the end)
• svchostt .exe (2 "t" at the end)
• svchosthlp .exe (added "hlp" at the end)
• sve host.exe ("e" is used instead of "c")
• svr host.exe ("r" is used instead of "c")
• svd host32 .exe ("d" is used instead of "c" + "32" is added to the end)
• svs host.exe ("s" is used instead of "c")
• svhostes .exe ("c" omitted + "es" added to the end)
• svs chost.exe (extra "s" added after "v")
• svcs host.exe (extra "s" added after "c")
• svx host.exe ("x" is used instead of "c")
• sys host.exe ("ys" is used instead of "vc")
• svche st.exe ("e" is used instead of "o")
• svchoes .exe ("es" is used instead of "st")
• svho0 st98 .exe
• ssvvcchhoosst.exe

Others, in general, also exist, but these are some of the most popular, so keep in mind and be vigilant.

You can see the name of the file in the task manager, although I recommend using it right away, since using it, you can immediately see the paths and other information simply by double-clicking on the process in the list.

How to remove and fix SVCHOST or virus problem

The good old will help us to remove this muck (if it is still it).
What do we do:

Well .. We smile and wave .. In the sense of enjoying life and a cleaned computer.

However, if this does not help, then there is still a small method (taking into account, of course, that you have done all of the above) that can help.

Checking corrupted system files for treatment

In rare (strongly) cases, the option of checking system files, which is in the system itself, can help. Go to the path "C: \ -> Windows -> System32" (where the C: \ drive is the one where the system is installed).

Find cmd.exe there, right-click on it and select " Run as administrator".

On the command line itself, enter the line:

And wait until the end of the process. The system will scan all protected system files and replace any corrupted files. It may not cure svchost itself, but it can fix accompanying files that lead to stress and other problems.

Afterword

As always, if you have any questions, additions or other differences, please write in the comments.

• PS: Many people are faced with the fact that svchost loads the processor and the system in general. This is often due to the fact that there is a virus in the system that sends spam or creates other harmful traffic, which is why the process is actively used by it. As a rule, this is treated by scanning for viruses, spyware and installing a firewall.
• PS2: The problem may be related to the work in the background of Windows update. It is possible that it makes sense to disable it or even to completely optimize the system (especially for the 10th version of the system)
• PS3: If all else fails, try running the Kaspersky Virus Remove Tool from to clean up possible svchost-variants of the virus

Today I want to talk about one process that is most likely familiar to every more or less advanced computer user, namely, the Svchost.exe process. Surely, experienced computer scientists have now remembered those times when a lot of viruses with similar names circulated on the network. And the process itself, for certain reasons, can load the system processor of your computer or laptop to a critical 100%. Let's try to figure out why Svchost.exe loads the processor or the system and which processes with a similar name are guaranteed to be malicious, as well as how to solve this problem.

What is Svchost?

I'll start with an explanation of what kind of process it is, and how important it is for the Windows operating system? So, Svchost.exe is one of the system processes loaded from dynamic DLLs, of which several can be launched at the same time. You can verify this by opening the Task Manager - simultaneously holding down the "Ctrl" + "Alt" + "Del" keys and then select "Task Manager". There is also another way to open - right-click on the taskbar and select "Start Task Manager":

To view running processes, go to the "Processes" tab and click on the "Show processes of all users" button. If this is not done, then you will not see the svchost.exe processes.

It is also worth noting that Svchost.exe is used in all versions of Windows, from 2000 to Windows 10. It was also decided to use one process for several services at once from the point of view of simplifying the work of the system and lower load on RAM, and this is quite justified. however, there are some drawbacks here (for example, the complication of searching for some viruses "disguised" as this process).

Svchost.exe loads the system. What to do?

So, you noticed that the computer slows down fiercely, and when the task manager was launched, it was noticed that almost all the processor resources were pulled by the Svchost.exe process. Most often, the reason is simple and straightforward. Either Svhost.exe is a virus, or the system is loaded due to the fact that you have automatic updates enabled. To begin with, we will use methods that do not interfere with the work of the system, and below I will tell you about viruses that still need to be calculated. Before reading this article, I ask you to restart your computer now, as it is possible that Windows did not start the service correctly on the system. Sometimes, this option helps to get rid of this problem, and of course, if you did a restart before, then now you can not restart your computer and continue reading the article.

Now go to the task manager, find the process named Svchost.exe, right-click on it and select "End Process Tree" from the list. If this did not help, then we continue to understand this issue.

One more thing that you must do now. Go to "Start" - "Run" or open this window using the buttons on the keyboard "Win" + "R". Then enter "Prefetch" and click "OK".

Next, a folder will open where you need to delete all the files that are in it. The files with the system settings "lie" here, but sometimes they are bad, and therefore follow this step to be sure that everything is in order with them.

Here you will need to select an item with the name "Administration".

Here you should find "Windows Update" and then disable this service. To do this, click on it 2 times with the left mouse button, then click on the "Stop" button. You will also need to set the manual startup type, then save all your changes (click "Apply" - "OK") and restart your computer.

Did not help? Then you can try to disable services that may be associated with Svchost.exe one by one. To do this, start the task manager, find the process that is using the most processor, right-click on it and click on "Go to services".

You will see a window with an impressive list of services using Svchost.exe. In this case, the services that use the specific process that you selected above in the task manager (the one that loads the system the most) will be highlighted in blue. Now you should disable one of the services one by one, checking the result after the next shutdown. To disable a service, left-click on it (to select), then right-click on it and select Stop Service. If you are an inexperienced user, I can assure you that you will not do anything bad to the system and therefore you can not worry about the further result.

At the same time, when a suspicious service is found, you should go to "Computer Management" (above I told how to enter services - through the control panel - administration - services) and disable it there, because if you use the "Task Manager" for these purposes, then this service will be restored and turned on again after you restart your computer. Typically, this process hangs on the "IP Helper Service" and "Windows Update" services. When you find a process that loads Svchost.exe by 100% or less (usually 50-100%), then go to the services, find the service, click on it 2 times, and in the window that opens do the following: in the "Startup type" select " Disabled "and press the Stop button. Then press Apply and then OK.

Well, in addition to the above, I would like to give two more simple ways that in some cases can help you without unnecessary manipulation of the processes:

• The first is to update Windows if it hasn't been updated before. Windows updates often solve many problems and this type of error is no exception.
• The second is to restore the system using a checkpoint, returning it to a state where no problems were observed.

What if a virus?

As I said, viruses that actively disguise themselves as the Svchost.exe process can also reduce the performance of your system. This is easily explained by the fact that this process is used by various libraries and it is difficult for the user to figure out which of the Svchost.exe processes shown in the task manager is malicious, and which is important and necessary.

How to determine? Remember, if Svchost.exe is a system process, then it will never be launched as a user, but only from NETWORK SERVICE, LOCAL SERVICE or SYSTEM. In addition, this operation is started exclusively through the system service programs. If it is launched from the Run registry key, it is a 100% virus.

Also, it will not be superfluous to pay attention to the name of the process. It so happens that in the name of Svchost.exe some letters are replaced by others, or in general there is a number instead of a letter, and they can also change letters in places (very often attackers use this type of visual deception). If so, then most likely it is a virus masquerading as a process.

It often happens that a virus infiltrates the Svchost.exe process itself, modifying it and leading to frequent system crashes. In any case, if there is a suspicion of infection, start the PC in safe mode (immediately after turning on the computer, press F8 and select the required option) and check the computer for viruses. I already on the site talked about the login methods for different versions of Windows:

Sometimes it's easier to reinstall the OS than to spend your own time looking for the problem, so if you don't have any specific programs or important data on your computer, then use this advice and don't "bother". After all, a novice user can spend a lot of time looking for a problem (5-6 hours), and reinstalling Windows takes about 2 hours.

If you have never reinstalled the system yourself, you can watch the video: "". This procedure is not complicated, the main thing is to understand the logical chain of what needs to be done and in what step. You can also read articles about how to reinstall this or that version of Windows:

I hope my article was useful for you and now you can not only find the "root of the problem", but also adequately eliminate it without harm to your system and your own nerves.

How many svchost.exe processes should be running? It is impossible to answer this question, since in each case the number of running svchost.exe processes is different. It depends not only on the version of your operating system, but also on its build!

Since it is impossible to know the exact number of processes, the creators of the malware could not have taken advantage of this moment!

A huge number of viruses, Trojans and other malicious programs have chosen the svchost.exe process and, in order to disguise themselves in the system, disguise themselves as this process.

That is, malicious programs are launched with the name "svchost.exe" and are lost against the background of many system processes with the same name. This leads to the fact that the chances of being unnoticed in the system increase several times.

How to identify the malicious svchost.exe process

Naturally, if the user suspects that the "svchost.exe" process is malicious, then first of all, the user will scan the computer for viruses and other things.

But, if after checking the antivirus program reports that the system is clean and no malware was found, this may not be entirely true!

In this case, it is worth checking the "svchost.exe" process manually. This is done quite simply, all you need is to know some points about the svchost.exe process.

1) The process is always launched from the system folder "System32" If this is not the case, then most likely the file named svchost.exe is malicious.

2) The svchost.exe process will never run as a user - this must be remembered. The process is always started from "Local Service, System, Network Service".

As you understand, if the svchost.exe process was launched from the current username or not from the system folder, then it is worth taking measures to check the suspicious file.

To make sure the original file is running, start Task Manager and find the list of svchost.exe processes on the Details tab.

In this screenshot, all processes are launched by the system itself, which means that most likely there is no malicious file named "svchost.exe" among this list. Take a look at the screenshot below ...

In this screenshot we see the svchost.exe process launched by a user named "SuperUser" This suggests that this process is more malicious.

You need to press "RMB" where from the context menu select "Open location" Windows Explorer will open and you will find out the full path to the suspicious file! What to do with him next, I think it's clear as day!

Important to know: Some viruses do not easily use the name "svchost.exe" to hide their presence in the system, but they can also use the original svchost.exe file for their own selfish purposes.

In this regard, manual verification will not give a result here! It was also said above that an antivirus can give no result in the search for a virus! A logical question arises, what to do?

As an option to use a free "firewall" among which I personally single out "comodo firewall" how can he help us? It's that simple! If a virus using the svchost.exe process suddenly decides to show network activity, then the user will be aware of this!

From the screenshot you can clearly see that the svchost file is trying to connect to the server on port 80, the original file will never do this, so svchost is infected!

You can quickly block network access for the svchost file, which would be quite reasonable! Since in this case, there is a possibility of transferring confidential data, for example passwords from the browser to the "Gate"

Leakage of such information yourself understand how it could end for you!

What to do with the infected svchost.exe file? Since there is exactly zero sense from the current antivirus and manual check, then open the site "virustotal.com" and check the file. By the way, do it right now!

My result is as follows. Everything is clean! If any antivirus would react, for example "Avast", then I would uninstall the current antivirus and install Avast and cure svchost.exe.