CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
| CLSID | Name | Filename | Description | Status |
| {ACBD7024-CF3C-495F-9840-244CD16A5826} | Data Collector Toolbar | svchost.dll | Parasite connecting to letectvi.cz - detected by AntiVir as TR/BHO.HM | X BHO |
| {CAC068F3-A608-406B-8581-458788A67694} | Webacc | svchost.dll | 91Cast adware | X BHO |
| {F12E3C8F-924C-4447-9D8A-ED97A28C8C8C} | Data Collector Toolbar | svchost.dll | Parasite connecting to letectvi.cz - detected by AntiVir as TR/BHO.HM | X BHO |
| {3A4E6FF3-BF59-446E-9DC8-731BCE2F349A} | IE 4.x-5.x BHO in ObjectPascal | svchost.dll | PWSteal.Tarno.P trojan | X BHO |
| {FC37E818-6FBF-42F7-8CDE-72B890F493D9} | ����� | msnetres.dll, msnetre.dll, svchost.dll | Unidentified parasite of Chinese origin - should you have any information about this application, do email us - if you actually have a copy of the file, please attach it to your email for analysis. Thanks! | X BHO |
Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| Windows Default Configuration | svchost.exe | Added by the Troj/Dloader-U Trojan! Note: Located in \%WINDIR%\ Note: Do not remove the legitimate svchost.exe file which is always found in \%WINDIR%\System32\ - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | X |
| zztp | svchost.exe | Added by the Trojan.Tannick.B Trojan! Note: Located in \%WINDIR%\System32\zztp\ Note: Do not remove the legitimate svchost.exe file which is always found in \%WINDIR%\System32\ - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | X |
| [filename] | svchost.scr | Added by the Troj/Banker-CC Trojan! Note: Located in \%WINDIR%\System32\ | X |
| _svchost.con | svchost.com | Added by the W32.Erkez.C@mm WORM! Note: Located in \%WINDIR%\System32\ | X |
| F-Secure 2005 | svchost.exe | Added by the Troj/Bifrose-CH TROJAN! Note: Located in \%WINDIR%\ Note: Do not remove the legitimate svchost.exe file which is always found in \%WINDIR%\System32\ - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup! | X |
O20 List Results
AppInit_DLLs & Winlogon Notify
AppInit_DLLs & Winlogon Notify
| Name | Filename | Description | Status |
| svchost.dll | %SYSDIR%\svchost.dll | PurityScan | X AppInit_DLLs |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| Service de l’Assistant Compatibilité des programmes (PcaSvc) | svchost.exe | Related to Program Compatibility Assistant Service This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. Note: This service on Vista - 64 bit operating system is launched by svchost.exe, but the actual application is what is listed as the service name with the filename \%WINDIR%\%System%\PcaSvc.dll | L |
| Gestion des clés et des certificats d'intégrité (hkmsvc) | svchost.exe | Related to Health Key and Certificate Management Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service. Note: This service on Vista - 64 bit operating system is launched by svchost.exe, but the actual application is what is listed as the service name with the filename \%WINDIR%\%System%\hkmsvc.dll | L |
| Modules de génération de clés IKE et AuthIP (IKEEXT) | svchost.exe | Related to IKE and AuthIP IPsec Keying Modules The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Note: This service on Vista - 64 bit operating system is launched by svchost.exe, but the actual application is what is listed as the service name with the filename \%WINDIR%\%System%\IKEEXT.dll | L |
| Assistance IP (iphlpsvc) | svchost.exe | Related to IP Helper Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. Note: This service on Vista - 64 bit operating system is launched by svchost.exe, but the actual application is what is listed as the service name with the filename \%WINDIR%\%System%\iphlpsvc.dll | L |
| Mappage de découverte de topologie de la couche de liaison (lltdsvc) | svchost.exe | Related to [url=http://wiki.blackviper.com/wiki/Link-Layer_Topology_Discovery_Mapper]Link-Layer Topology Discovery Mapper[/url Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. Note: This service on Vista - 64 bit operating system is launched by svchost.exe, but the actual application is what is listed as the service name with the filename \%WINDIR%\%System%\lltdsvc.dll | L |
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| okosrv | SvchOst.eXE | Added by the TrojanProxy:Win32/Koobface.gen!G | X |
| NcbService | svchost.exe | Related to the xxxCXTuner.sysxxx A connection broker is a software program that allows the end-user to connect to an available desktop from Microsoft Corporation. Note: This service is run the the service host | L |
| WindowsDriver | svchost.exe | Added by the Infostealer trojan, detected by Kaspersky antivirus as Trojan-Dropper.Win32.Agent.gupx | X |
| eventchk | svchost.exe | Added by the svchost.exe Worm.Generic.24677 Note: Do not remove the legitimate (svchost.exe) file which is always found in \%Windir%\%System%\ | X |
| Host Generic Process | svchost.exe | Infostealer trojan, detected by Microsoft as "Trojan:Win32/Malex.gen!E" Note: Do not remove the legitimate (svchost.exe) file which is always found in \%Windir%\%System%\ | X |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {2BF41072-B2B1-21C1-B5C1-0305F4155515} | (no name) | svchost.exe, svchost.pif , iexplore.exe, Ma0ya0.exe, system.exe, system2.exe, R_Server.exe, svchost.exe, svohcst.exe, other filenames | Infostealer trojan, detected by Kaspersky antivirus as Trojan.Win32.Scar - see here, here or here | X |
| {0BBA3D30-AC6B-D6A7-AA17-10DAF6CA2F9C} | (no name) | svchost.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Ainslot.A - also see here | X |
| {55CLT5SP-KK4F-28DW-CR5L-B36Y66V74KUB} | (no name) | Svchost.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here | X |
| {DF6ABFA9-F098-6014-8967-4DBEB7B2F2CA} | (no name) | svchost.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Ainslot.A - also see here | X |
| {5L40LKFR-QBYF-67Q8-B2U8-5W03312WUDQ8} | (no name) | svchost.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here | X |