SVCHOST Diag
~~~~~Services loaded under SVCHOST~~~~~
Image Name: svchost.exe
PID: 676
Services: DcomLaunch
PlugPlay
Power
Image Name: svchost.exe
PID: 760
Services: RpcEptMapper
RpcSs
Image Name: svchost.exe
PID: 980
Services: AudioSrv
Dhcp
eventlog
lmhosts
wscsvc
Image Name: svchost.exe
PID: 428
Services: AudioEndpointBuilder
CscService
Netman
PcaSvc
SysMain
TrkWks
UxSms
WdiSystemHost
WPDBusEnum
wudfsvc
Image Name: svchost.exe
PID: 392
Services: AeLookupSvc
Appinfo
AppMgmt
BITS
gpsvc
IKEEXT
iphlpsvc
LanmanServer
MMCSS
ProfSvc
Schedule
SENS
ShellHWDetection
Themes
Winmgmt
wuauserv
Image Name: svchost.exe
PID: 1116
Services: EventSystem
netprofm
nsi
WdiServiceHost
Image Name: svchost.exe
PID: 1236
Services: CryptSvc
Dnscache
LanmanWorkstation
NlaSvc
Image Name: svchost.exe
PID: 1424
Services: BFE
DPS
MpsSvc
Image Name: svchost.exe
PID: 524
Services: stisvc
Image Name: svchost.exe
PID: 2332
Services: PolicyAgent
Image Name: svchost.exe
PID: 3152
Services: FontCache
SSDPSRV
upnphost
~~~~~Modules loaded under SVCHOST~~~~~
Image Name: svchost.exe
PID: 676
Modules: N/A
Image Name: svchost.exe
PID: 760
Modules: N/A
Image Name: svchost.exe
PID: 980
Modules: N/A
Image Name: svchost.exe
PID: 428
Modules: N/A
Image Name: svchost.exe
PID: 392
Modules: N/A
Image Name: svchost.exe
PID: 1116
Modules: N/A
Image Name: svchost.exe
PID: 1236
Modules: N/A
Image Name: svchost.exe
PID: 1424
Modules: N/A
Image Name: svchost.exe
PID: 524
Modules: N/A
Image Name: svchost.exe
PID: 2332
Modules: N/A
Image Name: svchost.exe
PID: 3152
Modules: N/A
~~~~~SVCHOST service~~~~~
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,41,00,75,00,64,00,69,00,6f,00,\
53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,\
00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,\
61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,\
00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,\
74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,\
00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,\
61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,\
00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,\
6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,\
00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,\
65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,\
00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,\
00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,\
75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,\
00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,\
6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,\
00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,\
70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,\
00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,6d,00,\
73,00,69,00,73,00,63,00,73,00,69,00,00,00,73,00,63,00,68,00,65,00,64,00,75,\
00,6c,00,65,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,\
76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,41,00,70,00,70,\
00,4d,00,67,00,6d,00,74,00,00,00,00,00
"LocalService"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,\
00,73,00,74,00,72,00,79,00,00,00,57,00,69,00,6e,00,48,00,74,00,74,00,70,00,\
41,00,75,00,74,00,6f,00,50,00,72,00,6f,00,78,00,79,00,53,00,76,00,63,00,00,\
00,73,00,70,00,70,00,75,00,69,00,6e,00,6f,00,74,00,69,00,66,00,79,00,00,00,\
6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,57,00,65,00,62,00,43,\
00,6c,00,69,00,65,00,6e,00,74,00,00,00,00,00
"LocalSystemNetworkRestricted"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,\
00,41,00,75,00,64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,69,00,6e,00,\
74,00,42,00,75,00,69,00,6c,00,64,00,65,00,72,00,00,00,64,00,6f,00,74,00,33,\
00,73,00,76,00,63,00,00,00,57,00,50,00,44,00,42,00,75,00,73,00,45,00,6e,00,\
75,00,6d,00,00,00,77,00,6c,00,61,00,6e,00,73,00,76,00,63,00,00,00,00,00
"LocalServiceNoNetwork"=hex(7):50,00,4c,00,41,00,00,00,00,00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"LocalServiceNetworkRestricted"=hex(7):41,00,75,00,64,00,69,00,6f,00,53,00,72,\
00,76,00,00,00,42,00,74,00,68,00,48,00,46,00,53,00,72,00,76,00,00,00,4c,00,\
6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,00,73,00,63,00,73,00,76,00,63,\
00,00,00,57,00,50,00,43,00,53,00,76,00,63,00,00,00,00,00
"LocalServiceAndNoImpersonation"=hex(7):53,00,53,00,44,00,50,00,53,00,52,00,56,\
00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,\
61,00,72,00,64,00,53,00,76,00,72,00,00,00,54,00,42,00,53,00,00,00,51,00,57,\
00,41,00,56,00,45,00,00,00,77,00,63,00,6e,00,63,00,73,00,76,00,63,00,00,00,\
00,00
"DcomLaunch"=hex(7):50,00,6f,00,77,00,65,00,72,00,00,00,50,00,6c,00,75,00,67,\
00,50,00,6c,00,61,00,79,00,00,00,44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,\
6e,00,63,00,68,00,00,00,00,00
"NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\
44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,44,00,4e,00,53,00,43,00,61,00,63,00,68,00,65,00,\
00,00,4e,00,61,00,70,00,41,00,67,00,65,00,6e,00,74,00,00,00,6e,00,6c,00,61,\
00,73,00,76,00,63,00,00,00,57,00,69,00,6e,00,52,00,4d,00,00,00,57,00,45,00,\
43,00,53,00,56,00,43,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,\
00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:0000001c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
"AuthenticationLevel"=dword:00000006
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000
"AuthenticationLevel"=dword:00000006
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
"CoInitializeSecurityParam"=dword:00000001
"CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"
~~~~~SVCHOST MD5~~~~~
54A47F6B5E09A77E61649109C6A08866 C:\Windows\system32\svchost.exe
~~~~~END OF FILE!~~~~~