[manu]

Well, heres the list of trustable processes in Windows.. ( Hey, you can exploit volunerabilies of unpatched LSASS or see, I am just talking about basic process names, This is for a newbie only) .. You should check the spelling, SVCHOST.EXE and SCVHOST.EXE could make you confused... The first one is good and the second one is harm. Good ones are harmless. Removing them may cause problem to your computer system.

See some OK processes

acrobat.exe

acrotray.exe

Ad-aware.exe

agentsvr.exe

agrsmmsg.exe

alg.exe

apoint.exe

ati2evxx.exe

Avconsol.exe

Avsynmgr.exe

cisvc.exe

CMGrdian.exe

cpqek.exe

csrss.exe

ctfmon.exe

davcdata.exe

ddhelp.exe

ddhelp.exe

digstream.exe

directcd.exe

dsentry.exe

explorer.exe

frameworkservice.exe

hibserv.exe

iexplore.exe

inetinfo.exe

internat.exe

iTouch.exe

locator.exe

lsass.exe

mcshield.exe

mdm.exe

mobsync.exe

mspmspsv.exe

NDDEAGNT.EXE

nopdb.exe

outlook.exe

PcfMgr.exe

pctspk.exe

promon.exe

pstores.exe

regsvc.exe

rpcss.exe

RuLaunch.exe

rundll32.exe

services.exe

shstat.exe

smss.exe

spoolsv.exe

stisvc.exe

svchost.exe

syntpenh.exe

syntplpr.exe

System Process

tcpsvcs.exe

tfswctrl.exe

tgcmd.exe

updaterui.exe

Vshwin32.exe

VsStat.exe

wanmpsvc.exe

winlogon.exe

winword.exe

wmiapsrv.exe

wmiexe.exe

wuauclt.exe

Heres the list of some harmful processes. It could be viruses or spywares.

adaware.exe

Ausvc.exe

AVGuard.exe

Avsynmgr32.exe

backWeb.exe

brasil.exe

datemanager.exe

gator.exe

GMT.EXE

kazza.exe

run32dll.exe

scvhost.exe

svchosts.exe

sysai.exe

Take care of your Pc.
Manu ;)

[temptation]

Hi there ...

I don't think this list is good ...
you can rename ur trojan or virii like you want, for example acrobat.exe ...
so u think it is a good prog, instead it is a trojan :(

[manu]

temptation, on Jul 11 2004, 08:12 PM, said:

Hi there ...

I don't think this list is good ...
you can rename ur trojan or virii like you want, for example acrobat.exe ...
so u think it is a good prog, instead it is a trojan :(

Of course you could do.. I told you, this is just for a newbie who could look first into their processes and you see, like that.. You must be having a AV and FW and an Anti Spyware anyway.

Manu

[passi]

Manu this is a good idea but you realized it badly :-/

Becouse svchost.exe can be in system32 OR everywhere else. but you only see "svchost.exe". You know what i mean? :P

[Reclone]

Indeed, look at both the proces and the location it is at. For instance svchost.exe outside the system32 dir or the dllcache dir is always bogus. Or notepad.exe in the system32 dir for that matter. The list you posted in this form is useless because anything can be renamed to an 'OK' looking executable. But you cant replace svchost.exe in the system32 dir with a trojan called svchost.exe.

[gijukud6]

You can use fport.exe (find it in commandlinetools in public downloads).
It shows you all open processes, its paths, even the Port of it.
So if you found something like this:

3560 svchost -> 6666 TCP C:\winnt\system32\drivers\svchost.exe

You can try to connect to your IP with an FTP Client on Port 6666.
Maybe it's serv-u or somethin like this...

greetz

[manu]

Quote

You must be having a AV and FW and an Anti Spyware anyway.

I had replied it already... Process list I posted doesnt mean that you are safe.. They are just OK processes.. Anyway, this discussion is good only, a Newbie who read this will be getting better and better idea by your replies.. Thank you guys..

Manu ;)