Archief - svchost.exe incoming connections (unwanted)

00:53:03	Administrator	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
01:45:12	Administrator	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
03:38:34	Administrator	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
04:15:38	Administrator	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
04:48:19	Administrator	IP-BLOCK	218.10.16.175 (Type: incoming, Port: 3389)
06:16:30	Administrator	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
06:46:23	Administrator	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
08:29:47	Administrator	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
08:30:50	Administrator	MESSAGE	Scheduled update executed successfully
08:30:52	Administrator	MESSAGE	IP Protection stopped
08:31:00	Administrator	MESSAGE	Database updated successfully
08:31:05	Administrator	MESSAGE	IP Protection started successfully
09:13:58	Administrator	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
10:43:41	Administrator	MESSAGE	Protection started successfully
10:43:46	Administrator	MESSAGE	IP Protection started successfully
11:27:06	Administrator	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
11:27:06	Administrator	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
12:51:20	Administrator	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
12:51:20	Administrator	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
12:58:01	Administrator	IP-BLOCK	85.234.175.25 (Type: incoming, Port: 47492, Process: svchost.exe)
12:58:01	Administrator	IP-BLOCK	85.234.175.25 (Type: incoming, Port: 47492, Process: svchost.exe)
12:58:09	Administrator	IP-BLOCK	85.234.175.25 (Type: incoming, Port: 47492, Process: svchost.exe)
12:58:09	Administrator	IP-BLOCK	85.234.175.25 (Type: incoming, Port: 47492, Process: svchost.exe)
12:58:09	Administrator	IP-BLOCK	85.234.175.25 (Type: incoming, Port: 47492, Process: svchost.exe)
12:58:09	Administrator	IP-BLOCK	85.234.175.25 (Type: incoming, Port: 47492, Process: svchost.exe)
13:30:17	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:30:18	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:30:18	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:30:18	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:30:26	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:30:26	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:02	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:02	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:02	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:02	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:02	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:02	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:10	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:10	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:10	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:10	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:18	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:18	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:18	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:18	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:34	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:34	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:42	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:32:42	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:35:15	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:35:15	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:35:23	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:35:23	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:37:39	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:37:39	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:37:39	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:37:39	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
13:57:16	Kenneth	MESSAGE	IP Protection stopped
13:57:18	Kenneth	MESSAGE	Database updated successfully
13:57:19	Kenneth	MESSAGE	IP Protection started successfully
14:20:59	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
14:20:59	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
14:20:59	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
14:20:59	Kenneth	IP-BLOCK	83.128.49.166 (Type: incoming, Port: 31613, Process: svchost.exe)
15:03:17	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
15:03:17	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
16:16:33	Kenneth	IP-BLOCK	222.186.31.222 (Type: incoming, Port: 1433, Process: svchost.exe)
16:16:33	Kenneth	IP-BLOCK	222.186.31.222 (Type: incoming, Port: 1433, Process: svchost.exe)
16:22:10	Kenneth	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
16:22:10	Kenneth	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)

Process	PID	CPU	Private Bytes	Working Set	Description	Company Name
System Idle Process	0	98.45	0 K	24 K		
System	4	< 0.01	0 K	10.352 K		
csrss.exe	576	< 0.01	1.756 K	5.168 K	Client Server Runtime Process	Microsoft Corporation
csrss.exe	628	< 0.01	10.152 K	8.832 K	Client Server Runtime Process	Microsoft Corporation
wininit.exe	636		1.356 K	4.152 K	Windows Start-Up Application	Microsoft Corporation
 services.exe	716		2.816 K	6.976 K	Services and Controller app	Microsoft Corporation
  svchost.exe	952		2.432 K	5.744 K	Host Process for Windows Services	Microsoft Corporation
   WmiPrvSE.exe	280		3.044 K	5.528 K	WMI Provider Host	Microsoft Corporation
  svchost.exe	1052		3.224 K	6.312 K	Host Process for Windows Services	Microsoft Corporation
  svchost.exe	1212	< 0.01	9.496 K	12.384 K	Host Process for Windows Services	Microsoft Corporation
   audiodg.exe	1724		980 K	3.512 K	Windows Audio Device Graph Isolation 	Microsoft Corporation
  svchost.exe	1240		4.372 K	8.252 K	Host Process for Windows Services	Microsoft Corporation
  svchost.exe	1260	< 0.01	22.624 K	30.436 K	Host Process for Windows Services	Microsoft Corporation
   taskeng.exe	1648		2.676 K	7.444 K	Task Scheduler Engine	Microsoft Corporation
    rundll32.exe	1692		2.340 K	3.628 K	Windows host process (Rundll32)	Microsoft Corporation
   taskeng.exe	2488		8.916 K	9.468 K	Task Scheduler Engine	Microsoft Corporation
  SLsvc.exe	1272		4.256 K	9.292 K	Microsoft Software Licensing Service	Microsoft Corporation
  svchost.exe	1356		6.232 K	10.988 K	Host Process for Windows Services	Microsoft Corporation
  svchost.exe	1416		11.164 K	13.600 K	Host Process for Windows Services	Microsoft Corporation
   dwm.exe	3524		1.040 K	3.736 K	Desktop Window Manager	Microsoft Corporation
  svchost.exe	1440		2.064 K	3.440 K	Host Process for Windows Services	Microsoft Corporation
  svchost.exe	1504	< 0.01	16.784 K	18.164 K	Host Process for Windows Services	Microsoft Corporation
   rdpclip.exe	1336		1.900 K	5.488 K	RDP Clip Monitor	Microsoft Corporation
  svchost.exe	1756		16.524 K	20.792 K	Host Process for Windows Services	Microsoft Corporation
  svchost.exe	1848		1.512 K	4.148 K	Host Process for Windows Services	Microsoft Corporation
  spoolsv.exe	816	< 0.01	6.776 K	11.708 K	Spooler SubSystem App	Microsoft Corporation
  armsvc.exe	1404		2.096 K	3.444 K	Adobe Acrobat Update Service	Adobe Systems Incorporated
  svchost.exe	1452		5.060 K	9.072 K	Host Process for Windows Services	Microsoft Corporation
  dfsrs.exe	1816	< 0.01	16.216 K	16.280 K	Distributed File System Replication	Microsoft Corporation
  svchost.exe	1912	< 0.01	13.676 K	15.568 K	Host Process for Windows Services	Microsoft Corporation
  dns.exe	1904	< 0.01	23.104 K	24.292 K	Domain Name System (DNS) Server	Microsoft Corporation
  inetinfo.exe	1964		7.488 K	13.248 K	Internet Information Services	Microsoft Corporation
  ismserv.exe	544		2.180 K	5.112 K	Windows NT Intersite Messaging Service	Microsoft Corporation
  ISPMonitorSrv.exe	2016	0.78	14.756 K	12.776 K	ISPMonitorSrv	How2 Studios
  mysqld.exe	2296	< 0.01	56.004 K	27.420 K		
  svchost.exe	2412		2.244 K	5.432 K	Host Process for Windows Services	Microsoft Corporation
  svchost.exe	2432		872 K	2.920 K	Host Process for Windows Services	Microsoft Corporation
  Locator.exe	2456		392 K	1.624 K	Rpc Locator	Microsoft Corporation
  svchost.exe	2500		3.500 K	6.420 K	Host Process for Windows Services	Microsoft Corporation
  TeamViewer_Service.exe	2532	< 0.01	4.392 K	9.008 K	TeamViewer Remote Control Application	TeamViewer GmbH
  ThinVnc.exe	2628	< 0.01	19.160 K	18.684 K	ThinVnc	Cybele Software, Inc.
  MediaServer.exe	2928	< 0.01	18.604 K	14.284 K		
  tvnserver.exe	2988	< 0.01	1.632 K	4.488 K	TightVNC Server for Windows	GlavSoft LLC.
  svchost.exe	3012		4.212 K	7.972 K	Host Process for Windows Services	Microsoft Corporation
  svchost.exe	3028	< 0.01	24.196 K	23.504 K	Host Process for Windows Services	Microsoft Corporation
  svchost.exe	3044		580 K	2.260 K	Host Process for Windows Services	Microsoft Corporation
  dfssvc.exe	3068		2.624 K	6.424 K	Windows NT Distributed File System Service	Microsoft Corporation
  DynUpSvc.exe	3188		4.544 K	5.620 K	DynDNS® Updater Service	Dynamic Network Services, Inc.
  mbamservice.exe	480		107.756 K	32.456 K	Malwarebytes' Anti-Malware	Malwarebytes Corporation
  msdtc.exe	3056		3.172 K	7.112 K	MS DTCconsole program	Microsoft Corporation
  svchost.exe	3636		3.308 K	5.004 K	Host Process for Windows Services	Microsoft Corporation
  alg.exe	3380		1.444 K	4.632 K	Application Layer Gateway Service	Microsoft Corporation
 lsass.exe	728	< 0.01	27.800 K	30.848 K	Local Security Authority Process	Microsoft Corporation
 lsm.exe	736		2.384 K	5.340 K	Local Session Manager Service	Microsoft Corporation
winlogon.exe	684		1.276 K	4.116 K	Windows Logon Application	Microsoft Corporation
csrss.exe	908	< 0.01	1.920 K	6.716 K	Client Server Runtime Process	Microsoft Corporation
winlogon.exe	3960		1.320 K	4.472 K	Windows Logon Application	Microsoft Corporation
explorer.exe	528	< 0.01	20.676 K	24.988 K	Windows Explorer	Microsoft Corporation

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Databaseversie: 7586

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

27/08/2011 21:33:15
mbam-log-2011-08-27 (21-33-15).txt

Scantype: Snelle scan
Objecten gescand: 220469
Verstreken tijd: 3 minuut/minuten, 9 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

00:40:30	Kenneth	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
00:40:30	Kenneth	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
01:18:19	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
01:18:19	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
02:48:14	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
02:48:14	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
03:38:28	Kenneth	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
03:38:28	Kenneth	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
04:51:49	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
04:51:49	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
06:57:56	Kenneth	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
06:57:56	Kenneth	IP-BLOCK	222.186.25.147 (Type: incoming, Port: 8909, Process: svchost.exe)
07:01:01	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
07:01:01	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
08:23:19	Kenneth	IP-BLOCK	121.10.105.101 (Type: incoming, Port: 47886, Process: svchost.exe)
08:23:19	Kenneth	IP-BLOCK	121.10.105.101 (Type: incoming, Port: 47886, Process: svchost.exe)
08:30:48	Kenneth	MESSAGE	Scheduled update executed successfully
08:30:49	Kenneth	MESSAGE	IP Protection stopped
08:30:56	Kenneth	MESSAGE	Database updated successfully
08:30:57	Kenneth	MESSAGE	IP Protection started successfully
09:01:50	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)
09:01:50	Kenneth	IP-BLOCK	222.186.26.11 (Type: incoming, Port: 8909, Process: svchost.exe)

Name	Description	Status  	Startup Type	Log On As
Active Directory Domain Services	AD DS Domain Controller service. If this service is stopped, users will be unable to log on to the network. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
Adobe Acrobat Update Service	Adobe Acrobat Updater houdt uw Adobe-software bij de tijd.	Started	Automatic	Local System
Application Experience	Processes application compatibility cache requests for applications as they are launched	Started	Automatic	Local System
Application Host Helper Service	Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.	Started	Automatic	Local System
Application Information	Facilitates the running of interactive applications with additional administrative privileges.  If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.		Manual	Local System
Application Layer Gateway Service	Provides support for 3rd party protocol plug-ins for Internet Connection Sharing	Started	Manual	Local Service
Application Management	Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Ati HotKey Poller			Automatic	Local System
ATI Smart			Automatic	Local System
Background Intelligent Transfer Service	Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.	Started	Automatic (Delayed Start)	Local System
Base Filtering Engine	The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.	Started	Automatic	Local Service
Certificate Propagation	Propagates certificates from smart cards.	Started	Manual	Local System
CNG Key Isolation	The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.		Manual	Local System
COM+ Event System	Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local Service
COM+ System Application	Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Computer Browser	Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.		Disabled	Local System
Cryptographic Services	Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Network Service
DCOM Server Process Launcher	Provides launch functionality for DCOM services.	Started	Automatic	Local System
Desktop Window Manager Session Manager	Provides Desktop Window Manager startup and maintenance services	Started	Automatic	Local System
DFS Namespace	Integrates disparate file shares into a single, logical namespace and manages these logical volumes.	Started	Automatic	Local System
DFS Replication	Enables you to synchronize folders on multiple servers across local or wide area network (WAN) network connections. This service uses the Remote Differential Compression (RDC) protocol to update only the portions of files that have changed since the last replication.	Started	Automatic	Local System
DHCP Client	Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local Service
DHCP Server	Performs TCP/IP configuration for DHCP clients, including dynamic assignments of IP addresses, specification of the WINS and DNS servers, and connection-specific DNS names. If this service is stopped, the DHCP server will not perform TCP/IP configuration for clients. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
Diagnostic Policy Service	The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components.  If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local Service
Diagnostic Service Host	The Diagnostic Service Host service enables problem detection, troubleshooting and resolution for Windows components.  If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local Service
Diagnostic System Host	The Diagnostic System Host service enables problem detection, troubleshooting and resolution for Windows components.  If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Manual	Local System
Distributed Link Tracking Client	Maintains links between NTFS files within a computer or across computers in a network.		Manual	Local System
Distributed Transaction Coordinator	Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. 	Started	Automatic (Delayed Start)	Network Service
DNS Client	The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Network Service
DNS Server	Enables DNS clients to resolve DNS names by answering DNS queries and dynamic DNS update requests. If this service is stopped, DNS updates will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
DynDNS Updater	Synchronizes DNS records from DynDNS.com with this computer's global IP address.	Started	Automatic	Local System
Extensible Authentication Protocol	The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP).  EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process.  If you disable this service, this computer is prevented from accessing networks that require EAP authentication.		Manual	Local System
File Replication	Allows files to be automatically copied and maintained simultaneously on multiple servers. If this service is stopped, file replication will not occur and servers will not synchronize. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
FileZilla Server FTP server			Manual	Local System
FTP Publishing Service	Enables this server to be a File Transfer Protocol (FTP) server. If this service is stopped, the server cannot function as an FTP server. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Function Discovery Provider Host	Host process for Function Discovery providers.		Manual	Local Service
Function Discovery Resource Publication	Publishes this computer and resources attached to this computer so they can be discovered over the network.  If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.	Started	Automatic	Local Service
Group Policy Client	The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.	Started	Automatic	Local System
Health Key and Certificate Management	Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service		Manual	Local System
Human Interface Device Access	Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
IIS Admin Service	Enables this server to administer the IIS metabase. The IIS metabase stores configuration for the SMTP and FTP services. If this service is stopped, the server will be unable to configure SMTP or FTP. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
IKE and AuthIP IPsec Keying Modules	The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.	Started	Automatic	Local System
Interactive Services Detection	Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there may no longer be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.		Manual	Local System
Internet Connection Sharing (ICS)	Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.		Disabled	Local System
Intersite Messaging	Enables messages to be exchanged between computers running Windows Server sites. If this service is stopped, messages will not be exchanged, nor will site routing information be calculated for other services.  If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
IP Helper	Provides automatic IPv6 connectivity over an IPv4 network.  If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network.	Started	Automatic	Local System
IPsec Policy Agent	Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.  This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec".  If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec.  Also,remote management of Windows Firewall is not available when this service is stopped.	Started	Automatic	Network Service
ISP Monitor		Started	Automatic	Local System
Kerberos Key Distribution Center	On domain controllers this service enables users to log on to the network using the Kerberos authentication protocol. If this service is stopped on a domain controller, users will be unable to log on to the network. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
KtmRm for Distributed Transaction Coordinator	Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM).	Started	Automatic (Delayed Start)	Network Service
Link-Layer Topology Discovery Mapper	Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device.  If this service is disabled, the Network Map will not function properly.		Manual	Local Service
MBAMService	Malwarebytes' Anti-Malware service	Started	Automatic (Delayed Start)	Local System
Media Center 15 Service	Support media functionality like infrared remote controls, etc.		Manual	Local System
Microsoft .NET Framework NGEN v2.0.50727_X86	Microsoft .NET Framework NGEN		Manual	Local System
Microsoft Fibre Channel Platform Registration Service	Registers the platform with all available Fibre Channel fabrics, and maintains the registrations.		Manual	Local Service
Microsoft iSCSI Initiator Service	Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Microsoft Software Shadow Copy Provider	Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Multimedia Class Scheduler	Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications.  If this service is stopped, individual tasks resort to their default priority.	Started	Manual	Local System
mysql		Started	Automatic	Local System
Net.Tcp Port Sharing Service	Provides ability to share TCP ports over the net.tcp protocol.		Disabled	Local Service
Netlogon	Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
Network Access Protection Agent	Enables Network Access Protection (NAP) functionality on client computers		Manual	Network Service
Network Connections	Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.	Started	Manual	Local System
Network List Service	Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.	Started	Automatic	Local Service
Network Location Awareness	Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Network Service
Network Store Interface Service	This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.	Started	Automatic	Local Service
Offline Files	The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.		Disabled	Local System
Performance Logs & Alerts	Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local Service
Plug and Play	Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.	Started	Automatic	Local System
PnP-X IP Bus Enumerator	The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning.		Disabled	Local System
Portable Device Enumerator Service	Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.		Manual	Local System
Print Spooler	Loads files to memory for later printing	Started	Automatic	Local System
Problem Reports and Solutions Control Panel Support	This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.		Manual	Local System
Protected Storage	Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users.		Manual	Local System
Remote Access Auto Connection Manager	Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.		Manual	Local System
Remote Access Connection Manager	Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Manual	Local System
Remote Access Quarantine Agent	Removes validated remote access clients from the quarantine network.		Manual	Local Service
Remote Procedure Call (RPC)	Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly.	Started	Automatic	Network Service
Remote Procedure Call (RPC) Locator	Manages the RPC name service database.	Started	Automatic	Network Service
Remote Registry	Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local Service
Resultant Set of Policy Provider	Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.

Routing and Remote Access	Offers routing services to businesses in local area and wide area network environments.	Started	Automatic (Delayed Start)	Local System
Secondary Logon	Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
Secure Socket Tunneling Protocol Service	Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.	Started	Manual	Local Service
Security Accounts Manager	The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests.  Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.	Started	Automatic	Local System
Server	Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
Shell Hardware Detection	Provides notifications for AutoPlay hardware events.	Started	Automatic	Local System
SL UI Notification Service	Provides Software Licensing activation and notification		Manual	Local Service
Smart Card	Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local Service
Smart Card Removal Policy	Allows the system to be configured to lock the user desktop upon smart card removal.		Manual	Local System
SNMP Trap	Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local Service
Software Licensing	Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode.	Started	Automatic	Network Service
Special Administration Console Helper	Allows administrators to remotely access a command prompt using Emergency Management Services.		Manual	Local System
SSDP Discovery	Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.		Disabled	Local Service
Superfetch	Maintains and improves system performance over time.		Disabled	Local System
System Event Notification Service	Monitors system events and notifies subscribers to COM+ Event System of these events.	Started	Automatic	Local System
Tablet PC Input Service	Enables Tablet PC pen and ink functionality	Started	Automatic	Local System
Task Scheduler	Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
TCP/IP NetBIOS Helper	Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local Service
TeamViewer 6	TeamViewer Remote Software	Started	Automatic	Local System
Telephony	Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.	Started	Manual	Network Service
Telnet	Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.		(Unknown)	Local Service
Terminal Services	Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service.  To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.	Started	Automatic	Network Service
Terminal Services Configuration	Terminal Services Configuration service (TSCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, TS themes, and TS certificates.	Started	Manual	Local System
Terminal Services UserMode Port Redirector	Allows the redirection of Printers/Drives/Ports for RDP connections	Started	Manual	Local System
Themes	Provides user experience theme management.	Started	Automatic	Local System
ThinVNC Service	Allows secure remote unattended access to this computer	Started	Automatic	Local System
Thread Ordering Server	Provides ordered execution for a group of threads within a specific period of time.		Manual	Local Service
TightVNC Server		Started	Automatic	Local System
TPM Base Services	Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications.  If this service is stopped or disabled, applications will be unable to use keys protected by the TPM.		Automatic (Delayed Start)	Local Service
TVersity Media Server	The Windows service of the TVersity Media Server software.	Started	Automatic	Local System
UPnP Device Host	Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.		Disabled	Local Service
User Profile Service	This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them.	Started	Automatic	Local System
Virtual Disk	Provides management services for disks, volumes, file systems, and storage arrays.		Manual	Local System
Volume Shadow Copy	Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
WebClient	Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local Service
Windows Audio	Manages audio for Windows-based programs.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start	Started	Automatic	Local Service
Windows Audio Endpoint Builder	Manages audio devices for the Windows Audio service.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start	Started	Automatic	Local System
Windows CardSpace	Securely enables the creation, management, and disclosure of digital identities.		Manual	Local System
Windows Color System	The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering.		Manual	Local Service
Windows Defender	Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions.		Automatic	Local System
Windows Deployment Services Server	Manages requests made by Pre-Boot eXecution Environment (PXE) - enabled client computers. If this service is stopped, PXE-enabled client computers will be unable to install Windows remotely or use other Windows Deployment Services -based tools. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
Windows Driver Foundation - User-mode Driver Framework	Manages user-mode driver host processes	Started	Automatic	Local System
Windows Error Reporting Service	Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.	Started	Automatic	Local System
Windows Event Collector	This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.	Started	Automatic	Network Service
Windows Event Log	This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.	Started	Automatic	Local Service
Windows Firewall	Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.	Started	Automatic	Local Service
Windows Image Acquisition (WIA)	Provides image acquisition services for scanners and cameras	Started	Automatic	Local Service
Windows Installer	Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.		Automatic	Local System
Windows Management Instrumentation	Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
Windows Modules Installer	Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.		Manual	Local System
Windows Presentation Foundation Font Cache 3.0.0.0	Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.		Manual	Local Service
Windows Process Activation Service	The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications.	Started	Manual	Local System
Windows Remote Management (WS-Management)	Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine.  The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.	Started	Automatic (Delayed Start)	Network Service
Windows Time	Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local Service
Windows Update	Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.	Started	Automatic (Delayed Start)	Local System
Wing FTP Server	Enables this computer to be a File Transfer Protocol (FTP,HTTP,SSH) server.		Automatic	Local System
WinHTTP Web Proxy Auto-Discovery Service	WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.	Started	Manual	Local Service
Wired AutoConfig	This service performs IEEE 802.1X authentication on Ethernet interfaces		Manual	Local System
WMI Performance Adapter	Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.		Manual	Local System
Workstation	Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local Service
World Wide Web Publishing Service	Provides Web connectivity and administration through the Internet Information Services Manager	Started	Automatic	Local System
XAMPP Service	XAMPP Control Panel Version 2.5 (9. May, 2007)		Automatic	Local System