There are packages running under svhost.exe I know I can disable them or even some remove with the help of Install_wim_tweak but even when I remove package the services still remain in services and when I go to properties is says svhost.exe. That's why was wondering if it would be possible to edit and clean up svhost.exe?
@David34: Only by reverse Engineering it, producing an exact source file, editing it and recompiling. Unfortunately, the file signature difference would trigger all kinds of alarms in malware scanners. P.S.: It's called 'svchost.exe'
Thanks MichaelaJoy that's what I was actually thinking as it's exe I could copy it I could decompile it and play with it a bit. And I don't use any antiviruses scanners etc. Will Google a bit about decompiling exe
@David34: All I can say is "have at it". The learning experience will be amazing for You. (I was at the exact same place over 30 years ago. )
just found that i dont need to edit svchost.exe as all svchost.exe does is to call services to start and run at boot up or whenever needed heres registry key where i can remove from svchost.exe calling services i dont want it to run under svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost i removed those AJRouter WebClient RemoteRegistry uploadmgr dmwappushservice XblAuthManager RetailDemo OneSyncSvc and now less errors in event viewer anoter usefull command tasklist /SVC /FI "IMAGENAME eq svchost.exe" to list services running under svchost
Have you tried Process Hacker (from Sourceforge) and just double-click the svchost.exe process and select the Services tab to view running services in each svhost? There's also another Services tab on the main window for managing all services
the task manager does the same. Go to the detail tab, select a svchost process, right click and click on "Go to service(s)"
@chris I was rather talking about the none existing services svchost.exe was calling for like for example aljoyn I think best is to as I said earlier remove those things from svchost.exe registry.
31 year old female on mdl probably very pretty cute and single, and from the other side all those single males around.
Those "hidden" services can be queries/stopped/disabled/deleted using the sc query <service name> to query or sc stop <service name> to stop it or sc control <service name> start=disabled to disable it or sc delete <service name> to delete it. I'm not sure what you try to achieve by editing HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost but you're more than likely doing something wrong if it's to delete or disable a service. You're just removing from what group they're part of, and possibly some security features. I hope you made a restore point before you started editing your registry.
@chris HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost that's list of services svchost.exe call whenever needed whatever you remove from there SvcHost won't be looking for it anymore. If you remove aljoyn package from your windows, because that service runs under svchost.exe, svchost.exe will still be asking about it. And event viewer will show error. That's an example there's many services running under svhost.exe and even if you remove package those services are still in svchost.exe registry means svchost.exe will keep asking for it unless you remove it fromHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost