Quick links UVK Help: Windows services and drivers Search carifred.com
 Home
 UVK
 Branding version
 UVK forums
 Installing UVK
 Welcome screen
 UVK immunization
 Process manager
 Modules manager 
 Startup entries
 Services/Drivers
 Streams manager
 Delete file or folder
 Scan & create log
 Run UVK Scripts
 UVK tools
 UVK System repair
 UVK Options
 System Info
 Automatic scans
 Useful links
 Keyboard usage
 Context menu
 File signatures
 Custom commands
 UVK log
 Log analyzer
 Command line ref.
 Change log
 Script collection
 Send a comment

Would you like to brand UVK with your own logo and name? Click here!

On the Welcome screen, click Windows services and drivers. UVK will be displayed like the screenshot below:

Click the line corresponding to the service or driver you want to manage. Right-click it to open the menu.

Alternately you can just press Ctrl+Enter to open the Service Properties window or use any of the hotkey combinations shown in the context menu.

You can select several lines at once by holding the Ctrl key down while clicking the lines. When several lines are selected, the action you choose will be performed to all the valid selected lines.

Getting information about a service or driver:

Click the icon Service properties or Service Properties on the menu (Ctrl+Enter) to get more information about the selected service or driver. You can also just double-click the line corresponding to the service you want to get info.

A small window will popup like the picture below, with several fields containing the service's name, the registry key where it located, the full path of the file that is ran, the command line used to run it, its description and digital signature.

Click the Go button to open the registry editor on the corresponding registry key, which is also written in the field to the left of the button.

Service properties

 

Click the button Submit MD5 to VirusTotal to get a VT report of the selected file's MD5 hash.

You can get even more information on the files by clicking the buttons on the context menu, which we'll explain later on this page. 

Configuring a  service or driver:

Service management icons

Click the icons shown in the picture above to perform common service related tasks: Stop start, pause, resume the selected service(s), or set their startup type.

Stop service   ==> Stop the selected service(s). Start service  ==> Start the selected service(s).
Pause service  ==> Pause the selected service(s).    Resume service  ==> Resume the selected service(s).

Set service start type  ==> Set the service start type. For each service you have selected, you'll be prompted to choose the start type, as shown in the pictures below:

Select service start type           Select service start type

The current start type is automatically selected, as shown i the left picture. Select the new start type,as shown in the right picture. Click OK to apply, or Cancel to cancel the operation. 

Choosing the services and drivers to be displayed:

Click the icon Services display settings to change the services to be displayed. This can highly affect the speed to refresh the list. A dialgol box will be displayed like the pictures below:

Services display settings          Services display settings

When UVK is installed, the default option is Hide inactive services and drivers. Select the desired option and click OK. Or click Cancel to keep the current option. The list will be automatically updated.

If you choose Hide Microsoft services and drivers, the list can take a while to update, because UVK will have to verfy the digital signatures for all the services and drivers files.

Click Stop all non Microsoft services if you want to stop malware that is running as service, if you want to diagnose a conflict or BSOD, or if you just need to free resources. The services files signatures will be verified before stopping the services, to ensure that only Microsoft services are kept running.

Deleting a  service or driver and file (if desired):

To delete a service or driver without deleting the destination file click Delete service menu or just press Del. You can also click Delete service but make sure that Also delete file is unchecked or the service file will be deleted!

To delete  a service or driver and the corresponding file click Delete service menu or press Ctrl+Del. Alternately, you can check Also delete file and click Delete service.

Deleted files are moved to the recycle bin, so if you make a mistake, you can always restore them from there.

Before deleting a file, UVK always checks its signature, and if you're about to delete a file digitally signed by Microsoft, a message box will popup as shown in the image below.

This security feature is intended to prevent deleting system files by mistake, so when you got this message, you should click No, unless you know exactly what you're doing.

This software was created to delete virus, not system files, so, in a case like this one, if you click Yes, you're at your own risk. We won't be responsible for what may happen to your computer.

Right click context menu:

To get more information about a service or a driver, right-click the corresponding line.

A menu with several options will be displayed:

Submit file MD5 to VirusTotal (Ctrl+M):
Creates an html VT report of the selected MD5 hash(es).
VirusTotal has the most complete virus info database.

Search file name in ThreatExpert (Ctrl+T) or
Search file MD5 in ThreatExpert (Alt+T):
ThreatExpert has an excelent malware info database. If the selected file is present in this database, you can get information on which files it creates, which registry entries it changes, etc.

Search file info with Google (Ctrl+G):
Makes a quick google search using the file name.

Search in Runscanner database (Ctrl+R):
If the file name exists in this database, you'll get a detailed description of the file and the possible signers and paths.

Open File Location (Ctrl+L)
This option will open an Explorer window on the path where the service or driver's file is located and select it.

File Properties (Ctrl+P)
Clicking this menu item will open the serviceor driver's file properties dialog box, allowing you to get more information about it.

Refresh and exit:

To refresh the Services and drivers list, click the icon Refresh or Refresh (F5) on the context menu, or just press F5.

To return to the welcome screen, click Welcome screen 

Services:

Be very careful when deleting services, specially system services. Don't delete services which corresponding files are signed by Microsoft, unless its a service belonging to a software already uninstalled and the service has been left behind, or other similar cases.

Often, Trojans and other types of malware infect these services, that's why it's very important to verify their files signatures.

Below is a list of services which files must be digitally signed by Microsoft. If they're not, your system is probably infected. This list contains only the services that are usually always running.

AeLookupSvc
ALG
Appinfo
AudioEndpointBuilder
AudioSrv
BFE
BITS
Browser
CryptSvc
CscService
DcomLaunch
Dhcp
Dnscache
DPS
EapHost		 eventlog
EventSystem
fdPHost
FDResPub
FontCache
gpsvc
HomeGroupListener
HomeGroupProvider
IKEEXT
iphlpsvc
KeyIso
LanmanServer
LanmanWorkstation
lmhosts
MatSvc		 MMCSS
MpsSvc
Netman
netprofm
NlaSvc
nsi
p2pimsvc
p2psvc
PcaSvc
PlugPlay
PNRPsvc
PolicyAgent
Power
ProfSvc
RasMan		 RpcEptMapper
RpcSs
SamSs
Schedule
SeaPort
SENS
SharedAccess
ShellHWDetection
Spooler
sppsvc
sppuinotify
SQLWriter
SSDPSRV
SstpSvc
SysMain		 TapiSrv
Themes
TrkWks
upnphost
UxSms
WdiServiceHost
WinDefend
Winmgmt
Wlansvc
wlidsvc
WMPNetworkSvc
wscsvc
WSearch
wuauserv
wudfsvc

 

Copyright Carifred © 2010 - 2011, all rights reserved