Find all Service that are not running under \System32 or the \Windows directory. For you environment you might need to add a few more exclusion for service such as AV, Exchange, MOM, etc. However be careful not to exclude too much as you may miss a Trojan or Virus hiding as a service within one of those directories.


SELECT          v_GS_COMPUTER_SYSTEM.Name0 AS ‘PC Name’,

            v_GS_COMPUTER_SYSTEM.UserName0 AS ‘User ID’,

            v_GS_SERVICE.DisplayName0 AS ‘Service Name’,

            v_GS_SERVICE.StartMode0 AS ‘Start Up’,

            v_GS_SERVICE.StartName0 AS ‘Account’,

            v_GS_SERVICE.State0 AS ‘State’,

            v_GS_SERVICE.PathName0 as ‘Command line’


            v_GS_SERVICE v_GS_SERVICE

WHERE           v_GS_SERVICE.ResourceID = v_GS_COMPUTER_SYSTEM.ResourceID

            AND ((v_GS_SERVICE.PathName0 Not Like ‘%\System32%’) and (v_GS_SERVICE.PathName0 Not Like ‘%\Windows%’))