| Name | Status | Filename | Description |
|---|
| 64Bit architecture emulation (wrmsrvice) | X | WRMSRVICE.SYS | Added by the TROJ_ROOTKIT.AG
TROJAN!
Read the link, rootkit type stealth involved.
|
| 79F5137E | X | DBB6ED81.EXE | W32/SlliyFD-G
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Allows others to access the computer |
| 80xFire daemon (80xFire) | X | 80xFire.exe | Added by the W32/Tilebot-BK
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| 9F9DF57C | X | (random name) | Troj/DwnLdr-GUT |
@%ProgramFiles%\Windows Media
Player\wmpnetwk.exe,-101 (WMPNetworkSvc) | L | wmpnetwk.exe | Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\ |
| @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) | L | snmptrap.exe | Related to MKS_Toolkit In Windows Vista. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%ehomeehstart.dll,-101 (ehstart) | L | svchost.exe | Windows Media Center Service Launcher in the Windows Vista edition |
| @%SystemRoot%system32Alg.exe,-112 (ALG) | L | alg.exe | Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall Note:Located in C:\%WINDIR%\System32 (Vista 64bit) |
| @%systemroot%system32Locator.exe,-2 (RpcLocator) | L | locator.exe | Part of Windows Vista. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%System32netlogon.dll,-102 (Netlogon) | L | lsass.exe | Related to NetLogOn Check the validity of the Passwords on a Vista 64 bit. Note: Located in \%WINDIR%\System32\ |
@%systemroot%system32psbase.dll,-300
(ProtectedStorage) | L | lsass.exe | Part of Windows Vista
Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%system32qwave.dll,-1 (QWAVE) | L | svchost.exe | Part of Windows Vista. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%system32samsrv.dll,-1 (SamSs) | L | lsass.exe | Part of Windows Vista. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%system32seclogon.dll,-7001 (seclogon) | L | svchost.exe | Part of Windows Vista |
@%Systemroot%system32wbemwmiapsrv.exe,-110
(wmiApSrv) | L | WmiApSrv.exe | Related to Vista 64 bit computer. |
| @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) | L | svchost.exe | Part of Windows Vista |
| @%systemroot%\system32\spoolsv.exe,-1 (Spooler) | L | spoolsv.exe | part of Windows Vista used for Fax and Printing. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%\system32\vds.exe,-100 (vds) | L | vds.exe | Part of Windows Vista Note:Located in C:\%WINDIR%\System32 |
| @%systemroot%\system32\vssvc.exe,-102 (VSS) | L | vssvc.exe | Part of Windows Vista Note:Located in C:\%WINDIR%\System32 |
| @comres.dll,-2797 (MSDTC) | L | msdtc.exe | Part of Windows Vista. Note:Located in C:\%WINDIR%\System32 (Vista/XP/WinNT/2K) |
| @dfsrres.dll,-101 (DFSR) | L | DFSR.exe | Part of Windows Vista 64Bit. Note:Located in C:\%WINDIR%\System32 |
| @keyiso.dll,-100 (KeyIso) | L | lsass.exe | Related to CNG_Key_Isolation_Service Found on Vista 64 bit. |
| a-squared Anti-Malware Service (a2AntiMalware) | L | a2service.exe | Related to Related to a-squared Virus protection Software. Note: Located in \%Program Files%\a-squared Anti-Malware\ |
| a-squared Free Service (a2free) | L | a2service.exe | Related to a-squared free edition, from Emsi Software GmbH |
| a6fyts35 | X | a6fyts35.sys | Troj/DwnLdr-GWX
Note:Located in C:\Windows\System\Drivers (Win9x/Me), C:\%WINDIR%\System32\Drivers (XP/WinNT/2K)
May install another service 55euf6 |
| aaksrv | L | aaksrv.exe | Spydex Advanced Anti keylogger |
| AAMQDispatcher | L | AAMQDispatcherService.exe | Compuware Serversoftware |
ABBYY FineReader 9.0 PE Licensing Service
(ABBYY.Licensing.FineReader.Professional.9.0) | L | NetworkLicenseServer.exe | Related to ABBYY_FineReader from ABBYY accurate conversion of images into text or searchable PDF for the purpose of categorizing, archiving, searching or integrating with third party content management systems. Note: Located in \%Program Files%\\Common Files\ABBYY\FineReader\9.00\Licensing\PE\ |
| ABCSpell Helper Service | L | ABCSpellService.exe | Spell checker (Ect, ect) for Outlook Express. For more information Click_Here
|
| Abel | X | Abel.exe | Source: http://www.pestpatrol.com/PestInfo/C/Cain.asp |
| abhcop | X | abhcop.sys | Added by the PigSearch
Adware.
Read the link, rootkit type stealth involved. |
| AC | X | acoustic.exe | Added by the SDBOT.CRN
WORM!
Read the link, rootkit type stealth involved.
|
| Ac Profile Manager Service (AcPrfMgrSvc) | L | AcPrfMgrSvc.exe | Related to the Ac_Profile_Manager_Service installed as a part of ThinkPad Access Connections suite on ThinkPad laptops. Note: Located in C:\Program Files\ThinkPad\ConnectUtilities\ |
| AC-DNAME (AC-DNAME) | X | acoustic.exe | Added by the SDBOT.CFN
WORM!
Read the link, rootkit type stealth involved.
|
| Accenture Media Viewer (MediaViewer) | L | streamviewerservice.exe | Related to Accenture_Media_Viewer |
| Access Connections Main Service (AcSvc) | L | AcSvc.exe | Related to Lenovo ThinkVantage Access Connections Main Service Module. Note: Located in \%Program Files%\ThinkPad\ConnectUtilities\ |
| Access Utility Service | L | SMBAUtilSvc.exe | Related to Sprint_Mobile_Broadband |
| ACE SMS Cast (ZMcastService) | L | TestMcaseService.exe | ACE SMS Cast by Tanla_Solutions |
| Acer HomeMedia Connect Service | L | CLMSServer.exe | Related to Acer products |
| Acer Media Server | L | MediaServerService.exe | Related to Acer_Media_Server Empowering Technology. Note: Located in \%Program Files%\Acer\Acer eConsole\ |
| ACMService (ACMService) | L | | Added by the ACM SPYWARE! **Note this is a commercial computer monitoring software |
| ACNUSvc | L | acnupdatersvc.exe | Related to Accenture global management consulting, technology services and outsourcing company Note: Located in c:\program files\acnu\ |
| acpidisk | X | acpidisk.sys | Troj/Agent-FXI
Note: Located in %System%\drivers
|
Acronis Backup Server Service
(AcronisBackupServerService) | L | backupserver.exe | Related to Acronis_Backup Backup server from Acronis. Note: Located in \%Program Files%\Acronis\BackupServer\ |
| Acronis Group Server (GroupServer) | L | GroupServer.exe | Related to Acronis_Backup Group server from Acronis. Note: Located in \%Program Files%\Acronis\GroupServer\ |
Acronis OS Selector Reinstall Service
(AcronisOSSReinstallSvc) | L | oss_reinstall_svc.exe | Related to Acronis_Disk_Director suite. A disk management functions, partition recovery tool, and boot disk manager. Note: Located in \%Program Files%\Acronis\Acronis Disk Director\ |
| Acronis Scheduler2 Service (AcrSch2Svc) | L | schedul2.exe | Related to Acronis_True_Image creates the exact copy of your hard disk and allows you to instantly restore the entire machine including operating system. Note: Located in C:\Program Files\Common Files\Acronis\Schedule2\ |
| Acronis Scheduler_Helper | X | schedhlp.exe | Added by a variant of the Backdoor.Sdbot Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Acronis Try And Decide Service (TryAndDecideService) | L | TrueImageTryStartService.exe | Related to True_Image Powerful Backup utility. Note: Located in \%Program Files%\Common Files\Acronis\Fomatik\ |
| acrotray (Acrotray) | O | srvany.exe | Microsoft Windows application which allows an executable to be run as a service. If you have installed this service, fine, otherwise investigage. Can be used to load Malware. |
