| Name | Status | Filename | Description |
|---|
| 64Bit architecture emulation (wrmsrvice) | X | WRMSRVICE.SYS | Added by the TROJ_ROOTKIT.AG
TROJAN!
Read the link, rootkit type stealth involved.
|
| 79F5137E | X | DBB6ED81.EXE | W32/SlliyFD-G
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Allows others to access the computer |
| 80xFire daemon (80xFire) | X | 80xFire.exe | Added by the W32/Tilebot-BK
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| 9F9DF57C | X | (random name) | Troj/DwnLdr-GUT |
@%ProgramFiles%\Windows Media
Player\wmpnetwk.exe,-101 (WMPNetworkSvc) | L | wmpnetwk.exe | Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\ |
| @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) | L | snmptrap.exe | Related to MKS_Toolkit In Windows Vista. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%ehomeehstart.dll,-101 (ehstart) | L | svchost.exe | Windows Media Center Service Launcher in the Windows Vista edition |
| @%SystemRoot%system32Alg.exe,-112 (ALG) | L | alg.exe | Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall Note:Located in C:\%WINDIR%\System32 (Vista 64bit) |
| @%systemroot%system32Locator.exe,-2 (RpcLocator) | L | locator.exe | Part of Windows Vista. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%System32netlogon.dll,-102 (Netlogon) | L | lsass.exe | Related to NetLogOn Check the validity of the Passwords on a Vista 64 bit. Note: Located in \%WINDIR%\System32\ |
@%systemroot%system32psbase.dll,-300
(ProtectedStorage) | L | lsass.exe | Part of Windows Vista
Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%system32qwave.dll,-1 (QWAVE) | L | svchost.exe | Part of Windows Vista. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%system32samsrv.dll,-1 (SamSs) | L | lsass.exe | Part of Windows Vista. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%system32seclogon.dll,-7001 (seclogon) | L | svchost.exe | Part of Windows Vista |
@%Systemroot%system32wbemwmiapsrv.exe,-110
(wmiApSrv) | L | WmiApSrv.exe | Related to Vista 64 bit computer. |
| @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) | L | svchost.exe | Part of Windows Vista |
| @%systemroot%\system32\spoolsv.exe,-1 (Spooler) | L | spoolsv.exe | part of Windows Vista used for Fax and Printing. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%\system32\vds.exe,-100 (vds) | L | vds.exe | Part of Windows Vista Note:Located in C:\%WINDIR%\System32 |
| @%systemroot%\system32\vssvc.exe,-102 (VSS) | L | vssvc.exe | Part of Windows Vista Note:Located in C:\%WINDIR%\System32 |
| @comres.dll,-2797 (MSDTC) | L | msdtc.exe | Part of Windows Vista. Note:Located in C:\%WINDIR%\System32 (Vista/XP/WinNT/2K) |
| @dfsrres.dll,-101 (DFSR) | L | DFSR.exe | Part of Windows Vista 64Bit. Note:Located in C:\%WINDIR%\System32 |
| @keyiso.dll,-100 (KeyIso) | L | lsass.exe | Related to CNG_Key_Isolation_Service Found on Vista 64 bit. |
| a-squared Anti-Malware Service (a2AntiMalware) | L | a2service.exe | Related to Related to a-squared Virus protection Software. Note: Located in \%Program Files%\a-squared Anti-Malware\ |
| a-squared Free Service (a2free) | L | a2service.exe | Related to a-squared free edition, from Emsi Software GmbH |
| a6fyts35 | X | a6fyts35.sys | Troj/DwnLdr-GWX
Note:Located in C:\Windows\System\Drivers (Win9x/Me), C:\%WINDIR%\System32\Drivers (XP/WinNT/2K)
May install another service 55euf6 |
| aaksrv | L | aaksrv.exe | Spydex Advanced Anti keylogger |
| AAMQDispatcher | L | AAMQDispatcherService.exe | Compuware Serversoftware |
ABBYY FineReader 9.0 PE Licensing Service
(ABBYY.Licensing.FineReader.Professional.9.0) | L | NetworkLicenseServer.exe | Related to ABBYY_FineReader from ABBYY accurate conversion of images into text or searchable PDF for the purpose of categorizing, archiving, searching or integrating with third party content management systems. Note: Located in \%Program Files%\\Common Files\ABBYY\FineReader\9.00\Licensing\PE\ |
| ABCSpell Helper Service | L | ABCSpellService.exe | Spell checker (Ect, ect) for Outlook Express. For more information Click_Here
|
| Abel | X | Abel.exe | Source: http://www.pestpatrol.com/PestInfo/C/Cain.asp |
| abhcop | X | abhcop.sys | Added by the PigSearch
Adware.
Read the link, rootkit type stealth involved. |
| AC | X | acoustic.exe | Added by the SDBOT.CRN
WORM!
Read the link, rootkit type stealth involved.
|
| Ac Profile Manager Service (AcPrfMgrSvc) | L | AcPrfMgrSvc.exe | Related to the Ac_Profile_Manager_Service installed as a part of ThinkPad Access Connections suite on ThinkPad laptops. Note: Located in C:\Program Files\ThinkPad\ConnectUtilities\ |
| AC-DNAME (AC-DNAME) | X | acoustic.exe | Added by the SDBOT.CFN
WORM!
Read the link, rootkit type stealth involved.
|
| Accenture Media Viewer (MediaViewer) | L | streamviewerservice.exe | Related to Accenture_Media_Viewer |
| Access Connections Main Service (AcSvc) | L | AcSvc.exe | Related to Lenovo ThinkVantage Access Connections Main Service Module. Note: Located in \%Program Files%\ThinkPad\ConnectUtilities\ |
| Access Utility Service | L | SMBAUtilSvc.exe | Related to Sprint_Mobile_Broadband |
| Acer Media Server | L | MediaServerService.exe | Related to Acer_Media_Server Empowering Technology. Note: Located in \%Program Files%\Acer\Acer eConsole\ |
| ACMService (ACMService) | L | | Added by the ACM SPYWARE! **Note this is a commercial computer monitoring software |
| ACNUSvc | L | acnupdatersvc.exe | Related to Accenture global management consulting, technology services and outsourcing company Note: Located in c:\program files\acnu\ |
| acpidisk | X | acpidisk.sys | Troj/Agent-FXI
Note: Located in %System%\drivers
|
Acronis Backup Server Service
(AcronisBackupServerService) | L | backupserver.exe | Related to Acronis_Backup Backup server from Acronis. Note: Located in \%Program Files%\Acronis\BackupServer\ |
| Acronis Group Server (GroupServer) | L | GroupServer.exe | Related to Acronis_Backup Group server from Acronis. Note: Located in \%Program Files%\Acronis\GroupServer\ |
Acronis OS Selector Reinstall Service
(AcronisOSSReinstallSvc) | L | oss_reinstall_svc.exe | Related to Acronis_Disk_Director suite. A disk management functions, partition recovery tool, and boot disk manager. Note: Located in \%Program Files%\Acronis\Acronis Disk Director\ |
| Acronis Scheduler2 Service (AcrSch2Svc) | L | schedul2.exe | Related to Acronis_True_Image creates the exact copy of your hard disk and allows you to instantly restore the entire machine including operating system. Note: Located in C:\Program Files\Common Files\Acronis\Schedule2\ |
| Acronis Scheduler_Helper | X | schedhlp.exe | Added by a variant of the Backdoor.Sdbot Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Acronis Try And Decide Service (TryAndDecideService) | L | TrueImageTryStartService.exe | Related to True_Image Powerful Backup utility. Note: Located in \%Program Files%\Common Files\Acronis\Fomatik\ |
| acrotray (Acrotray) | O | srvany.exe | Microsoft Windows application which allows an executable to be run as a service. If you have installed this service, fine, otherwise investigage. Can be used to load Malware. |
| ActionAgent | L | ActionAgent.exe | Related to ActionAgent, from Dell Computer. "A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation package; provides a simple method for a remote administrator to perform actions on the instrumented client". Note: Located in \%Program Files%\Dell\OpenManage\Client\ |
| ActivCard Authentication Service (ACachSrv) | L | acachsrv.exe | Related to ActivCard Gold Component of ActivCard Gold from ActivIdentity, Inc. Smart cards that function as photo ID, proximity badges for facility access and as digital identification and authentication devices. Note: Located in \%Program Files%\Common Files\ActivCard\ |
