| Name | Status | Filename | Description |
@%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) | L | wmpnetwk.exe | Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\ |
| @%SystemRoot%system32qwave.dll,-1 (QWAVE) | L | svchost.exe | Part of Windows Vista |
Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE) | L | Belpic PCSC Service.exe | Belgium Identity Card Middleware from Zetes/CSC |
| Dell Printer Status Database (DLSDB) | ? | DLSDBNT.EXE | Related to Dell_Printers Note: Located in C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\ |
| license | L | lic_srv.exe | Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin |
| LXCCCustomerConnect | L | LXCCserv.exe | Related to Lexmark printers Note: Located in %windir%\System32\spool\DRIVERS\W32X86\3\\LXCCserv.exe |
| Network Windows Service (MSWindows) | X | urdvxc.exe | Added by the W32/Allaple-B WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| pcAnywhere Install Service - Symantec Corporation | L | pca_run.exe | Part of Symantec PCAnywhere |
| Remote Debug Services | X | smsc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Security Platform Management Service (IFXSpMgtSrv) | L | IFXSPMGT.exe | Related to Security_Platform_Management Service from Infineon Technologies. Note: Located in C:\WINDOWS\system32\ |
| Shell Software Detection (ShellSWDetection) | X | shellsw.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| SolidWorks Licensing Service | L | SolidWorksLicensing.exe | Part of a SolidWorks product |
| Windows Zero Connection (WinZConn) | ? | mswnt.exe | Probable backdoor trojan |
| Wireless Adapter Configurator | L | WirelessDaemon.exe | Related to BT's home hub products |
| $sys$aries | X | aries.sys | Added by the SonyBMG_First4DRM ROOTKIT! Read the link, rootkit type stealth involved. Thanks Sony. |
| %NVSVC.name% | L | nvsvc32.exe | NVidia driver |
| (Any service name) | O | srvany.exe | This utility allows running Windows NT\2000\XP applications as services. Can also be used to load Malware. See Explanation ... Example of how to find the file being loaded with Service name iOpusService |
| (non-roman characters) | X | sServer.exe | Added by the Troj/Feutel-AB TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| (random file name without extension) | X | (random file name).sys | Added by the TROJ_ROOTKIT.AI TROJAN! Read the link, rootkit type stealth involved. |
| (random name) | X | window.exe | Troj/Hupigon-BS Note: Located in %windir% Read the link, steals information and allows remote access |
| (Random) *See description* | X | irjit.dll | Added by the Backdoor.CVM TROJAN! Note: This trojan file is found in the System or System32 folder. *Check the link for the list of random service names.* |
| (special characters) (myserver) | X | myserver.exe | Added by the Troj/Dropper-BR TROJAN! |
| *Microsoft Update | X | wstcl.exe | No from Microsoft. |
| *Microsoft Update | X | wuytc.exe | unknown virus |
| *windows update | X | wsctl.exe | malware virus. possibly "Win32.Rbot.gen" |
| *windows update | X | wuaucrlt.exe | Added by the W32.Spybot.HUR WORM! |
| *wuauclt.exe | X | random | Related to WORM_RBOT.AKU or variant. |
| .NET Framework Service | X | svchost.exe | "Trojan-PSW.Win32.Sagic.15" Virus |
| .NET Framework Service (.NET Connection Service) | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ Note The proper location for that operating file is in C:\%WINDIR%\System32 |
.NET Runtime Optimization Service v2.0.50215_X86 (clr_optimization_v2.0.50215_32) | L | mscorsvw.exe | Related to Microsoft_NET_Framework NET Runtime Optimization Service. |
| 1784-PCIDS DeviceNet | ? | PcidsService.exe | Appears to be from Rockwell software |
| 1789-SIM Simulator Module (SimModuleService) | ? | SimModuleService.exe | Appears to be from Rockwell software |
| 19E7E238 | X | 19E7E238.EXE | Troj/Agent-ELX |
| 32-bit Installation Host (inst32) | X | inst32.exe | Added by the W32/Chinegan-A WORM! Note: This worm is located in C:\Program Files\Common Files\inst32\ |
| 32-bit Registration Host (reghost32) | X | reghost32.exe | Added by the W32/Rbot-GKR WORM! Note: This worm is located in C:\Program Files\Common Files\System\ |
| 39672EA4 | X | 39672EA4.EXE | Troj/GrayBir-EW |
| 3Com DMI Agent | L | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards |
| 3ComBOOTP | L | 3CBOOTPS.EXE | A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services |
| 3ComPXE | L | 3CPXES.EXE | A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services |
| 3ComTFTP | L | 3CTFTPS.EXE | A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services |
| 3dkeybd | O | 3dkeybd.exe | Unknown... No answers on the net. |
| 64Bit architecture emulation (wrmsrvice) | X | WRMSRVICE.SYS | Added by the TROJ_ROOTKIT.AG TROJAN! Read the link, rootkit type stealth involved. |
| 80xFire daemon (80xFire) | X | 80xFire.exe | Added by the W32/Tilebot-BK WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| 9F9DF57C | X | (random name) | Troj/DwnLdr-GUT |
| @%SystemRoot%ehomeehstart.dll,-101 (ehstart) | L | svchost.exe | Windows Media Center Service Launcher in the Windows Vista edition |
| @%SystemRoot%system32seclogon.dll,-7001 (seclogon) | L | svchost.exe | Part of Windows Vista |
| a-squared Free Service (a2free) | L | a2service.exe | Related to a-squared free edition, from Emsi Software GmbH |
| aaksrv | L | aaksrv.exe | Spydex Advanced Anti keylogger |
| AAMQDispatcher | L | AAMQDispatcherService.exe | Compuware Serversoftware |
| ABCSpell Helper Service | L | ABCSpellService.exe | Spell checker (Ect, ect) for Outlook Express. For more information Click_Here |
| Abel | X | Abel.exe | Source: http://www.pestpatrol.com/PestInfo/C/Cain.asp |
| abhcop | X | abhcop.sys | Added by the PigSearch Adware. Read the link, rootkit type stealth involved. |
| AC | X | acoustic.exe | Added by the SDBOT.CRN WORM! Read the link, rootkit type stealth involved. |
| Ac Profile Manager Service (AcPrfMgrSvc) | L | AcPrfMgrSvc.exe | Related to the Ac_Profile_Manager_Service installed as a part of ThinkPad Access Connections suite on ThinkPad laptops. Note: Located in C:\Program Files\ThinkPad\ConnectUtilities\ |
| AC-DNAME (AC-DNAME) | X | acoustic.exe | Added by the SDBOT.CFN WORM! Read the link, rootkit type stealth involved. |
| Accenture Media Viewer (MediaViewer) | L | streamviewerservice.exe | Related to Accenture_Media_Viewer |
| Access Remote PC Service 4.3 | O | rpcsetup.exe | Access_Remote_PC remote access software. Legitimate, but remote access could be considered dangerous unless monitored carefully. |
| ACMService (ACMService) | L | | Added by the ACM SPYWARE! **Note this is a commercial computer monitoring software |
| ACNUSvc | L | acnupdatersvc.exe | Related to Accenture global management consulting, technology services and outsourcing company Note: Located in c:\program files\acnu\ |
| Acronis Scheduler2 Service (AcrSch2Svc) | L | schedul2.exe | Related to Acronis_True_Image creates the exact copy of your hard disk and allows you to instantly restore the entire machine including operating system. Note: Located in C:\Program Files\Common Files\Acronis\Schedule2\ |
| Active Virus Shield (AVP) | L | avp.exe | Related to Active_Virus_Shield from AOL. Note: Located in C:\Program Files\AOL\Active Virus Shield\ |
| ActiveXperts Network Monitor (AxsNmSvc) | L | AxsNmSvc.exe | Added by ActiveXperts_Network_Monitor allows administrators to monitor the network for failures and irregularities. Note: Located in C:\Program Files\ActiveXperts\ |
Actuate Process Management Daemon 8 (__AC_PROCESS_MGMT_DAEMON8) | L | pmd8.exe | Actuate_Enterprise Reporting Applications for business intelligence analytic services |
| Ad-Aware 2007 Service (aawservice) | L | aawservice.exe | Related to Ad-Aware_2007 anti-spyware solution. This program can find and remove spyware and malware from your computer. Note: Located in C:\Program Files\Lavasoft\ |
| Ad-Axis Client | L | aaclient.exe | Related to Lavasof's Ad-Aware SE Enterprise Edition 2005 |
| Adaptador de rendimiento de WMI | L | wmiapsrv.exe | Windows Management Instrumentation Performance Adapter Service Windows XP and 2003. Note: Located in C:\WINDOWS\System32\wbem\wmiapsrv.exe |
| Adaptec I/O Manager Server | L | iomgr.exe | Related to Adaptec product |
| Adaptec RAID Remote Services Agent | L | afaagent.exe | Related to Adaptec, Inc. |
| Adaptec Storage Manager Notifier | L | notify.exe | Related to Adaptec procuct |
| Adaptec Web Server | L | arcpd.exe | Related to Adaptec procuct. |
| AdaptecStorageManagerAgent | L | StorServ.exe | Related to Adaptec Incorporated |
| Adapter Switching | L | RoamSvc.exe | Intel Adapter Switching |
| AddFiltr | L | AddFiltr.exe | Found on HP computers |
| ADF Installer Service (ADF Installer) | L | AgentSVC.exe | Related to Citrix Installation Manager Service |
| Admin Works Agent X8 (AWService) | L | awServ.exe | Related to AdminWorks from Avocent Corporation. A cost effective IT management software tool for small and medium size businesses. Note: Located in C:\Program Files\Intel\IDU\ |
| AdministraciĂłe aplicaciones | L | services.exe | Spanish Windows 2000 applications managing |
| Administrador de cuentas de seguridad | L | lsass.exe | Spanish Windows 2000 security accounts manager |
| Administrador de discos | L | services.exe | Spanish Windows 2000 disks manager |
| Administrador de sesiĂłe Ayuda de escritorio remoto | L | sessmgr.exe | This service manages and controls Remote Assistance |
| Administrador de utilidades | L | UtilMan.exe | Spanish Windows 2000 utility manager |
| Adobe Active File Monitor | L | PhotoshopElementsFileAgent.exe | Related to Adobe photoshop. |
| Adobe LM Service | L | Adobelmsvc.exe | Required for PhotoshopCS |
| Adobe Update Manager (Adobe3M) | X | mshss.exe | Added by the Troj/Wollf-B TROJAN! Note: This worm\trojan file is found in the System32 folder. |
| Adobe Version Cue CS2 | L | VersionCueCS2.exe | Related to Adobe Products |
| AdobeVersionCue | L | VersionCue.exe | Adobe related |
| ADSService | L | ADSSER~1.EXE | Related to Aluria_Active_Defense_Shield Service. An EarthLink Co. Note: Located in C:\Program Files\EarthLink\Protection Control Center\ |
| Advanced Networking Service (hnmsvc) | L | hnm_svc.exe | Related to Advanced_Networking_Service from Dell. Note: Located in %\Program Files%\Dell Network Assistant\ |
| Advantage Database Server | L | ADS.EXE | Related to Extended Systems' Advantage_Database_Server |
| AEClientHostService | L | AEClientHostService.exe | Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\Program Files\GE Fanuc\Alarm Viewer\Host\ |
| Age of Empires III: The WarChiefs | X | ageofempires.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K) |
| Agente de directivas IPSEC | L | lsass.exe | Spanish Windows 2000 IPSEC policy agent |
| Agere Modem Call Progress Audio (AgereModemAudio) | L | agrsmsvc.exe | Related to Agere_Modem Call Progress Audio. (Now owned by LSI Corp.) Note: Located in C:\Windows\system32\ |
| Agere Service (AgrSrvce) | L | AgrSrvce.exe | Related to Proxim_Corp Client manager software associated with the ORiNOCO wireless LAN card. |
| AIM (AIM) | X | aim.exe | Added by the W32/Rbot-AGC or W32/Sdbot-BFX WORM! Read the link, rootkit type stealth involved. |
| Aim Version 6 (Aimv6) | X | aim6.exe | Identified as the Rbot.cgu infection. This infection is part of the family of worms and IRC backdoors. Note: This worm is located in C:\WINDOWS\Cursors\ |
| aim.ex | X | IEXPLORER.EXE | Added by the SDBOT.COW WORM! Read the link, rootkit type stealth involved. |
| Alerter | L | svchost.exe | Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. |
| AlfaCleanerService | X | ACServer.exe | AlfaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware. This program tends to be installed with other known Smitfraud infections. |
| ALGE | X | Hacker.com.cn.exe | Troj/GrayBr-CP Read the link, allows remote access |
| Almacenamiento protegido | L | services.exe | Spanish Windows 2000 protected storage |
| Altera JTAG Server (JTAGServer) | L | JTAGServer.exe | Related to Altera Quartus II Software. Note: Located in C:\altera\quartus50\bin\ |
| Alternative User Input Services (Ctfmon) | X | ctfmon.exe | Added by the W32/Tilebot-JR WORM! Note: This worm is located in C:\%WINDIR%\ Note This is not the cftmon.exe normally found in C:\WINDOWS\System32\ |
| Altiris Agent (AeXNSClient) | L | AeXNSAgent.exe | Related to Alteris services. http://www.altiris.com |
| Altiris Carbon Copy (CarbonCopy32) | L | ccsrvc.exe | Related to Alteris services. http://www.altiris.com |
| Altiris Client Service | L | ACLIENT.exe | Related to Altiris, Inc. |
| Altiris eXpress NS Client (AeXNSClient) | L | AeXNSClient.exe | Related to Altiris_eXpress NS Database and SVS (Software Virtualization Services). |
Altiris eXpress NS Client Transport (AeXNSClientTransport) | L | AeXNSClientTransport.exe | Related to Altiris_eXpress NS Database and SVS (Software Virtualization Services). |
| Aluria Message Service (MsgSrvService) | L | AluriaMsgSrv.exe | Aluria security center |
Aluria Security Center Spyware Eliminator Service (ASCService) | X | ascserv.exe | Aluria Spyware Eliminator "Spyware remover" a rogue program of dubious repute - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "Alura" |
| Aluria Spyware Eliminator Service | O | ASEServ.exe | Aluria Spyware Eliminator |
| AL_ADSService | X | AL_ADSService.exe | Aluria Spyware Eliminator "Spyware remover" a rogue program of dubious repute - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "Alura" |
| Amadeus Automatic Update | L | AutoUpdate.exe | Related to Amadeus powerful front office travel management tool. Note: Located in C:\Program Files\Automatic Update\ |
| AMD PowerNow! . Technology Service (GemServ) | L | GemServ.exe | Related to Advanced Micro Devices, Inc. - http://www.amd.com/ |
| Ampi32 (wdfmgr) | X | msvcrt.exe | Added by the W32/Tilebot-Q WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Analysis Server (MSSQLSERVER) (MSSQLServerOLAPService) | L | msmdsrv.exe | Related to Microsoft_SQL_server suite. |
| ANIWZCSd Service | L | ANIWZCSdS.exe | Related to Alpha_Networks |
| AntiSpyUltra (Zonelaps) | X | vsmom.exe | Added by the W32/Tilebot-E WORM! Read the link, rootkit type stealth involved. |
| AntiVir PersonalEdition Classic Guard (AntiVirService) | L | avguard.exe | Part of Antivir |
| AntiVir Scheduler (AntiVirScheduler) | L | sched.exe | Related to AntiVir antivirus program. |
| AntiVir Service | L | AVGUARD.EXE | AntiVir antivirus |
| AntiVir Update | L | AVWUPSRV.EXE | AntiVir Antivirus |
| antivirus32 | X | antivirus32.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| antivirusdll | X | winmsgslive.exe | Added by the W32/Sdbot-CXQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Modifies some FTP files, read the link |
| ANTS Profiler service | L | RedGate.Profiler.Service.exe | Related to Red Gate Software Ltd |
| AnyPoint Service - Intel Corporation | L | APSERVER.EXE | Belongs to Intel_Anypoint home networking system |
| AOL Antivirus Update Service (aolavupd) | L | aolavupd.exe | Related to AOL Antivirus Update Service. |
| AOL Connectivity Service | L | AOLAcsd.exe | Owner: America Online. Description: AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Also shown as AOL Connectivity Service (AOL ACS). |
| AOL Connectivity Service | L | acsd.exe | AOL related |
| aol software (Aol Software) | X | smss.exe | Added by the W32/Tilebot-FM WORM! Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link. |
| AOL Spyware Protection Service | L | aolserv.exe | Related to AOL |
| AOL TopSpeed Monitor | L | aoltsmon.exe | AOL Topspeed |
| Apache | L | Apache.exe | Apache Web Server Software |
| Apache2 | L | Apache.exe | Apache Web Server |
| APACS+ NIM32 (NIM32) | L | Nim32.exe | Related to Siemens Energy & Automation Platform. Note: located in C:\Program Files\ProcessSuite\NIM\ |
| APC PBE Server | L | pbeserver.exe | APC PowerChute Business Edition Server (For UPS) |
| APC UPS Service | L | mainserv.exe | Related to American Power Conversion Corporation |
| AppExpress Client | L | ece.exe | Related to Endeavros Technology, Inc and Microsoft_Encarta |
| Application Layer Gateway (Application Gateway Service) | X | WeRecl.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. More here |
| Application Layer Gateway Manager (AppLayerGatewayMgr) | X | alg.exe | Added by W32/Tilebot-EU WORM!, Note: not to be confused with see_Here located in C:\Windows\System32\ this infection is locate in C:\Windows\ |
| Application Layer Gateway Service (ALG) | L | alg.exe | Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall located in C:\Windows\System32\ |
| Application Layer Gateway Services | X | alg.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Application Layer Gateway System (ALGS) | X | algsys.exe | Added by the W32/Rbot-DDF WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Application Layer Service | X | weRecv.exe | Added by the SystemPoser TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Application Layer Service (algserv) | X | algserv.exe | Troj/Agent-ECW Note: Located in %windir%\system32 |
| Application Layer Service Control (applilserv) | X | applayer.ex | W32/Rbot-GHL Note: Located in %windir%\system32 Read the link, allows remote access |
| Application State Service (AppSvc) | X | apsvc.exe | Added by the W32/Rbot-FWW WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| AppMgmt | X | svchost.exe -k AppMgmt | Added by the Fuwudoor TROJAN! |
| AppnNode | L | appnnode.exe | Related to IBM_Server Note: Located in C:\WINDOWS\system32\Drivers\ |
| ARC Plugin (ARCPLUG) | X | arci.exe | Added by the W32/Tilebot-HB WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Steal information from Protected Storage |
| ArcaBit NetMonitor (ABNetMon) | L | NetMonSV.exe | ArcaVir an AntiVirus software from Poland. A procuct of ArcaBit Sp. z o.o |
| ArchestrA Logger (aaLogger) | L | aaLogger.exe | Related to ArchestrA Software architecture for the integration of your automation systems. |
| Ares Chatroom server (AresChatServer) | L | chatServer.exe | Related to the Ares P2P software |
| Argos Billing Dialog | L | WorkstationMonitor.exe | Related to Argos_Billing_Dialog from Sepialine inc. Print Monitor. Note: Located in c:\Program Files\Sepialine\Argos Print Monitor\ |
| ArGoSoft Mail Server Plus | L | mailservernt.exe | Related to ArGo Software Design Mail Server |
Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) | L | arr_srvs3,0,1,9.exe | Related to SSL_VPN SSL VPN Secure Access Gateways from Array Networks. Anytime, anywhere secure access. Note: Located in C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\ |
Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) | L | arr_isrv4,0,1,3.exe | Related to SSL_VPN SSL VPN Secure Access Gateways from Array Networks. Anytime, anywhere secure access. Note: Located in C:\Program Files\Array Networks\Common\4,0,1,3\ |
| Ascent Capture Service | L | acsvc.exe | Related to Kofax Image Products. |
| ASF Agent | L | ASFAgent.exe | Intel Alert Standard Format Console - asfagent.exe is a part of a systems management suite bundled with other applications, mainly Dell's OpenManage. |
| AshampooDefragService | L | aDefragService.exe | Related to Ashampoo Magic Defrag Utility |
| ASMAgent | L | ASMAgent.exe | Related to ASAP_eSMART Smart Asset Management tool. |
| ASNFTP daemon (ASNFTPD) | X | AsnFtpd.exe | Added by the W32/Tilebot-BD WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| ASP.NET (State Service) | | ASP.NET.exe | Troj/GrayBir-EC Note: Located in %windir% Read the link allows remote access |
| ASP.NET State Service (aspnet_state) | L | aspnet_state.exe | Related to Microsoft Windows Operating System and is the ASP State Service. |
| Asset Insight Client (AICLIENT) | L | Aiclient.EXE | Asset Insight from Tangram - http://castlecops.com/s1883-AICLIENT_EXE.html |
| Asset Management Agent | L | UMCSTUB.EXE | Related to Unicenter Asset Management by Computer_Associates |
| Asset Management Daemon | L | dtsslsrv.exe | Display configuration software used by several manufacturers under differing names such as Image Tune or EZTune etc... Note: located in C:\Program Files\... |
| Asus Motherboard Utility (Asus) | X | asus.exe | Added by the WORM_SPYBOT.IY WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| ASUSKeyboardService | L | asuskbservice.exe | Added by ASUS_Keyboard Service and provides additional configuration options for these devices. Note: located in C:\%WINDIR%\ |
| ASWLSVC | L | ASWLSVC.exe | Relate to the ASUS_Wireless_LAN_Card_Services |
| Asynchronous Load Balance (ySvcHst) | X | srvnst.exe | Added by ServiceThreadHandler.Process TROJAN! Note: located in C:\WINDOWS\System32\ |
| Asynchronous UPnP Support Services | X | UPnPSvc.dll | Troj/PWS-ANB Read the link, steals information |
| AT Host Service | L | atnthost.exe | Related to WebEx |
| Atheros Configuration Service | L | acs.exe | related to Atheros Wireless LAN |
| Ati HotKey Poller | L | Ati2evxx.exe | ATI Video Card Control Panel |
| ATI Smart | L | ati2sgag.exe | ATI Video Card Control Panel |
| ATIintergrated (ATIintergrated) | X | atigraphics.exe | Added by the SDBOT.CRX WORM! Read the link, rootkit type stealth involved. |
| ATK Keyboard Service (ATKKeyboardService) | L | ATKKBService.exe | Related to ASUSTeK_Computer Inc. ASUS Keyboards and provides additional configuration options for these devices. |
| Audio Adapter (VGADown) | X | avp.exe | Added by an unidentified TROJAN!. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Auto HotKey Poller | X | winpol.exe | Added by a variant of the W32/Malware Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| AutoComplete Service | L | autocomp.exe | Tracks Eraser Pro |
| Autodata Limited License Service | L | ADCDLicSvc.exe | Related to Autodata Limited |
| Autodesk Data Management Job Dispatch | L | Connectivity.WindowsService.JobDispatch.exe | Related to Autodesk_Data_Management Web Server. Note: Located in C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\ |
| Autodesk EDM Server | L | Connectivity.EDMWS.Server.exe | Related to Autodesk_Data_Management Web Server. Note: Located in C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\ |
| Autodesk Licensing Service | L | AdskScSrv.exe | Related to Autodesk, Inc. |
| Autodesk MapGuide® Server 6.3 (MapServer6.3) | L | MapServer.exe | Related to Autodesk Inc. |
| Autodesk Network Licensing Service | L | AdskNetSrv.exe | Related to Autodesk_Network Licensing service. Note: Located in C:\Program Files\Common Files\Autodesk Shared\Service\ |
| AutoMate 5 (AutoMate5) | L | AutoMate5Svc.exe | Related to Automate from Network Automation, Inc. A Task Service. Note: Located in C:\Program Files\automate\ |
| AutoMate 6 (AutoMate6) | L | AMTS.exe | Related to AutoMate from Network Automation. Tools necessary to completely automate business processes. Note: Located in C:\Program Files\AutoMate 6\ |
| Automatic LiveUpdate Scheduler | L | ALUSchedulerSvc.exe | Related to to the Symantec LiveUpdate service which updates your Symantec products periodically. |
| Automatic Update Service (Automatic Update) | X | wuapi.exe | Added by the W32/Codbot-AC WORM! Note: This worm\trojan file is found in the System32 folder. |
| AutoStore (autostore) | L | batch.exe | Related to NSi's AutoStore from Notable Solutions, Inc. Capture documents and securely saving the content in your business applications. |
| AutoUpdate (Windows Server AutoUpdate) | X | Winupdate.exe | Troj/GrayBrd-CF Note: Located in %windir%\system32 Read the link, allows remote access and logs keystrokes |
| Av Update Monitor (AvSvcMonitor) | L | AvMonitor.exe | Avast |
| avast! Antivirus | L | ashServ.exe | Related to Avast AntiVirus |
| avast! iAVS4 Control Service | L | aswUpdSv.exe | Related to Avast AntiVirus |
| avast! Mail Scanner | L | ashMaiSv.exe | Related to Avast AntiVirus |
| avast! Web Scanner | L | ashWebSv.exe | Related to AWIL Software http://www.avast.com/ |
| Avast32 Start as Service | ? | avserver.exe | seems to belong to Avast anti-virus software |
| AVCore (SrvMain) | X | avservice.exe | As of yet Unknown Worm, Trojan or Malware. The file (avservice.exe) is found in the Documents and Settings\All Users\Application Data folder. |
| Aventail Connect (As32Svc) | L | as32svc.exe | Related to Aventail_Corp |
| AVG Anti-Spyware Guard (Anti-Malware Development a.s) | L | guard.exe | AVG Anti-virus product. |
| AVG E-mail Scanner | L | avgemc.exe | Related to AVG anti-virus |
| AVG Firewall (AVGFwSrv) | L | avgfwsrv.exe | Related to AVG_Firewall Note: located in C:\PROGRA~1\Grisoft\AVG7\ |
| AVG6 Service | L | avgserv.exe | AVG 6 Anti virus |
| AVG7 Alert Manager Server | L | avgamsvr.exe | Related to AVG Anti-Virus. |
| AVG7 Resident Shield Service (AvgCoreSvc) | L | avgrssvc.exe | Related to Grisoft_AVG_Resident Shield Service. Note: Located in C:\PROGRAM Files\Grisoft\AVG7\ |
| AVG7 Update Service | L | avgupsvc.exe | Used by the AVG 7 Antivirus program to keep your definitions up to do date. Note : For more information see AVG |
| avgav.exe (AVG) | X | avgav.exe | W32/Sdbot-DCT Read the link, allows remote access |
| Avid SDM Service (AvidSDMService) | L | AvidSDMService.exe | Related to Avid_SDM_Service from Avid Technology Note: Located in C:\WINDOWS\system32\ |
| Avid Startup | L | AvidStartup.exe | Associated with Avid_Digital_Media Products |
| avinitnt | L | avinitnt.exe | Related to Command AntiVirus for Windows Component, made by Command Software Systems, Inc. Which merged with Authentium in 2002. |
| AVKernel | X | AVKernel.exe | Rouge Anti-Virus Program. Made by WinSoftware, Ltd. For more information on WinAntiVirus 2005 Click_Here Note: Not recommended. |
| AVM FRITZ!web Routing Service (de_serv) | L | de_serv.exe | Installed alongside DSL drivers from AVM Fritz's range of modem products. http://www.liutilities.com/products/wintaskspro/processlibrary/de_serv/ |
| AVM IGD CTRL Service | L | IGDCTRL.EXE | Related to AVM_IGD_CTRL DSL Service. Note: Located in C:\Program Files\FRITZ!DSL\ |
| AVM WLAN Connection Service | L | WlanNetService.exe | Related to broadband products from avm.de |
| AVP Control Centre Service | L | avpcc.exe | Kaspersky AntiVirus |
| AVP UPDATE IONTERFACE A6 (avA6) | X | AVA6.SYS | Added by the DLOADER.AJQ TROJAN! Note: This has also been seen using the Display name AVP update interface A6. This trojan file is found in the System32 folder. |
| AVP-SE | X | avp-32.exe | WORM_AGOBOT.FS Read the link, allows remote access |
| AVPX TCP (avpx32) | X | avpx32.sys | Added by the Troj/Haxdoor-AH TROJAN! Read the link, rootkit type stealth involved. |
| AVPX64 TCP (avpx64) | X | avpx64.sys | Added by the Troj/Haxdoor-AH TROJAN! Read the link, rootkit type stealth involved. |
| avsinc | L | | |
| avsuite (mssuite) | X | msuite.exe | Added by the W32/Sdbot-ABC WORM! Read the link, rootkit type stealth involved. |
| AVSync Manager | L | Avsynmgr.exe | From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application |
| AVupdate service interface X2 (avupdate2) | X | avupdate2.sys | Added by the Troj/Hanlo-A TROJAN! Note: This trojan file is located in the System32 folder. |
| AvUpdSvc | L | avupdsvc.exe | Part of Avast! anti-virus software |
| “RDRIVâ€Â (rdriv) | X | RDRIV.SYS | Added by the TROJ_ROOTKIT.E TROJAN! Read the link, rootkit type stealth involved. |
| B's Recorder GOLD Library General Service (bgsvcgen) | L | bgsvcgen.exe | Related to B_H_A_Corp B' Recording Gold for CD/DVD burning and authoring software. |
| BackOnTrack Callback Service (BOTCbs) | L | bcbs_xp.exe | Related to BackOnTrack from System OK. Note: Located in C:\Program Files\SystemOK\BackOnTrack\WinXP\ |
| Backup Exec 8.x Alert Server (BackupExecAlertServer) | L | alertServer.exe | Related to Veritas Software backup tool. |
Backup Exec 8.x Notification Server (BackupExecNotificationServer) | L | nsvr.exe | Related to Veritas Software backup tool. |
| Backup Exec Agent Browser (BackupExecAgentBrowser) | L | benetns.exe | Related to the Backup Exec application from Veritas http://www.liutilities.com/products/wintaskspro/processlibrary/benetns/ |
Backup Exec Device & Media Service (BackupExecDeviceMediaService) | L | pvlsvr.exe | Related to Veritas Backup Exec and offers essential functionality for Backup Exec. http://www.processlibrary.com/directory/files/pvlsvr/index.php |
| Backup Exec Job Engine (BackupExecJobEngine) | L | bengine.exe | Backup service for Veritas Backup Exec. This program is essential in keeping backups up to date and should not be terminated. http://www.processlibrary.com/directory/files/bengine/index.php |
| Backup Exec Naming Service (BackupExecNamingService) | L | benser.exe | Veritas Software Corporation. This is the Backup Exec naming service which is needed in order to achieve some backups and restores. http://www.processlibrary.com/directory/files/benser/index.php |
Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) | L | beremote.exe | process that belongs to Backup Exec from Veritas http://www.liutilities.com/products/wintaskspro/processlibrary/beremote/ |
| Backup Exec Server (BackupExecRPCService) | L | beserver.exe | Related to Veritas Backup Exec. This program is essential in keeping backups up to date and should not be terminated. http://www.processlibrary.com/directory/files/beserver/index.php |
| BackupClientSvc | L | BackupClientSvc.exe | Related to NovaNet_WEB NovaStor Corp. Online Backup Services. |
| bbc (cnn) | X | imsins.exe | Troj/Hupigon-U |
| bbserver | X | bbserver.exe | Troj/Hupigon-PS Note: Located in %windir% Read the link, allows remote access |
| bcrcogqrkyko | X | mueyzrua5.exe | |
BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) | L | BeatJamHttpService.exe | See_BeatJam BeatJam Music Server Edition. |
| BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) | L | BeatJamUPnPService.exe | See_BeatJam Justsystem audio software BeatJam. |
| Bell & Howell Database Manager (dbmang) | L | DBMANG.EXE | Related to Bell_and_Howell |
| Bell & Howell Monitor Service (BHMonitorService) | L | monitor.exe | Related to Bell_and_Howell |
| BelMonitor Service (BelMonitorService) | L | BANTMonitorSvc.exe | Related to Belarc, inc. |
| BES Client (BESClient) | L | BESClient.exe | Related to BESClient by BigFix Inc |
| Beyond Remote Server | O | BRServer.exe | Beyond Remote Remote Legitimate, but allows remote access so should be removed if it was not intentionally installed |
| BGS_SDService | L | BGS_SDservice.exe | Related BMC Software, Inc. - http://www.bmc.com/ |
| bh611 | L | NT611SVC.EXE | Related to Bell_and_Howell |
| BigPond Broadband Cable Login | L | bpcService.exe | Telstra's BIGPOND_BROADBAND_CABLE |
| Biometric Authentication Service | L | DpHost.exe | Related to DigitalPersona, Inc. |
| BitDefender Communicator | L | xcommsvr.exe | Related to bitdefender Antivirus |
| BitDefender Desktop Update Service | L | livesrv.exe | Update service for BitDefender_Antivirus |
| BitDefender Scan Server | L | bdss.exe | Related to Bitdefender antivirus |
| BitDefender Virus Shield | L | vsserv.exe | Related to bitdefender (Virusshield) |
| Black Hole Professional Version (wmupdate) | X | svch0st.exe | Detected as Backdoor.Win32.Ciadoor.123.d by Kaspersky |
Black Hole2005 Professional Version (Black Hole2005 Professional) | X | QQ.exe | Added by the Troj/BlackHol-C TROJAN! |
Black Hole2005 Professional Version (Black Hole2005 Professional) | X | server.exe | Added by the Troj/Singu-W TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| BlackICE | L | blackd.exe | Black Ice firewall |
| Blue Coat K9 Web Protection (WebFilter) | L | k9filter.exe | Related to K9 Web Protection |
| Bluesocket IPSec Service (BlueService) | L | BlueService.exe | Related to Bluesocket WLAN service. Note: Located in C:\Program Files\Bluesocket MS IPSec Config Tool\ |
| BlueSoleil Hid Service | L | BTNtService.exe | BlueSoleil is a Bluetooth device manager for Windows. Made by the IVT_Corporation The file associated with this service is found in the Program Files\IVT Corporation\BlueSoleil folder. |
| Bluetooth Notification Service (Btnfserv) | X | btserv.exe | Added by the W32/Sdbot-CSD WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Bluetooth Service | L | btwdins.exe | Bluetooth Service |
| bobo | L | momo | panda platinium antivirus |
| Boeing Permissions Elevator | L | elevate.exe | The Boeing Company (internal use) |
| Boingo Monitor Service | L | wmonitor.exe | Boingo's Free_Wi-Fi_Software |
| Bonjour Service | L | mDNSResponder.exe | Create's a network of computers and smart devices. Made by Apple Computer, Inc. For more information Click_Here File location is in the Program Files\Gizmo Project folder. |
| BoolTern (BoolTern) | X | svch0st.exe | Added by the W32/Tilebot-U WORM! Note: This (svch0st.exe) is not the legitimate Windows process (Which is always found in the System32 folder, also notice the difference in the spelling.) The legitimate Windows process (svchost.exe) should not be seen in Msconfig or as a Startup item. This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Boonty Games | X | Boonty.exe | Boonty_Games Used with Boonty box. Will not uninstall from Add/Remove programs. This is from their Privacy Policy. "We also may share payment information with third parties who provide payment services and share aggregate data regarding the type and number of videogames you download, your age, gender, occupation, education level, geographic location, computer equipment data and on-line and video game interests, activities and practices to game publishers. In addition, we share e-mail addresses with third party e-mail carriers who assist us in sending out our e-mails to many of our customers at the same time. Subsidiaries and controlled affiliates are not viewed as third parties for the purpose of data transfers, and hence personal information may be shared within those subsidiaries and affiliates without obtaining additional consent." |
| Broadcom ASF IP monitoring service v3.0.1 | L | basfipm.exe | Related to Broadcom communications - hardware. |
Brother BidiAgent Service for Resource manager (brmfbags) | L | BrmfBAgS.exe | Related to Brother_BidiAgent Service products, from Brother Industries. Note: Located in C:\WINDOWS\System32\ |
| Brother Popup Suspend service for Resource manager | L | Brmfrmps.exe | Brother printer related |
| Browser | X | svchost.exe -k Browser | Added by the Fuwudoor TROJAN! |
| BrSplService | L | brsvc01a.exe | related to Brother Industries Ltd |
| BT Modem Lock | L | ModemLock.exe | Related to NetProtector Parental control. |
| BUFFALO Wireless Configuration Service (bwcsrv) | L | bwcsrv.exe | Related to BUFFALO_Wireless Configuration Service Note: Located in C:\WINDOWS\System32\Drivers\ |
| Buffalo Wireless Service (BWSVC) | L | bwsvc.exe | Related to Buffalo_Wireless_Service The Multimedia Combo Set by SANSUN Industries. Note: Located in C:\Program Files\BUFFALO\Client Manager 2\ |
| BullGuard Email Monitoring (BsMailProxy) | L | svchost.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BullGuard File Monitoring (BsFileSpy) | L | svchost.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BullGuard Firewall (BsFirewall) | L | svchost.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BullGuard LiveUpdate (BGLiveSvc) | L | BullGuardUpdate.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BullGuard Main (BGMainSvc) | L | svchost.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BusinessC (BusinessContinuity) | X | msstl.exe | Added by the SDBOT.CJR WORM! Read the link, rootkit type stealth involved. |
| Bytemobile Web Configurator (bmwebcfg) | L | bmwebcfg.exe | Related to Bytemobile Inc. Mobile Content Filtering. |
| C-DillaCdaC11BA | O | CDAC11BA.EXE | copy protection software |
| C-DillaSrv | L | CDANTSRV.EXE | C-Dilla License Management software from MacroVison |
| CA ISafe | L | isafe.exe | Related to Computer Associates virus software. |
| CA License Client | L | lic98rmt.exe | Computer Associates |
| CA License Server | L | lic98rmtd.exe | Computer associates |
| CA Pest Patrol Realtime Protection Service (ITMRTSVC) | L | ITMRTSVC.exe | Related to CA_Pest_Patrol Realtime Protection Service Note: Located in C:\Program Files\CA\PPRT\bin\ |
| CaCCProvSP | L | ccprovsp.exe | Related to eTrust_Internet_Security_Suite from Computer Associates International Inc. Note: Located in C:\Program Files\CA\eTrust Internet Security Suite\ |
| CachemanXP | L | CachemanXP.exe | CachemanXP Memory Manager |
| CAILI | L | caili.exe | related to CarryIco Software, installed by a flash card reader driver setup utility. |
| CAISafe | L | ISafe.exe | Part of eTrust EZ Antivirus |
| CanerServer | X | caner.exe | Troj/Hupigon-ES |
| Canon BJ Memory Card Manager | L | Bjmcmng.exe | Canon Bubblejet Memory Card Utility |
| Canon Camera Access Library 8 (CCALib8) | L | CALMAIN.exe | Canon digital camera software that provides additional configuration options for the devices. |
| Canon Driver Information Assist Service | L | CnxDIAS.exe | CANON Driver Information Assist Core Module. This file should be found in the Program Files\Canon\DIAS folder. |
| Canon PIXMA iP6000D Memory Card Manager | L | PDUiP6000DMemCrdMgr.exe | Related to Canon PIXMA iP6000D Bubble Jet printer |
| Capture Device Service | L | DevSvc.exe | Related to Capture_Device InterVideo Service. Note: Located in C:\Program Files\Common Files\InterVideo\ |
| Capture Service (CaptureService) | L | CaptureService.exe | Related to Impact_360 from Witness Systems, Inc. Workforce management. Note: Located in C:\WINDOWS\system32\DirectX\ |
| Carbon Copy Scheduler (CarbonCopyScheduler) | L | schdsrvc.exe | Related to Alteris services. http://www.altiris.com |
| CarboniteService | L | carboniteservice.exe | Related to Carbonite_online_backup automatically backs up all the the files on your computer. |
| Card Adapter (NETDown) | X | smss.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This is not the legitimate Windows Process smss.exe. (Which is found in the System32 folder.) This worm/trojan file (smss.exe) is found in the Windows or Winnt folder. |
| cdmonsvc32 | X | cmmonsvc32.exe | Worm.Opanki_Variant.Process Note: Located in %windir% |
| Cdsys (Cdsys) | X | cdcd.sys | Added by the Troj/Agent-IA TROJAN! Note: This trojan file is found in the System32 folder. |
CE-Infosys Security System (CE-Infosys Security Service) | ? | ceisvc.exe | Seems to be legit, belongs to this company Ce-infosys_suite It will be left as unknown until more is found out about the company. |
| CeEPwrSvc | L | CeEPwrSvc.exe | Related to TOSHIBA and COMPAL ELECTRONIC INC. |
| CelInDrv | X | CelInDriver.sys | Win32/Agent.ABF Note:Located in %system% Read the link, collects sensitive information |
| CentennialClientAgent | L | CAgent32.exe | Related to Centennial UK Limited - http://www.centennial.co.uk/ |
| CentennialIPTransferAgent | L | xferwan.exe | Related to Centennial UK Limited - http://www.centennial.co.uk/ |
| cFosSpeed System Service (cFosSpeedS) | L | spd.exe | cFos_Software Internet acceleration program related. Note: May be necessary for the software to work properly. |
| change me please (VIRUS) | X | sysdat.exe | Added by the W32/Tilebot-L WORM! |
| Changed me (Patch) | X | systemz32.exe | W32/Tilebot-JD Read the link, allows remote access and uses rootkit stealth |
| Charter High-Speed Security Suite | O | SERVIC~1.EXE | Related to F-Secure, Backweb application |
| chckntfs | X | chckntfs.exe | Added by the W32/Tilebot-EF WORM! Note: This worm\trojan is located in C:\%WINDIR%\ |
| chkext(chkext) (chkext) | X | chkext.exe | Added by the W32/Sdbot-CRW WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Chong3 Me (MlCR0SOFTS UPDATE) | X | N0RTAN.EXE | Added by the SDBOT.CNM WORM! Read the link, rootkit type stealth involved. |
| Chong3 Me (MlCR0SOFTS UPDATEe) | X | lexplarer.exe | Added by the SDBOT.CWB WORM! Read the link, rootkit type stealth involved. |
| cics.REGION1 | L | cicssvc.exe | Related to IBM Corp. |
| cics.REGION2 | L | cicssvc.exe | Related to IBM Corp. |
| cicssfs.SCMMC223 | L | cicssfssvc.exe | Related to IBM Corp. |
| cidaemon | L | .exe | Microsoft Indexing Service filter daemon |
| cidaemon | L | cidaemon.exe | Microsoft Indexing Service filter daemon |
| Cisco Configuration Service (CCS) | L | ccs.exe | Related to Related to Cisco_Systems Note: Located in C:\WINDOWS\system32\ |
| Cisco Systems, Inc. STC Agent (STCAgent) | L | agent.exe | Related to Cisco Systems inc. SSL VPN Client, Note: located in C:\Program Files\Cisco Systems\SSL VPN Client\ |
| Cisco Systems, Inc. VPN Service | L | cvpnd.exe | part of Cisco VPN |
| Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal) | L | ctxcpubal.exe | Related to Citrix MetaFrame |
| Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched) | L | ctxcpusched.exe | Related to Citrix MetaFrame |
Citrix CPU Utilization Mgmt/User-Session Sync (CTXCPUUsync) | L | ctxcpuusync.exe | Related to Citrix MetaFrame |
| Citrix Print Manager Service (cpsvc) | L | CpSvc.exe | Related to Citrix MetaFrame, control Printer Management. |
| Citrix SMA Service | L | SmaService.exe | Related to Citrix MetaFrame |
| Citrix Virtual Memory Optimization | L | CtxSFOSvc.exe | Related to Citrix MetaFrame, Monitors all DLLs on a server to find where collisions are occurring |
| Citrix WMI Service (CitrixWMIService) | L | ctxwmisvc.exe | Related to Citrix MetaFrame |
| Citrix XML Service (CtxHttp) | L | ctxxmlss.exe | Related to Citrix MetaFrame |
| Citrix XTE Server (CitrixXTEServer) | L | XTE.exe | Related to Citrix MetaFrame |
| CL500_510 Remote Server | L | KaNTSRV.exe | Related to Panasocic_Color_Laser_Printer server. Note: Located in C:\PROGRAM FILES\PANASONIC\REMOTE SERVER\ |
| Client Debug Manager | X | spoolvc.exe | W32/Sdbot-DCX Read the link, allows remote access |
| Client Disk Manager | X | symon.exe | Added by the W32/Tilebot-IN WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Client IP-IPX | X | svchosts.exe | Added by a variant of the W32/SDBOT WORM! Note: Located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K) |
| Client Network (CdmService) | L | cdmsvc.exe | Related to Citrix MetaFrame, maps client drives and peripherals for access in ICA sessions. |
| Client Server Runtime Proces | X | csrss.exe | Added by the WORM_SDBOT.BTI WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Malicious activities read the topic. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. |
| Client Server Runtime Process | L | csrss.exe | Microsoft Client Server Runtime Process |
| Client Server Runtime Service (csrss32) | X | csr.exe | Added by the W32/Sdbot-AFM WORM! Note: This worm file is found in the Windows or Winnt folder. |
| Client Update Service for Novell | L | cusrvc.exe | Related to Novel server. |
| Client/Server Runtime Server Subsystem (CSRSS) | X | csrss.exe | W32/IRCBot-UN Note: Located in %windir%, not to be confused with the legitimate file in %windir%\system32 (%windir%\system on windows 98/ME) Read the link, allows remote access and steals information |
| Client32 | L | client32.exe | NetSupport Manager by "NetSupport Ltd.". |
| Cliente de seguimiento de vinculos distribuidos | L | services.exe | Spanish Windows 2000 distributed links tracking client |
| Cliente DHCP | L | services.exe | Spanish Windows 2000 DHCP client |
| Cliente DNS | L | services.exe | Spanish Windows 2000 DNS client |
| Clients Server Runtime Process | X | csrss.exe | Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR% This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| Clients Server Runtime Process (Windows Internet) | X | csrss.exe | Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| clmss (Content List Management Sub System) | X | clmss.exe | Added by the W32/Tilebot-AO WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Cobian Backup 8 service (CobBMService) | L | cbService.exe | Related to Cobian_Backup An Open Source projects. Note: Located in C:\Program Files\Cobian Backup 8\ Note Open souce project can be modified. Make sure you scan the program with a Virus protection program before using. |
| Codec | X | WINCODEC.EXE | Added by the SDBOT.CJO WORM! Read the link, rootkit type stealth involved. |
| Cognos ReportNet | L | cogbootstrapservice.exe | Related to Cognos_ReportNet Business Intelligence software. Note: located in C:\Program Files\Cognos\crn\bin\ |
| ColdFusion Graphing Server | L | JRun.exe | Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc. |
ColdFusion Management Repository Server (ColdFusion Management Repository) | L | jrun.exe | Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc. |
| ColdFusion Management Service | L | CANamingAdapter.exe | Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc. |
| ColdFusion Monitoring Service (ClusterCATS Service) | L | ccmgr.exe | Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc. |
| ColdFusion MX Application Server | L | jrunsvc.exe | Related to Macromedia Cold Fusion software. |
| ColdFusion MX ODBC Server | L | swstrtr.exe | Related to Macromedia Cold Fusion software. |
| COM Host | L | comHost.exe | Related to Norton/Symantec Internet Security |
| COM Message Transfer (mscommt) | X | svchost.exe -k mscommt | Added by the Troj/Dbit-A TROJAN! |
| COM+ Component Service (COMCSVC) | X | winmgnt.exe | Added by unknown malware, the file winmgnt.exe may be a Serv-U FTP server used to download other malicious files to your computer. File location is in the System32 folder. |
| COM+ Interface (svcmngr) | X | svcgirl.exe | Added by an unknown malware. Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder. |
| COM+ Messages | X | svchosts.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| COM+ System Client (ComSysCnt) | X | cmsvc.exe | Identified as the SdBot.bis worm Note: This worm is located in C:\WINDOWS\repair\ |
| COM+ System Service (COMSS) | X | SSMS.EXE | Added by unknown malware. File location is in the System32 folder. |
| COM+ System Service (DLLHOST) | X | dllhost.exe | Added by the Backdoor.Win32.SdBot.xd as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| COM+ System Source (COMSysSRC) | X | vmnat.exe | W32/Tilebot-JE Note: Located in %windir%\system32 Read the link, allows remote access |
| Command Service (cmdService) | X | command.exe | Adware |
| CommServer | L | CommSvr.exe | Related to the HiPath 1220 digital PBX system from Siemens. For more information Click_Here File location is in the Program Files\Siemens\HiPath 1220\CommServer2.0 folder. |
| Comodo Application Agent (CmdAgent) | L | cmdagent.exe | Related to Comodo_Firewall from Comodo. Note: Located in C:\Program Files\Comodo\Firewall\ |
| Compaq Advisor | L | compaq-rba.exe | Related to Compaq |
| Compaq DMI Web Agent | L | WebDmi.exe | Related to Compaq Computer. |
| Compaq Local Alerter | L | cpqalert.exe | Related to Compaq Computer. Allows for "fault, performance, and configuration management". Recommended for corporate users only. |
| Compaq Local Alerter (CPQALERT) | L | CPQAlert.exe | Related to compaq products |
| Compaq Presario SSH | X | cpsd.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K) |
| Compaq Remote Diagnostics Enabling Agent | O | Cpqdfwag.exe | Related to Compaq diagnostics utility. |
| Compuware Open Server | L | cwjboss.exe | Compuware Serversoftware |
| comrepl | X | comrepl32.exe | Added by the W32/Rbot-DNH WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| comrepl | X | comreplsvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Config Loader | X | scvhost.exe | several Agobot variants |
| ConfigFree Service | L | CFSvcs.exe | Toshiba related |
| Configuration Loader (bF) | X | wincrt32.exe | Virus and Trojan tools. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JP&VSect=Sn |
| Configuration Loading | X | svchos1.exe | several Agobot variants |
| Connected Agent Service (AgentSrv) | L | AgentSrv.EXE | Related to Connected Corporation. - http://www.connected.com/ |
| Connected Launcher | L | CBlaunch.exe | Connected backup software |
| Connected RegCap | L | CBRegCap.EXE | Connected backup software |
| Connection Rese | X | webadmin.exe | W32/Forbot-FY adds this, with a display name of Website Administrator Info. |
| Content Index service | L | cisvc.exe | Microsoft Content Index service |
| Content Monitoring Tool | L | msCMTSrvc.exe | Compaq CMTS |
| ContentProtect (CwCpSvc20) | L | cwsvc.exe | Related to ContentWatch Parental Control Internet Filter. |
| Contivity VPN Service | L | Extranet_serv.exe | Related to Novel server. |
| Contour Shuttle Device Engine (ShuttleEngine) | L | ShuttleEngine.exe | Related to Contou_Design |
| Control Services | X | expl0rer.exe | Win-Trojan/BlackHole.125440 |
| Control Task Manager | X | cvsys.exe | Added by an unidentified TROJAN! Note: of the IRC/bot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| COSIDS_TB | L | TbMux32.exe | Related to http://www.transaction.de/ |
| coste | O | martinr.coste@neuf.fr | antivirus |
Cox High Speed Internet Security Suite System Service (AuthSysSvc) | L | SysSvcNt.exe | Related to Cox High Speed Internet Security Suite System Service. Note: Located in C:\Program Files\Cox\Applications\app\ |
| cpanelx (Microsoft Control Panel) | X | cpanelx.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm file is found in the Windows or Winnt folder. |
| cpqdmi | L | cpqdmi.exe | Compaq version of the Desktop Management Interface |
| CPUCooLServer Service (CPUCooLServer) | L | CooLSrv.exe | Part of CPUCooL |
| CQG Installation Service | L | cqginsts.exe | Related to CQG, Inc. CQG provides extensive historical data online for charting and technical analysis. |
| crauto | L | crauto.exe | Background task of the Paragon Encrypted Disk software which enables you to have encrypted virtual hard disks to store sensitive data. (answers that work) |
| Creative Labs Licensing Service | L | CreativeLicensing.exe | Related to Creative Labs Licensing Service. Note: located in C:\Program Files\Common Files\Creative Labs Shared\Service\ |
| Creative Service for CDROM Access | L | CTsvcCDA.exe | Creative Service for CDROM Access |
| crss32.exe | X | crss32.exe | Added by the W32/Tilebot-GT WORM! Note: This worm\trojan is located in C:\%WINDIR% |
| Crypkey License | L | crypserv.exe | CrypKey Software Licensing System from Cobalt Systems |
| Cryptainer service (ssoftservice) | L | ssoftsrv.exe | Owner:Cypherix Cypherix Encryption Software |
| Cryptic Protected Storage (CryptProtectedService) | X | cpstorage.exe | Added by the W32/Tilebot-HO WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Cryptographic Engine (EngSvc) | X | csvc.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Crystal APS (CrystalAPS) | L | CrystalAPS.exe | Related to Crystal_APS Now owned by Business Objects. Note: Located in C:\Program Files\Seagate Software\Enterprise\x86\ |
| Crystal Cache Server (CacheServer) | L | cacheserver.exe | Crystal_Decisions_Cache_Server Now owned by Business Objects |
| Crystal Event Server | L | EventServer.exe | Crystal Decisions Event Server |
Crystal Input File Repository Server (CrystalInputFileServer) | L | inputfileserver.exe | Crystal_Decisions_File_Repository_Server Now owned by Business Objects. |
| Crystal Management Server | L | CrystalMS.exe | Crystal Decisions Management Server |
Crystal Output File Repository Server (CrystalOutputFileServer) | L | outputfileserver.exe | Crystal_Decisions_Output_File_Repository_Server Now owned by Business Objects |
| Crystal Program Job Server | L | ProgramServer.exe | Crystal Decisions Job Server |
| Crystal Report Application Server | L | crystalras.exe | Crystal Decisions Report Application Server |
| Crystal Report Job Server (JobServer_Report) | L | JobServer.exe | Crystal_Decisions_Report_Job_Server Now owned by Business Objects |
| Crystal Web Component Server (WebCompServer) | L | WebCompServer.exe | Related to Crystal Decisions Enterprise software. Now owned by Business_Objects Note: Located in C:\Program Files\Seagate Software\WCS\ |
| CsdDriver | X | CsdDriver.sys | Troj/Goldun-EE |
| CTI Central Management | X | cti.exe | Lowers IE security settings |
| Curtains for Windows System Service (CurtainsSysSvc) | L | CurtainsSysSvcNt.exe | Related to Authentium, Inc. http://www.authentium.com/ |
| CVSNT 2.5.01.1927 Dispatch service (cvsnt) | L | cvsservice.exe | Related to CVS_on_NT service Machines. From March Hare Software. Note: Located in C:\Program Files\CVSNT\ |
| CVSNT 2.5.01.1927 locking service (cvslock) | L | cvslock.exe | Related to CVS_on_NT service Machines. From March Hare Software. Note: Located in C:\Program Files\CVSNT\ |
| CWAFAdminController | L | CWAFAdminController.exe | Compuware Seversoftware |
| CWAFAdminMonitor | L | CWAFAdminMonitor.exe | Compuware Serversoftware |
| CWAFEventRouter | L | cwafservice.exe | Compuware Serversoftware |
| CWAFNotesService | L | CWAFNotesService.exe | Compuware Serversoftware |
| CWAFReportScheduler | L | CWAFSchedService.exe | Compuware Serversoftware |
| CWAFRmiRegistry | L | CWAFRmiRegistry.exe | Compuware Serversoftware |
| CWShredder Service | L | CWShredder.exe | CWShredder tool from Trend Micro. |
| CXPT_Service - Cyberspace Headquarters, LLC | L | wcservice.exe | Related to Internet_Security Suite from COSMI Corp. |
| CyberArmor Run Service | L | casvc.exe | CyberArmor an Enterprise Class Personal Firewall |
| Cyberhawk | L | CHService.exe | Related to Cyberhawk from Novatix, Protects against Viruses, Spyware, Identity Theft. Note: Located in C:\Program Files\Novatix\Cyberhawk\ |
| CyberLink Background Capture Service (CBCS) (CLCapSvc) | L | CLCapSvc.exe | Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp |
| CyberLink Media Library Service | L | CLMLServer.exe | Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp |
| Cyberlink RichVideo Service(CRVS) (RichVideo) | L | RichVideo.exe | CyberLink RichVideo is an advanced technology designed to save precious video editing time. |
| CyberLink Task Scheduler (CTS) (CLSched) | L | CLSched.exe | Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp |
| CYGWIN cygserver (cygserver) | L | cygrunsrv.exe | Related to Cygwin_RedHat powerful tools to assist developers in migrating applications from UNIX®/Linux to the Microsoft® Windows®; platform. Note: located in C:\Apps\cygwin\bin\ |
| CypressLink | L | CypressLinkService.exe | Related to Related to CypressViewer from Siemens. Medical software. Note: Located in C:\Program Files\Acuson\CypressViewer\Bin\Release\ |
| D-Link IP servellience Launcher (D-Link_ST3402) | L | Launcher_DL.exe | Related to D-link Software. Note: Located in C:\Program Files\D-Link\IP surveillance\ |
| DameWare Mini Remote Control | L | DWRCS.EXE | Related to DameWare Development |
| DameWare NT Utilities 2.6 (DNTUS26) | L | DNTUS26.EXE | Related to Dameware_NT_Utilities program that allows remote access and control of a computer. This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed. Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K) |
| dashsvc | L | Dashsvc.exe | Motion computer pen interface. :Owner: Motion Computing Inc. |
| Data Protector Inet | L | OmniInet.exe | Related to Hewlett-Packard OpenView OmniBack II |
| Datakey's Log Service (DkLogger) | L | DkLog.exe | Made by Datakey, Inc. |
| Datakey's Token Service (DkTknSrv) | L | dkcktkn.exe | Made by Datakey, Inc. |
| DataSvr | L | DataServer.exe | Related to Wave_Systems_Corp An identity protection application that is configured to use digital certificates. |
| Datax Sagef Server (SagefServer) | L | Datax.Sagef.Server.exe | Related to DataX Server. Note: Located in C:\Program Files\Datax\Servidor Sagef\ |
| DB2 - DB2 (DB2) | L | db2syscs.exe | Related to IBM Corp. |
| DB2 - DB2DAS00 (DB2DAS00) | L | db2syscs.exe | Related to IBM Corp. |
| DB2 Governor (DB2GOVERNOR) | L | db2govds.exe | Related to IBM Corp. |
| DB2 JDBC Applet Server | L | db2ccs.exe | Unknown.Found in an IBM application. |
| DB2 JDBC Applet Server (DB2JDS) | L | db2jds.exe | Unknown, found in a IBM application. |
| DB2 Remote Command (DB2REMOTECMD) | L | db2rcmd.exe | Related to IBM Corp. |
| DB2 Security Server (DB2NTSECSERVER) | L | db2sec.exe | Related to IBM Corp. |
| DB2DAS - DB2DAS00 | L | db2dasrrm.exe | IBM DB2 related. The DB2 Admin Server process. This process supports both local and remote administration requests using the DB2 Control Center. |
| Dcfssvc | L | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can\'t load pictures from your camera/dock - Kodak\'s dock is an example |
| Dcom Helper (DcmHlp) | X | dcmhelp.exe | Addec by the W32/Sdbot-AJA WORM! Note: This worm\trojan is located in C:\%WINDIR%\ |
| DCOM PC Service (mspcdcom) | X | mspcdcom.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| DCPFLICS | L | DCPFLICS.exe | Related to: Discreet Turbosquid/3dsmax Plugin Protection |
| DCS Loader | L | OPHALDCS.EXE | Print spooler service for Oki_Data printer |
| dcznetv2 (dcznetv2) | X | dcznetv2.exe | Added by the W32/Tilebot-O WORM! Note: This worm/trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| DDE de red | L | netdde.exe | Spanish Windows 2000 network DDE |
| Debug Config System | X | lrsys.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Debug System Manager | X | spoolvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Deepsight Extractor | L | ExtractorService.exe | Symantec Security Analyser |
| DeepSight Extractor CC Service | L | ccExtractorService.exe | Related to Symentec corp. |
| DeepSight Extractor Service for NPF03 | L | ExtractorServiceNPF03.exe | Symantec Security Analyser |
| DeepSight Extractor Service for NPF04 | L | ExtractorServiceNPF04.exe | Symantec Security Analyser |
Defragmentation Management Handler (FAT Defragmentation) | X | dfrgfat32.exe | Added by the W32/Codbot-AB WORM! Note: This worm\trojan file is found in the System32 folder. |
| DefWatch | L | defwatch.exe | Symantec Antivirus related |
| Dell Printer Status Watcher (DLPWD) | L | DLPWDNT.EXE | Related to Dell_Printers Note: Located in C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\ |
| Dell Wireless WLAN Tray Service (wltrysvc) | L | WLTRYSVC.EXE | Related to wireless networking for Broadcom wireless network cards, found on Dell PCs |
| DellDmi | L | DellDmi.exe | Related to Dell's OpenManage software. |
| DEventAgent | L | EventAgt.exe | Related to: Dell OpenManage and used for server management. |
| DEVICEMAP | X | DEVICEMAP.SYS | Added by the TROJ_ROOTKIT.O TROJAN! Read the link, rootkit type stealth involved. |
| DF5Serv | L | DF5Serv.exe | By Faronics Corporation |
| dgtsys (dgtsys) | X | dgtsys.sys | Added by Adware-DigitalNames |
| DHCP Client (Ulead Service) | X | dhcpclient.exe | Added by the W32/Codbot-AG WORM! |
| Diagnostic Facility COM Server (CdfSvc) | L | CdfSvc.exe | Related to Citrix MetaFrame Presentation Server |
| DiamondCS Process Guard Service v3.000 | L | dcsuserprot.exe | process guard |
| DigiCtrl | L | digisc.exe | Related to Matrox_Electronic_Systems DigiSuite Service Control |
| Digidesign MME Refresh Service (DigiRefresh) | L | MMERefresh.exe | Related to Digidesgin Protocols Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R |
| digiSPTIService | L | digiSPTIService.exe | Related to Pro_Tools digital audio workstation (DAW) technology. |
| Digitizer Service (Digitizer) | L | digtizer.exe | Related to Digitizer_Service from Wacom Tech. Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Dimension4 | L | D4.exe | Related to Dimension4 Thinking Man Software - Note: Located in C:\Program Files\D4\ |
| direct sound rss (dsrss) | X | dsrss.exe | Added by the Backdoor.SdBot.xd as identified by ewido. Note: This worm\trojan is located in C:\%WINDIR%\ |
| DirectUpdate engine | L | DUService.exe | Direct Update - registers dynamic IPs to a fixed hostname |
| DirectX Debug Service (DXDebug) | L | DXDebugService.exe | Related to the Microsoft DirectX SDK and offers a debug facility for this development suite. |
| DirectX Drivers | X | D1rectX.exe | Added by the SDBOT.CIF WORM! This should not be confused with Microsoft DirectX files. Read the link, rootkit type stealth involved. |
| DirectX Graphics (dxdmain) | X | dxdmain.exe | Added by the W32/Codbot-O WORM! |
| DirectX Service (Cakad) | X | explorer.exe | Troj/DwnLdr-GTD Read the link, allows remote access |
| DirectX Service (DirectFezt) | X | explorer.exe | Troj/Crybot-G Note: Located in the downloaded program files folder Read the link, allows remote access |
| DirectX Service (DirectService) | X | directx.exe | Added by the Troj/Crybot-B TROJAN! This should not be confused with Microsoft DirectX files. Note: Allows a remote intruder to gain access and control over the computer through IRC channels. |
| DirectX Service (DirectValk) | X | explorer.exe | Added by the Troj/Crybot-F TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| DirectX Service (DirectXopm) | X | explorer.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\COMMAND\ Folder. Note This should not be confused with C:\%WINDIR%\explorer.exe which is the Microsoft Operating file. |
| directx.exe | X | directx.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. |
| DIRECWAY Webcast (DPC_SRV_WEBCAST) | L | dpcproxy.exe | Related to DIRECWAY Webcast - http://www.directway.com/ |
| DirMS_Defragmentation | L | DirmsService.exe | Related to DirMS_Defragmentation from DIRMS. Allows the user to defragment hard drives with a user-friendly GUI. Note: Located in C:\Program Files\MATCO\ |
| Disk Checker Service (Check Disk) | X | chkdsk.exe | Added by the W32/Tilebot-IS WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Read the link |
| Disk Indexing Service (DiSVC) | X | disvc.exe | Added by the Troj/IRCBot-UX TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Disk Management Service (VxSvc) | L | VxSvc.exe | Related to Dell Open Management system. http://www.what-process.com/process-info.aspx?p=VxSvc.exe |
| Disk Monitor Services (DiskMon32) | X | svchost.exe -k dmon | Added by the Hanmon TROJAN! Note: This trojan file is found in the System32 folder. |
| Diskeeper | L | DkService.exe | Executive Software's Diskeeper (Defragmenter) |
| Distributed Link Tracking Extensions | X | kernel32dll.exe | Added by the W32/Myfip-I worm. |
| Distributed Link Tracking Service (TrkWksvc) | X | TrkWksvc.exe | Added by the W32.Toxbot.B WORM! |
| Distributed Transaction Coordinator (MSDTC) | L | msdtc.exe | Related to the Distributed_Transaction_Coordinator on Windows 2003. Note: Located in C:\%WINDIR%\System32\ |
| Distributed Transaction Server (MSDCT) | X | msdtc.exe | Troj/Hupigo-SJ Read the link, allows remote access |
| distributed.net client | X | iosdt.exe | You have a Trojan virus on your PC . IOSDT.EXE is its main file. You most probably tried to download illegal copies of Microsoft software, and got infected by this trojan virus as a result (it gives access to your PC from the Internet). |
| distributed.net client (dnetc) | L | dnetc.exe | Client part of the dstributed.net general-purpose distributed computing project. |
| DK2 Network Server (DNServer32) | L | DNSrv32.exe | Related to DESkey_Hardware reliable and flexible means to protect your software from piracy. Note: Located in C:\Program Files\DESkey\DK2 Network Server\ |
| DkeySync | L | syncservice.exe | Related to GE_Security_Supra Note: Located in c:\program files\ge security supra\ |
| dlbt_device | L | dlbtcoms.exe | Something by Dell Computers |
| dlbu_device | L | dlbucoms.exe | Related to Dell computers |
| dlbx_device | L | dlbxcoms.exe | Related to Dell computers. |
| dlcc_device | L | dlcccoms.exe | Dell printer related. File is found in the System32 folder. |
| dlcg_device | L | dlcgcoms.exe | Related to Dell_Printer Communication System Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| dlcj_device | L | dlcjcoms.exe | Related to Dell Photo AIO Printer, may be the driver. |
| DLL Manager (mswindll) | X | mswindll32.exe | Added by the W32/Tilebot-AQ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| dllmgr64 | X | dllmgr64.exe | Added by a Backdoor.SdBot.xd trojan identified by EWIDO. Note: This worm\trojan is located in C:\%WINDIR%\ |
| DLT - Dell Computer Corporation | L | DLT.exe | Related to Dell OpenManage system management software |
| DM Primer (DMPrimer) | L | dmprimer.exe | Related to Unicenter_Remote_Control_Host From Computer Associates Note: Located in C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\ |
| DM1Service | L | DM1Service.exe | Related to OLYMPUS Corporation |
| dmisrv | L | dmisrv.exe | Appears to be part of Dell OpenManage_Client_Instrumentation Software. |
| dmserver | X | svchost.exe -k dmserver | Added by the Fuwudoor TROJAN! |
| DNS Client Service | X | svshost.exe | Identified as the SdBot.awe worm Note: This worm is located in C:\%WINDIR%\System32\ |
| DNS Manager (dnsmgr) | X | dnsmgr.exe | Added by a variant of W32.Wargbot WORM! Note: This worm is located in C:\%WINDIR%\System32 |
| DNS Server (DNS Server) | X | svchost.exe | Added by the Troj/Feutel-Y TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This trojan file is found in the Windows or Winnt folder. |
| DNS4Me Client (DNS4MeClient) | L | DNS4MeClient.exe | Related to Dynamic_DNS_service from RhinoSoft.com that makes it possible for you to start hosting your own web site, FTP server, mail server, and more. |
| DNSCacheReader | X | j[random number].exe | Troj/TinyDL-J Note: Located in C:\Windows\System32 |
| DNSexit | L | dnsexit_srv.exe | Provides reliable DNS Services free of charge to top level domains for both business and internet users. http://www.dnsexit.com/ |
| dnWhoDisp | L | dnwhodisp.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Documentum Desktop Component Installer | L | DcComponentInstaller.exe | Related EMC_Corporation Content management software. |
| Download Manager Lite Service (DownloadManagerLite) | L | dm.exe | Related to Net_Cable TV. Note: Located in C:\Program Files\NCTV\bin\ |
| DPI Assistant Service (srvdpi) | L | srvdpi.exe | Related to Ositech_Communiction Service. Note: Located in C:\WINDOWS\System32\ |
| Dragon Age - Bioware | X | dragonage.exe | Added by the W32/Vanebot-M WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ dllcache\ (XP/WinNT/2K) Will try to teminate virus protections software. |
| Driver Cache (Driver Cache) | X | Driver Cache.exe | Added by the Troj/Feutel-S TROJAN! |
| DSDM de DDE de red | L | netdde.exe | Spanish Windows 2000 network DDE DSDM |
| dservice | X | dservices.exe | W32/Spybot-NM Note: Located in %windir%\system32\dllcache Read the link, allows remote access |
| DTS Agent | L | tngdta.exe | Computer Associates Data Transport Service Agent |
| DTS Browser | L | tngdoba.exe | Computer Associates Data Transport Service Browser |
| DTS Metrics Gatherer | L | tngdtmg.exe | Computer Associates Data Transport Service |
| DUN Manager Service | ? | dmservc.exe | Dial-up and routed networking enhancement - http://www.magsys.co.uk/dunman/ |
| DUN_SERVICE3 | X | dun3.exe | Added by the Trojan.Sokiron TROJAN! |
| DVD-RAM_Service | L | DVDRAMSV.exe | DVD driver |
| DVDrealm (DVDrealm) | X | DVDrealm.sys | Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved. |
| DvpApi | L | dvpapi.exe | Command Software Systems, Inc. - anti Virus |
| dx32hhec | X | dx32hhlp.exe | Added by the Nemog TROJAN! |
| Dynamic Library Host (DLLHOSTS) | X | dllhost.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: Note: This worm\trojan is located in C:\%WINDIR%\ More here |
| DynamicHost (DLHOST) | X | dlhost.exe | Added by the W32/Tilebot-BO WORM! Note: This worm file is found in the Windows or Winnt folder. |
| E6F7BD90 | X | Random_Name.exe | Troj/BDoor-ADP |
| E8CA85CC | X | E8CA85CC.EXE | Troj/JD-A Read the link, steals information |
EarthLink Firewall Process Path Service (ElnkFWPPService) | L | EFWPPS~1.EXE | Related to EarthLink_Firewall Process. Note: Located in C:\Program Files\EarthLink\Protection Control Center\ |
EarthLink Protection Control Center Service (ELNKService) | L | ELNKServ.exe | Related to EarthLink_Protection_Control Center Service. Note: Located in C:\Program Files\EarthLink\Protection Control Center\ |
| EarthLinkSafeConnectAgent | L | SanaAgent.exe | Part of the EarthLink protection center |
| Earthworks License Manager | L | ewlicense_manager_nt.exe | Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Note: Located in C:\Program Files\Common Files\Earthworks |
| Earthworks License Services | L | LicenseServicesNT.exe | Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Located in C:\Program Files\Common Files\Earthworks |
| Easy File & Folder Protector (ACDService) | L | EFPAP.exe | Easy_File_&_Folder_Protector Deny access to certain files and folders, or to hide them securely from viewing and searching |
| EC2007 Service 1.40 (EC2007Service) | L | ec27ser.exe | Electronic_Chart_Display_and_Information System (ECDIS). Data production for Electronic Navigational Charts. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| ECA (cpanel) | X | javapanel.exe | Added by the W32/Tilebot-Y WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| eEye Application Bus (eeyeevnt) | L | eeyeevnt.exe | Related to eEye Digital Security |
| eEye Retina Engine (RetinaEngine) | L | RetinaEngine.exe | Related to eEye Digital Security |
| Electronic Arts Licensing Service | L | EA Licensing Service.exe | Related to EA_Licensing_Service.exe is installed with some games from Electronic Arts. It is required for the games to run. Leave it alone if you want to play any games from EA Note: located in C:\Program Files\Common Files\Electronic Arts Shared\ |
| ELNK Update Service (ELNKUpdateService) | L | UpdateService.exe | Related to EarthLink's protection centre |
| EloSystemService | L | EloSrvce.exe | Elo TouchSystems, Inc. - http://www.elotouch.com |
| EloTouchscreen | L | EloTouch.exe | Related to Elo TourchSystems, Inc. |
| elpow_spy | X | elpow_spy.sys | Added by the ElpowKeylogger Spyware! Note: This file is found in the System32\drivers folder. Read the link, rootkit type stealth involved. |
| Emagic EMI System Tray Service (emitray) | L | emitray.exe | The tray icon of the emagic EMI 2/6 USB audio interface |
| EMCliSrv | L | EMCliSrv.exe | Related to Express_Metrix PC inventory and software usage tracking. Note: Located in C:\WINDOWS\system32\wex4962\ |
| Empty (m_hook) | X | m_hook.sys | Troj/BagleDl-CJ Note: Located in %windir%\system32 Read the link, rootkit stealth involved |
| Enables Java Support (Java) | X | winjava.exe | Added by the W32/Codbot-AA WORM! Note: This worm/trojan file is found in the System32 folder. (May use various filenames and will startup with system even in Safe mode.) |
| Enables Javascript Support (Javascript) | X | javascript.exe | Added by the W32/Codbot-V WORM! |
| Encryption Service | L | encsvc.exe | Related to Citrix MetaFrame |
| end task (Taskend) | X | Taskend.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Entrust Login Interface (ELIService) | L | etlisrv.exe | Related to Entrust Login Interface service, Made by Entrust Technologies Ltd. This file is found in the Windows or Winnt folder. |
| ENUFF Server (ENXPSVR) | L | ENSERVS.EXE | Enuff Parental Control Software by Akrontech |
| ENUFF XP Service (ENXPSVC) | L | CVSEXPSS.EXE | Enuff Parental Control Software by Akrontech |
| EP2005-SAGEM Usb Switcher (EpMonitor) | ? | EpMonitor.exe | Appears to be related to EpMonitor from "Eightfold Technologies" |
| EPrint III Service | L | LPSVS03N.EXE | Related to LEADTOOLS_ePrint From Lead Tech. Perform additional processing to your print job before sending it to the driver. |
| EPS Printer Driver | X | EPSONSYS.SYS | Added by the Goldun.I TROJAN! Note: This trojan file is found in the System32 (NT/2000/XP) folder. Also look for Winlogon Notify: printpnp - printpnp.dll |
EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) | L | EpStsSrv.exe | Related to EPSON_ESC/POS Status service by SEIKO EPSON Corp. Note: Located in C:\WINDOWS\SYSTEM32\ |
| Epson Printer Status Agent (StatusAgent) | L | SAgentNT.exe | Related to Epson_Printer Status agent. Note: Located in C:\Program Files\Common Files\EPSON\EBAPI\ |
| EPSON Printer Status Agent2 | L | SAgent2.exe | detects and configures an Epson Printer Port where applicable |
| Epson Printer Status Agent4 (StatusAgent4) | L | SAgent4.exe | Related to Epson Corp. |
| EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) | L | E_S00RP2.EXE | Related to the EPSON Status Monitor 3 |
| EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) | L | E_S00RP1.EXE | Related to the EPSON Status Monitor 3 |
| EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) | L | E_S30RP1.EXE | Epson status monitor |
| EpsonBidirectionalService | L | eEBSVC.exe | Related to Epson printers. |
| eRecovery Service (eRecoveryService) | L | eRecoveryService.exe | Related to eRecoveryService Management from Acer Empowering Technology Note: Located in C:\Acer\Empowering Technology\eRecovery\ |
| eScan Monitor Service | L | avpm.exe | eScan Antivirus |
| eScan Server-Updater | L | TRAYSSER.EXE | eScan antivirus |
| Escritorio remoto compartido de NetMeeting | L | mnmsrvc.exe | Spanish Windows 2000 Netmeeting remote desktop sharing service |
| Esker FTPD (ftpds) | L | WFTPDSNT.EXE | Related to Esker software |
| Esker License Control (EskerLicenseControl) | L | eslcbcst.exe | Related to Esker License control |
| Esker LPD (lpds) | L | WLPDSNT.EXE | Related to Esker software |
| Esker NFSD (nfsds) | L | WNFSDSNT.EXE | Related to Esker software |
| EstaciĂłe trabajo | L | services.exe | Spanish Windows 2000 "workstation" |
| ET54FG | X | ET54FG.SYS | Added by the TROJ_ROOTKIT.N TROJAN! Read the link, rootkit type stealth involved. |
| eToken Notification Service (ETOKSRV) | L | eTSrv.exe | Related to eToken Notification Service from Aladdin Knowledge Systems, Ltd. Authentication and password management. Note: Located in C:\WINDOWS\system32\ |
| eTrust Antivirus Job Server | L | InoTask.exe | Associated with eTrust Antivirus/InoculateIT |
| eTrust Antivirus Realtime Server | L | InoRT.exe | Related to eTrust's AntiVirus Internet Security solution. |
| eTrust Antivirus RPC Server | L | InoRpc.exe | Associated with eTrust Antivirus/InoculateIT |
| EUQ_Monitor | L | EUQMonitor.exe | Related to a Trend Micro product |
| Event Log Watch | L | LogWatNT.exe | Computer Associates |
| Event Monitor (evmon) | X | spoolcll.exe" -netcvs | Added by the W32.Spybot.IVQ WORM! |
| EvtEng | L | EvtEng.exe | Related to Intel Corporation http://www.what-process.com/process-info.aspx?p=EvtEng.exe |
| ewido anti-spyware 4.0 guard | L | guard.exe | Related to ewido_suite Note: located C:\Program Files\ewido anti-spyware 4.0/ |
| ewido security suite control | L | ewidoctrl.exe | Related to ewido networks |
| ewido security suite guard | L | ewidoguard.exe | Related to ewido networks |
| Examinador de equipos | L | services.exe | Spanish Windows 2000 computers browser |
| ExecView Communication Module (ECM) (ECM Service) | L | ECM.exe | Related to VERITAS_ExecView |
| Exten. controlador Instrumental de admon. de Windows | L | services.exe | Spanish Windows 2000 windows management instrumentation drive extension |
| Extend360 Agent (ServiceMgr) | L | ServiceMgr.exe | Related to Fiberlink's Extend360 TM mobile Note: Located in C:\Program Files\Fiberlink\Extend360\ |
Extended Windows Security (Microsoft Extended Windows Security) | X | elRecvr.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\ (Win9x/Me), C:\%WINDIR%\ (XP/WinNT/2K) |
| Externtelecom | X | extel.exe | Added by the W32/Sdbot-AAX WORM! Read the link, rootkit type stealth involved. |
| F-Prot Antivirus Update Monitor | L | fpavupdm.exe | Related F-Prot Antivirus Update Monitor by FRISK_Software_International |
| F-Secure 2006 (BackWeb Plug-in - 4476822) | L | SERVIC~1.EXE | Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder. |
| F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) | L | SERVIC~1.EXE | Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder. |
| F-Secure Anti-Virus Firewall Daemon | L | fsdfwd.exe | Related to F-Secure Corporation. |
| F-Secure Authentication Agent (FSAA) | L | FSAA.EXE | Related to F-Secure antivirus |
| F-Secure Automatic Update Agent (FSAUA) | L | fsaua.exe | Related to F-Secure Corporation. Note: Located in C:\Program Files\F-Secure\FSAUA\program\ |
| F-Secure BackWeb LAN Access | O | fsbwlan.exe | Related to F-Secure_BackWeb LAN Access. This File should be found in the Program Files\F-Secure Internet Security\backweb\7681197\program folder. |
| F-Secure Gatekeeper Handler Starter | L | fsgk32st.exe | Related to F-Secure Anti-Virus Prog. |
| F-Secure HTTP Server (fshttps) | L | fshttps.exe | F-Secure Corporation http://www.what-process.com/process-info.aspx?p=fshttps.exe |
| F-Secure Management Agent | L | FSMA32.EXE | Related to F-Secure Anti-Virus Prog. |
| F-Secure Network Request Broker | L | FNRB32.EXE | Related to F-Secure_Anti-Virus software. This File should be found in the Program Files\F-Secure\Common\ folder. |
| FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) | L | RNADiagReceiver.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) | L | RNADiagnosticsSrv.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| fan.eeewl.com | X | nsvce32.exe | Added by the TROJ_AGENT.IOF TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Fast Track Installer (FastTrackInstallerService) | L | GBInst.exe | Related to Fast_Track_USB from M-Audio. Note: Located in C:\Program Files\M-Audio Fast Track\ |
FastUserSwitchingCompatibil (Fast User Switching Compatibil) | X | svchost.exe | Added by the Troj/Keylog-AT TROJAN! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This trojan file is found in the Windows or Winnt folder. |
| Fear Service (FSVC) | X | fear32.exe | Added by the W32/Tilebot-T WORM! Note: This worm file is found in the Windows or Winnt folder. |
| Fiberlinkcomm Wireless Engine | L | BWEngine.exe | Related to Fiberlink's Extend360 TM mobile Note: Located in C:\Program Files\Fiberlink\Extend360\WENGINE2\ |
| FIFA WORLD CUP 2007 | X | fifa2007.exe | Added by the W32/Spybot-MQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\(XP/WinNT/2K) Steal information from Protected Storage and terminate certain anti-virus and security software |
| File and Folder Protector | L | ffpsrv.exe | Related to SoftHeap.Com a software shop of Atlantic Coast PLC http://www.softheap.com/ |
| FileCabinet CS Print Service (FCPrintService) | L | csifcsvc.exe | Related to FileCabinet_CS Print Service Note: Located in C:\%WINDIR%\ |
| FileChecker | L | filechecker.exe | Related to FileChecker from Javacool software. Watches important system files for changes, modifications, or tampering (by malicious programs). |
| FileZilla Server FTP server (FileZilla Server) | L | FileZilla Server.exe | Related to FileZilla A FTP and SFTP client for Windows from SourceForge.net |
| Firebird Guardian | L | fbguard.exe | Firebird Guardian |
| Firebird Server | L | fbserver.exe | Firebird Database Server |
| FireDaemon Service: events (events) | X | FireDaemon.EXE | Reported by Ewido security suite as Backdoor.SdBot.nj. Note: FireDaemon is a legitimate product that has been included, illegally, as part of the payload in a series of Worms and Trojans that exploit various security holes in Microsoft's Operating System products. For More information including cleanup Click_Here |
| FireDaemon Service: rundll (rundll) | X | FireDaemon.EXE | Reported by Ewido security suite as Backdoor.SdBot.nj. Note: FireDaemon is a legitimate product that has been included, illegally, as part of the payload in a series of Worms and Trojans that exploit various security holes in Microsoft's Operating System products. For More information including cleanup Click_Here |
| firefox auto update | X | firefox.exe | Added by the W32/Tilebot-DN WORM!, Note: Located in C:\%WINDIR%\ |
| Firewall service (FWSvc) | X | FWSvc.exe | Related to WinAntiVirus Pro - rogue "antivirus" |
| Fix-It Task Manager (mxserver) | L | mxserver.exe | Related to Ontrack Inc. Data Recovery service. |
| Flash Communication Admin Service (FlashComAdmin) | L | FlashComAdmin.exe | Appears to be modem driver related, Made by Macromedia, Inc. |
| Flash Communication Server (FlashCom) | L | FlashCom.exe | Appears to be modem driver related, Made by Macromedia, Inc. |
| FLEXlm server for PTC | L | lmgrd.exe | lmgrd.exe is a process associated with the Macrovision application-generic license server. |
| FLEXnet Licensing Service | L | FNPLicensingService.exe | Related to FLEXnet_Publisher from Macrovision. Note: Located in C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\ |
| Folder Size (FolderSize) | L | FolderSizeSvc.exe | Related to Folder_Size Adds an other column to your folder view. Note: Located in C:\Program Files\FolderSize\ |
Folding@Home (FAH@C:+FAH+fah-service+FAH502-Console.exe) | L | FAH502-Console.exe | Related to Stanford University - Folding@home is a distributed client computing effort by Stanford University http://tech-report.com/etc/folding/ |
| Font Cache Downlevel | L | FontCacheService.exe | Service installed by the Microsoft Avalon open beta. |
| ForceWare Intelligent Application Manager (IAM) | L | nSvcAppFlt.exe | Related to Nvidia Corp. Intelligent Application Manager. |
| ForceWare IP service (nSvcIp) | L | nSvcIp.exe | Related to Nvidia Corp. Network Access Manager. |
| ForceWare user log service (nSvcLog) | L | nSvcLog.exe | Related to Nvidia Corp. Network Access Manager. |
| Fortech Proxy+ | L | ProxyPlus.exe | FORTECH Ltd. http://www.proxyplus.cz/ |
| Fortinet Service Scheduler (FA_Scheduler) | L | scheduler.exe | Related to Fortinet security systems are the new generation of real time network protection systems. Note: located in C:\Program Files\Fortinet\FortiClient\ |
| Framework | O | srvany1234.exe | Unknown owner: Location C:\WINDOWS\system32\srvany1234.exe |
| Freeloader Monthly Subscription Service | L | Freeloader Monthly Subscription Service File.exe | Related to freeloader.com Online game services. |
| FreePOPs | L | freepopsservice.exe | FreePOPs is distributed by the GNU General Public License is intended to guarantee your freedom to share and change free software. Make sure your copy is not adware or includes a virus. Note: Located in C:\Program Files\FreePOPs\ |
| FreeSSHDService | L | FreeSSHDService.exe | Related to OpenSSH A free SSH/SecSH protocol suite providing encryption for network services like remote login or remote file transfer. Note: located in C:\Program Files\freeSSHd\ |
| FreezeScreenSaver | X | FreezeScreenSaver.exe | FREEZESCREENSAVER.EXE_is_Adware Note: Located in C:\WINDOWS\system32\ |
| frepdll.exe | X | FREPDLL.EXE | Added by the W32/Tilebot-D WORM! Note: Gives the fake description "ET dll Locator tool". Read the link, rootkit type stealth involved. |
| FS Service Control | L | NTServApp.exe | Related to ArchestrA Software architecture for the integration of your automation systems. |
| fsbwsys | L | fsbwsys.exe | Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder. |
| Fujitsu Services VPN Manager (FS_VPNmanager) | ? | FSVPNManager.exe | Appears to be software from Fujitsu |
| FUS_Server (USEPigeonServer) | X | FTPServer.exe | Added by the Troj/Hunpigon-RO TROJAN! Note: This trojan file is found in %windir% |
| FW Configuration Interpreter | L | UmxCfg.exe | Tiny Firewall |
| FW Event Manager | L | UmxAgent.exe | Tiny Firewall |
| FW Live Update | L | umxlu.exe | Tiny Firewall |
| FW Policy Manager | L | UmxPol.exe | Tiny Firewall |
| FW User to IP Address Translation | L | umxuta.exe | Tiny Firewall |
| FW User-Mode Helper (UmxFwHlp) | L | UmxFwHlp.exe | Tiny Software Firewall User-Mode Helper. Made by Tiny Software, Inc. A subsidiary of Computer_Associates_International The file associated with this service is located in the Program Files\Tiny Firewall folder. |
| fwnet64 (fwnet) | X | fwnet64.exe | Added by Backdoor.SDBot.gen Note: This worm\trojan is located in C:\%WINDIR%\ |
| FwSRService | L | fwsrservice.exe | CheckPoint SecuRemote |
| gb | X | ibm*****.dll | Trojan-PSW:W32/Sinowal.CP Read the link, steals information Note: ***** is a 5 digit random number |
| GB-PVR Recording Service | L | gbpvrrecordingservice.exe | Part of GB-PVR Personal video recorder software |
| GBPoll | L | GBPoll.exe | Seems to be Roxio GoBack related |
| GbpSv | X | svchost.exe | Troj/Banker-EFM Read the link, steals information Note: Located in %windir% |
| GCX Service | X | GCXSRVC.EXE | Added by the RBOT.CUE WORM! Read the link, rootkit type stealth involved. |
| GEARSecurity | L | GEARSEC.EXE | Related to GEAR software. |
| Gene6 FTP Server | L | G6FTPSERVER.EXE | Related to Gene6 Sarl. http://www.g6ftpserver.com/ |
| General Network Service | X | winsocks32.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| generic host process (svchost) | X | svchost.exe | Added by the W32/Tilebot-BB WORM! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Generic Host Process (svchost) | X | SVCHOST.EXE | Added by the SDBOT.CNK WORM! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
Generic Host Process For Win32 Services (Generic Host Process) | X | svchost.exe | Added by the W32/Tilebot-DM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
Generic Service for HID Keyboard Input Collections (GenericHidService) | L | HIDSERVICE.exe | Enhanced Driver for Keyboards and Windows http://www.microsoft.com/whdc/device/input/w2kbd.mspx |
| GFI LANguard N.S.S. 7.0 Attendant Service | L | lnssatt.exe | Related to GFI_LANguard_Network Security Scanner from GFi. Note: Located in C:\Program Files\GFI\LANguard Network Security Scanner 7.0\ |
| GFI LANguard System Integrity Monitor 3 agent service | L | cfservice.exe | GFI LANguard System Integrity Monitor is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. Made by GFI_Software_Ltd File location is in the Program Files\GFI\System Integrity Monitor 3 folder. |
| GhostStartService | L | GHOSTS~2.EXE | Related to Norton. GHOSTSTARTSERVICE is the background support task/service for Ghost for Windows. |
| Giga Pocket Hardware Detector | L | shwserv.exe | Sony computers |
| gldr | X | gldr.exe | Trojan Related |
| Google Updater Service (gusvc) | L | GoogleUpdaterService.exe | Related to Google_Updater_Service Note: Located in C:\Program Files\Google\Common\Google Updater\ |
| GoogleDesktopManager | L | GoogleDesktopManager.exe | Related to Google_Desktop_Manager Note: Located in C:\Program Files\Google\Google Desktop Search\ |
| GoToMyPC | L | g2svc.exe | Related to Citrix Online |
| GoverLAN Service (GOVsrv) | L | GOVsrv.EXE | Owner:PJ Technologies Inc. See_Here |
| Gray (Pigeon) | X | Scrsss.exe | Added by the Troj/GrayBrd-AM TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| GrayPigeonServer | X | in.exe | Added by a variant of the Troj/GrayBrd-AP TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| GrayPigeonServer | X | G_Server2006.exe | Added by the Troj/Graybrd-EI TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. More: delete this file also G_Server2006Key.DLL |
| GrayPigeon_Hacker.com.cn | X | winlogoin.exe | Added by the Troj/GrayBrd-BA TROJAN! Added by an unknown malware. Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder. |
| Gray_Pigeon (GrayPigeon) | X | .exe | Added by the Troj/GrayBrd-EH TROJAN! Note: This worm\trojan file is found in the Program Files folder. |
| Gray_Pigeon (GrayPigeon) | X | G_Server2.0.exe | Troj/Hupigon-CH Note: Located in %windir% Read the link, allows remote access |
| Gray_Pigeon_Serve (GrayPigeonServer) | X | G_Server.exe | Added by the Troj/Feutel-I or Troj/Feutel-AI TROJAN! |
| Gray_Pigeon_Server (GrayPigeonServer) | X | G_Server1.2.exe | Added by the Troj/GrayBrd-AP TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| Gray_Pigeon_Server1.236 (GrayPigeonServer1.236) | X | G_Server1.236.exe | Troj/Hupigon-RW Read the link, allows remote access |
| Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) | X | G_Server2.0.exe | Added by the Troj/GrayBird-O TROJAN! |
| GreenBorder Client Manager Service (clnt_ClientMan) | L | ClientMan.exe | Related to GreenBorder Secure your browsing activities on the internet. Note: Located in C:\Program Files\GreenBorder\ |
| GridIron X-Factor After Effects Peer #1 (XFACTORAE1) | L | xlr8d.exe | Related to GridIron Nucleo For digital post production professionals using Adobe® After Effects® on a multi-processor or new multi-core computer |
| Groove Installer Service | O | GrooveInstallerService.exe | ??? |
| GS30s | L | GS30s.exe | Related to Gizmo!_Secure USB flash drive software by Crucial |
| handle (handle) | X | handle.exe | Added by the SDBOT.CDD WORM! Read the link, rootkit type stealth involved. |
| Handling the DHCP requests (DHCP Client) | X | dhcpclient.exe | Most likely a W32.Toxbot_variant |
| Hardware Clock Driver (hwclock) | X | hwclock.exe | Added by the W32/Hwbot-A WORM! |
| Hardware Detection (Serv-U) | X | svchost.exe | Reported by Kaspersky Anti-Virus as Win32.Serv-U.gen Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This file is found in the System32\drivers\etc\data\ folder. |
| Hardware Monitor Service (Hardware Monitor) | X | mshms.exe | Added by the Troj/Wollf-A TROJAN! |
| Hardware Monitoring Program (ADMService) | L | admServ.exe | Related to Avocent Embedded Software and Solutions Division |
| Harmony | L | RSOBSERV.EXE | Related to Rockwell_Automation Inc. FactoryTalk suite |
| haxdrv | X | haxdrv.sys | Added by the Troj/Rootkit-U TROJAN! Read the link, rootkit type stealth involved. |
| hcalway | X | hcalway.sys | Added by the PigSearch Adware. Read the link, rootkit type stealth involved. |
| hexadecimal (HexadecimaRepresentation) | X | Edit.exe | Added by the W32/Sdbot-AAY WORM! Note: File name may be different. Read the link, rootkit type stealth involved. |
| HF30Service | L | HF30Service.exe | Related to Lock_Folder Password protection for files, folders, and drives. Note: Located in c:\Program Files\Everstrike Software\Hide Folder 3.1\ |
| hgz | X | Hacker.com.cn.exe | Added by a variant of the Troj/Feutel-CJ TROJAN Note: This worm\trojan is located in C:\%WINDIR%\HgzServer\ Folder. |
| Hibernation | L | hibserv.exe | Related to Compaq-Hewlett Packard hibernation service. |
| HICOM LAN Bridge VCapiDrv (vcapidrv) | ? | vcapintsvc.exe | Could be related to a new version of HICOM LAN Bridge? |
| HID Input Service WIN32 (HID_Input_Service_WIN32) | X | msiexecu.exe | Added by the Troj/Raser-AS TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Creates this file SndSystem.sys which acts as a rootkit. |
| HID Output Service (HODSrv) | X | hpsvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Horario de Windows | L | services.exe | Spanish Windows 2000 "windows time" |
| host (host) | X | host.exe | Added by the Troj/GrayBrd-AR TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| host Service For Windows (mshost) | X | mshost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Host Services (Host Services) | X | svhosts.exe | Added by the W32/Tilebot-AC WORM! Note: This is not the legitimate Windows process svchost.exe (Notice the difference in the spelling.) This worm\trojan file (svhosts.exe) is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Host Services (Host Services) | X | myhost.exe | Added by the W32/Tilebot-AT WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Hotplug Devices Manager | X | hotplug.exe | Added by the W32.Orpheus.A WORM! |
| Hotspot Shield Service (HotspotShieldService) | L | openvpnas.exe | Related to Hotspot_Shield helps secure your computer, your anonymity and your online communications when using free wi-fi. Note: Located in C:\Program Files\Hotspot Shield\bin\ |
| Houdini License Client (HoudiniServer) | L | hserver.exe | Related to Houdini_License_Server from Side Effects Software Inc. Note: Located in C:\WINDOWS\system32\ |
| Houdini License Server (HoudiniLicenseServer) | L | sesinetd.exe | Related to Houdini_License_Server from Side Effects Software Inc. Note: Located in C:\WINDOWS\system32\ |
| HP Configuration Interface Service | L | HPConfig.exe | HPConfig Module |
| HP Hard Drive Thermal | L | HDThermal.exe | Related to Hewlett-Packard company. |
| HP Insight Event Notifier (CIMnotify) | L | cimntfy.exe | Related to HP products |
| HP Insight Foundation Agents (CqMgHost) | L | cqmghost.exe | Related to HP products |
| HP Insight NIC Agent (CpqNicMgmt) | L | cpqnimgt.exe | Related to HP products |
| HP Insight Server Agents (CqMgServ) | L | cqmgserv.exe | Related to HP products |
| HP Insight Storage Agents (CqMgStor) | L | cqmgstor.exe | Related to HP products |
| HP OpenView Trace Service | L | OVTrace.exe | HP OpenView Internet Services |
| HP Port Resolver | L | hpbpro.exe | Related to Hewlett-Packard Company |
| HP ProLiant Remote Monitor Service (CpqRcmc) | L | CpqRcmc.exe | Related to HP_ProLiant_Remote_Monitor_Service Note: This file is located in C:\%WINDIR%\ |
| HP ProLiant System Shutdown Service (sysdown) | L | sysdown.exe | Related to HP products |
| HP RF Device Service | L | HpRfDev.exe | support for HP managing wireless devices |
| hp service (Hpsys) | X | hpsys.exe | Added by the W32/Codbot-AF WORM! Note: This service has nothing to do with HP. This worm\trojan file is found in the System32 folder. |
| HP Status | L | hpb2ksrv.exe | Related to Hewlett-Packard Company |
| HP Status Print | L | hpbhksrv.exe | Related to Hewlett-Packard company. |
| HP Status Server | L | hpboid.exe | Related to Hewlett-Packard Company |
| HP System Management Homepage (SysMgmtHp) | L | smhstart.exe | Related to HP products |
| HP Version Control Agent (cpqvcagent) | L | vcagent.exe | Related to HP products |
| HP WMI Interface (hpqwmi) | L | HPQWMI.exe | Related to Hewlett-Packard |
| hpdj | ? | hpdj.exe | Maybe HP related? Sits in TEMP folder. |
| hpdj | L | hpztsb04.exe | Hewlett Packard printer toolbox, sits in taskbar. Path to executable file - %windir%\system32\spool\drivers\w32x86\3\ |
| hpdriver | X | hpdriver.sys | Added by the Troj/Rootkit-AA TROJAN! Note: This trojan file is found in the System32 folder. Read the link, rootkit type stealth involved. |
| HpPrinter | X | hpserver.exe | Added by the Troj/CmjSpy-W Trojan! |
| hpqwmiex | L | hpqwmiex.exe | Related to HP_ProtectTools security manager |
| HPR34K8 | X | hpr34k8.sys | Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved. |
| HPWirelessMgr | L | HPWirelessMgr.exe | Located in HP Notebook Utilities - guessing for wireless connection. |
| HTTP SSL (HTTPFilter) | L | lsass.exe | Related to Application_Isolation_Mode_Functions Microsoft IIS 6.0. Note: Located in C:\%WINDIR%\System32\ |
| huapeak | ? | huapeak.exe | Unknown origin. |
| Hummingbird Inetd (HCLInetd) | L | inetd32.exe | Related to Hummingbird Ltd. - http://www.hummingbird.com/ |
| Hummingbird Jconfig Daemon (Jconfigd) | L | jconfigdnt.exe | Related to Hummingbird Ltd. - http://www.hummingbird.com/ |
| HXD Service 100 (HackerDefender100) | X | newka.exe | Virus http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39265 |
| H_Server (H_Server) | X | G_Server.exe | Added by the Troj/GrayBird-W TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| i386p | X | I386P.SYS | Added by the Backdoor.Rustock TROJAN! Found in the System32\drivers folder. Read the link, rootkit type stealth involved. |
| IAA Event Monitor | L | iaantmon.exe | Intel related |
| Iap | L | Iap.exe | Related to Dell OpenManage Client Instrumentation. |
| IBM Automatic Server Restart Executable (ibmasrex) | L | ibmasrex.exe | Unknown owner :Location C:\WINDOWS\system32\ibmasrex.exe Related to IBM servers. |
IBM CICS Transaction Gateway (IBMCICSTransactionGateway) | L | CTGSERVICE.EXE | Related to IBM Corp. |
| IBM CICS Universal Client (CICSClient) | L | cclserv.exe | Related to IBM Corp. |
| IBM Enterprise Extender (ldlcserv) | L | ldlcserv.exe | Related to IBM Corp. - http://www.anti-spy.info/process/ldlcserv.exe.html |
| IBM HDD APS Logging Service (TPHDEXLGSVC) | L | TPHDEXLG.EXE | Related to IBM's Active_Protection_System Made by the IBM_Corporation The file associated with this service is located in the System32 folder. |
| IBM KCU Service | L | TpKmpSVC.exe | related to IBM ThinkPad |
| IBM Mobility Client DHCP Control (artdhcp) | L | artdhcp.exe | Related to IBM_Mobility_Client DHCP Control Note: Located in C:\Program Files\IBM\Mobility Client\ |
| IBM MQSeries | L | amqsvc.exe | IBM WebSphere® MQ to exchange information across different platforms |
| IBM PM Service | L | ibmpmsvc.exe | Power management driver for IBM laptops |
| IBM PSA Access Driver Control | L | PsaSrv.exe | related to Professional Services Automation (PSA) from SharpOWL |
| IBM Rapid Restore Ultra Service | L | rrpcsb.exe | related to Xpoint Technologies |
| IBM Trace Facility (TrcBoot) | L | trcboot.exe | Related to IBM Corp. |
| IBM User Verification Manager | L | uvmserv.exe | Related to IBM_User_Verification_Manager (UVM) secure logon interface. Note: located in C:\Program Files\IBM\Security\ |
IBM WebSphere Application Server V5 - server1 (IBMWAS5Service - server1) | L | wasservice.exe | Related to IBM WebSpere server. |
| IBWin Service | L | IBWin Service.exe | Related to IBackUp_for_Windows Backup on character sets other than US/English. Note: Located in C:\Program Files\IBackup For Windows\ |
| iClarityQoSService | L | QosServM.exe | Related to Avaya_IP Softphone. Note: Located in C:\WINDOWS\system32\ |
| ICONICS License Server (GenRegistrar) (GenRegistrar) | L | GenRegistrarServer.exe | Related to ICONICS Inc. Visualization and Automation software products |
| ICQ Update Service (ICQUPD) | X | kpsf.sys | Detected as Backdoor.HackDefender. Rootkit type stealth involved. |
| ICRAplus | L | ICRAplus.exe | Related to ICRAplus internet filter, parental control etc. Note: Located in C:\Program Files\ICRAplus\ICRAplus\ |
| icrss manager 32bit (icrss) | X | icrss.exe | Added by the W32/Rbot-FZB WORM! Note: Located in C:\WINDOWS\system\ |
| icservice - ONTRACK Data International, Inc. | L | icserv.exe | Related to SuperAdBlocker |
| iD2 Smart Card Server (id2scaps) | L | id2scaps.exe | iD2 is a client product that brings security, user authentication and digital signatures to standard Internet browsers by utilising Smart Cards and the client-side of the SSL protocol. |
| ieupdater (Microsoft IE Updater) | X | ieupdate.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Documents and Settings\user name\Local Settings\Temp\ |
| ieupdater1 (Microsoft IEUpdater1) | X | ie_updater.exe | Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\ |
| ieupdater2 (Microsoft IE Updater2) | X | ~tmp0374.exe | Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Documents and Settings\(user name)...\ Note: filename is random. |
| ieupdater2 (Microsoft IEUpdater2) | X | ie_updater.exe | Added by the Troj/Bckdr-QGB TROJAN! Note: This Trojan is located in C:\ ROOT folder. |
| ieupdater21 (Microsoft IEUpdater21) | X | ie_updater.exe | Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\ |
| ieupdater22 (Microsoft IEUpdater22) | X | ie_updater.exe | Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\ |
| iexplorer (iexplorer) | X | iexplorer.exe | Added by the Troj/Singu-U TROJAN! Note: This trojan file is found in the System32 folder |
| IgniteService.exe | L | IgniteService.exe | Related to Accenture_Media_Viewer |
Image Converter video recording monitor for VAIO Entertainment | L | IcVzMon.exe | Related to Sony_VAIO computers. |
| ImagePath (VGADown) | X | avp.exe | Troj/Maran-AA Read the link, steals information |
| ImagePath (win32ssr) | X | win32ssr.exe | Added by the W32/Sdbot-AMA WORM! Read the link, rootkit type stealth involved. |
| IMail FINGER Server (FINGRD32) | L | FINGRD32.exe | Related to Ipswitch Inc. Network Management. |
| IMail IMAP4 Server (IMAP4D32) | L | IMAP4D32.exe | Related to Ipswitch Inc. Network Management. |
| IMail LDAP Service (OpenLDAP-slapd) | L | slapd.exe | Related to Ipswitch Inc. Network Management. |
| IMail Monitor Service (IMONITOR) | L | IMonitor.exe | Related to Ipswitch Inc. Network Management. |
| IMail POP3 Server (POP3D32) | L | POP3D32.exe | Related to Ipswitch Inc. Network Management. |
| IMail PWD Server (PSERVE) | L | PSERVE.exe | Related to Ipswitch Inc. Network Management. |
| IMail Queue Manager Service (QUEUEMGR) | L | queuemgr.exe | Related to Ipswitch Inc. Network Management. |
| IMail SMTP Server (SMTPD32) | L | smtpd32.exe | Related to Ipswitch Inc. Network Management. |
| IMail Sys Logger Service (SYSLOGD) | L | SYSLOGD.exe | Related to Ipswitch Inc. Network Management. |
| IMail Web Calendar Service (IWEBCAL) | L | IWebCal.exe | Related to Ipswitch Inc. Network Management. |
| IMail Web Service (IWEBMSG) | L | iwebmsg.exe | Related to Ipswitch Inc. Network Management. |
| IMail WHOIS Server (WHOISD32) | L | WHOISD32.exe | Related to Ipswitch Inc. Network Management. |
| IMAPI CD-Burning COM Service | L | ImapiRox.exe | IMAPI CD-Burning COM Service |
| IMAPI CD-Burning COM Service (ImapiService) | L | imapi.exe | Related to recording of CDs. |
| IMountSRV | L | IMountSRV.exe | Related to Paragon hard_disk_manager |
| Inbound Distributor Service | L | inbounddistributorservice.exe | Related to Inbound_Logistics |
| InCD File System | L | InCDsrv.exe | InCD Packet Writer related. |
| InCD Helper | L | InCDsrv.exe | InCD Packet Writer service from Nero Burning ROM (Ahead Software) |
| Independent Management Architecture (IMAService) | L | ImaSrv.exe | Related to Citrix MetaFrame |
| Index Service (b3) | X | dllhost32.exe | Added by the WORM_AGOBOT.CH WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Indexing Helps (Indexingbox) | X | svchest.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More] here |
| Indexing The System Files (Indexing Service) | X | winupdatez.exe | winupdatez.exe |
| Indexings Services | X | systen32.exe | Added by a variant of the W32/SDBOT WORM! Note: C:\Program Files\Common Files\Microsoft Shared\MSINFO\ |
| Inicio de sesiĂłn red | L | lsass.exe | Spanish Windows 2000 net logon |
| Input Service (Input_Service) | X | msiexecu.exe | Added by a variant of the Troj/Raser-AS TROJAN. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Input Virtual Component (AVCMSC) | X | msipsvc.exe | Added by a variant of the SdBot.aad family of TROJAN! Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Install Driver Manager (Install Driver Table Manager) | X | wpablan.exe | Added by the W32/Sdbot-CWR TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder. |
| InstallDriver Service (ISDS) | X | csscv.exe | Added by the W32/Sdbot-CPL WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| InstallDriver Table Manager | L | IDriverT.exe | Related to Macrovision Corporation. |
| InstallShield Licensing Service | L | InstallShield Licensing Service.exe | Related to InstallShield_Licensing_Service from Macrovision. Create high-quality software installation engines. |
| Instantáas de volumen | L | vssvc.exe | Volume Shadow Copy Service found in Windows XP and 2003. |
| Instrumental de administraciĂłe Windows | L | WinMgmt.exe | Spanish Windows 2000 windows management instrumentation |
| Integrated Multimedia Server | L | ImmsService.exe | Related to Integrated_Multimedia_Server MultiMedia Router from NetGear. Note: Located in C:\Program Files\NETGEAR\MEDIAS~1\ |
| Intel Alert Handler | L | hndlrsvc.exe | Related to Intel Corp. |
| Intel Alert Originator | L | iao.exe | Related to Intel Corp. |
| Intel CI Manager | L | CiMgrLdr.exe | Related to Intel Corp. |
| Intel Client Instrumentation for DMI (ni_nic) | L | ni_nic.exe | Intel Client Instrumentation for DMI |
| Intel File Transfer | L | xfr.exe | Related to Intel Corp. |
| Intel IIDS | L | IIDS.exe | Related to Intel Corp. |
| Intel Local Scheduler Service | L | LOCALSCH.EXE | Part of LANDesk Management Suite. |
| Intel NCS NetService (NetSvc) | L | NetSvc.exe | Intel NCS NetService |
| Intel PDS | L | pds.exe | Related to Intel Corp. |
| Intel QIP Client Service | L | QIPCLNT.EXE | Part of LANDesk Management Suite. |
| Intel Speedstep Technology | X | intelst.exe | Win32/IRCBot.worm.128512.H |
| Intel SSM | L | ssm.exe | Related to Intel Corp. |
| Intel Targeted Multicast | L | tmcsvc.exe | Part of LANDesk Management Suite. |
| Intel(R) NMS | L | NMSSvc.exe | NIC Management Service - diagnostics program for Intel Pro family network cards |
| Intel® Active Monitor (imonNT) | L | imonnt.exe | http://www.liutilities.com/products/wintaskspro/processlibrary/imonnt/ |
| Intel® NMS | L | NMSSvc.exe | Related to Intel Corp. |
| Intel® Alert Service (AlertService) | L | AlertService.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\CCU\ |
| Intel® Application Tracker (MCLServiceATL) | L | MCLServiceATL.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\ |
| Intel® Desktop Utilities Service (iHCService) | L | IDUServ.exe | Related to Intel® Desktop_Utilities service from OSA Technologies. Inc. Note: Located in C:\Program Files\Intel\IDU\ NoteNow owned by Avocent_Corporation, http://www.avocent.com/web/en.nsf/Content/04072004-F |
| Intel® Quick Resume Technology Drivers (ELService) | L | ELService.exe | Related to Intel® _Quick_Resume_Technology Drivers. Note: Located in C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ |
| Intel® Remoting Service (Remote UI Service) | L | Remote UI Service.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\ |
| Intel® Software Services Manager (ISSM) | L | ISSM.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ |
| Intel® Viiv™ Media Server (M1 Server) | L | mediaserver.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ |
| Interbase Guardian | L | ibguard.exe | Interbase database server related |
| InterBase InterClient Server | L | interserver.exe | Interbase database server related |
| InterBase Server | L | ibserver.exe | Interbase database server |
| Internet Connection Manager | X | (random name).exe | Troj/Agent-ELW |
| Internet Connection Monitor Engine | L | ICMNT.EXE | User reports that it's for a Home Router from Deerfield Communications www.deerfield.com/ |
| Internet Explorer (Internet Explorer) | X | Internet.exe | Added by the Troj/Feutel-AA TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| Internet Proxy | L | InternetProxy.exe | Related to ICRAplus internet filter, parental control etc. Note: Located in C:\Program Files\ICRAplus\ICRAplus\ |
| Internet Service Manager (INETSVC) | X | INETSVC.EXE | Added by the Backdoor.Win32.SdBot.xd detected by Kaspersky More: Here Note: This worm\trojan is located in C:\%WINDIR%\ |
| Internet TCP Protocol (Win_ad) | X | TCPServer.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\wadsys\ (Win9x/Me), C:\%WINDIR%\wadsys\ (XP/WinNT/2K) |
| internew (internew) | X | system.exe | Added by the Troj/Cmjspy-BN TROJAN! |
| InterPlot IMF Printer Driver Service | L | pidrpcs.exe | InterPlot device drivers - See Here InterPlot/Overview.htm |
| Intespention (Win32) | X | IEXPLORE.exe | Added by the W32/Forbot-FL WORM! |
| Intranet Service (IntranetService) | X | intranet.exe | Owner:Brought to you by the Bandwidth Bandits. Location: C:\WINDOWS\SYSTEM32\intranet.exe |
| Intuit Entitlement Service v2 | L | Intuit.Spc.Map.EntitlementClient.Server.Service.exe | Related to Intuit_Entitlement_Service Installed with Intuit QuickBooks Point Of Sale software. Note: Located in C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\ |
| Intuit QuickBooks FCS (QBFCService) | L | Intuit.QuickBooks.FCS.exe | Part of Intuit QuickBooks software |
| InVircible Scheduler (IVScheduler) | L | IVSCHED.EXE | Security software package to protect personal computers and PC networks. Owner: NetZ Computing Ltd. Israel. InVircible |
| iolo DMV Service (ioloDMV) | L | ioloDMVSvc.exe | Part of system mechanic |
| iolo System Guard | L | IoloSGCtrl.exe | Related to System_Mechanic by Iolo |
| Iomega Active Disk | L | ADService.exe | Related to Iomega Corporation |
| Iomega Activity Disk2 | L | ActivityDisk.exe | ActivityDisk Iomega Corporation SmartSoft ActivityDisk |
| Iomega App Services | L | AppServices.exe | Iomega related |
| IomegaAccess | L | IOMEGAACCESS.EXE | related to Iomega Backup |
| ION Java Daemon 2.0 | L | ion_srv.exe | Related to ITT_Visual_Information_Solutions ION Script is a powerful tool for creating Web-based IDL visualization and analysis applications. Note: Located in C:\Program Files\RSI\IDL60\products\ion20\ion_java\bin\ |
| ION Java Daemon 6.1 | L | ion_srv.exe | Related to ITT_Visual_Information_Solutions ION Script is a powerful tool for creating Web-based IDL visualization and analysis applications. Note: Located in C:\Program Files\RSI\IDL61\products\ion61\ion_java\bin\ |
| Ip4Sec (Ip4Sec) | X | ip.sys | Added by the Satiloler.E TROJAN! Read the link, rootkit type stealth involved. |
| Ip6Fw | X | ip6fw.sys | Troj/Agent-ELV |
| iPAHelper.exe | L | iPAHelper.exe | Related to iPod_Access for Windows. Note: Located in C:\Program Files\iPod Access for Windows\ |
| iPassConnectEngine | L | iPassConnectEngine.exe | Related to iPassConnect Universal Client. iPass addresses the needs of both users and IT by making safe, simple and effective network access a reality, no matter where end users are located. Note: Located in C:\Program Files\iPass\iPassConnect iRAS\ |
| iPod Service | L | iPodService.exe | Related to Apple iPod. |
| iPodSrv | L | iPodSrv.exe | Related to iPod Apple software. Note: located in C:\Program Files\iPod\bin\ in Windows 2000/XP/2003. |
| IPODT1000 (ssipod1) | | ssipod1.sys | Troj/Goldun-FI |
| IPRIP | X | ipripst.dll | Detected as W32/Mofei-V Located in \ipripst.dll |
| IPRIP (IPRIP) | X | svchost.exe -k netsvcs | Added by the Backdoor.Ripgof TROJAN! Read the link, rootkit type stealth involved. |
| IPS Core Service (IPSSVC) | L | IPSSVC.EXE | A VPN client service found in Lenovo Thinkpad. Note: located in C:\WINDOWS\system32\ |
| Ipswitch WS_FTP Queue (ftpqueue) | L | ftpsched.exe | Related to Part of WS_FTP Pro from Ipswitch. Note: Located in C:\Program Files\WS_FTP Pro\ |
| Ipswitch WS_FTP Service (iFtpSvc) | L | iFtpSvc.exe | Related to Ipswitch_WS_FTP The main exe file of WS-FTP server. Note: Located in C:\iFtpSvc\ |
| IPtable | X | ipconfig32.exe | Added by the W32/Tilebot-AP WORM! Note: This worm file is found in the Windows or Winnt folder. |
| IPv6 Helper Driver | X | csass.exe | Added by the AGOBOT.TC WORM! |
| IPX/SPX (NWLink) | X | usbmini.sys | Troj/Proxy-CY Note: Located in %windir%\system32\drivers Read the link, allows remote access |
| IrBridge User-Level Interface (USRBRIDG) | L | usrbridg.exe | Related to the Extended Systems infrared port, made by Extended_Systems Inc. This file should be located in the Windows\System32\ or Winnt\System32 folder. |
| ISAM SMT Service (ISAMsmt) | L | isamsmt.exe | Related to IBM Global Services - http://www.anti-spy.info/process/isamsmt.exe.html |
| iSeries Access for Windows Remote Command (Cwbrxd) | L | CWBRXD.EXE | Related to IBM Corporation. http://www.ibm.com/ |
| ISEXEng | X | angelex.exe | Bargain Buddy variant |
| ISP Ampi Service | X | isampi.exe | Added by the W32/Tilebot-JJ WORM! Note: This worm is located in C:\%WINDIR%\ Read the link, allows remote access |
| ISSI EZUpdate (ISSIMon) | L | issimsvc.exe | Related to Ibm_Global_Services Used internally by IBM for automatic updating of software and microsoft patching Note: Located in c:\sdwork\ |
| ISSvc | L | ISSVC.exe | Related to Norton Internet Security |
| Italian Grand Prix | X | grand.exe | Added by the W32/Spybot-MK WORM! Note: C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| iTunes Music Service (iTunesMusic) | X | iTunesMusic.exe | Added by W32.Spybot.NLX WORM! Rootkit Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| IWin service | X | iwinapp.exe | Added by a variant of the Trojan/Backdoor TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Ixia Endpoint (IxiaEndpoint) | L | endpoint.exe | Added by Ixia_Endpoint Note: Located in C:\PROGRA~1\NetIQ\Endpoint\ |
| Jaguar | L | jagsrv.exe | Related to Sybase_EAServer Note: Located in C:\Sybase\EAServer\bin\ |
| Java development Services | X | logins32.exe | Added by the W32/Tilebot-HC WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Steal information from Protected Storage |
| Java development Services | X | windows.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Java inetice | X | realetin.exe | Added by the Troj/Bckdr-PQM TROJAN! Note: This worm\trojan is located in C:\Program Files\Common Files\Microsoft Shared\MSINFO\ |
| Java Sun Scheduler (JUSCHED) | X | jusched.exe | Added by the W32/Sdbot-CQC WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. More here |
| JavaPlatform64 | X | JavaPlatform | Added by the W32/Kassbot-M WORM! Note: Located in C:\%WINDIR%\ |
| JiurlPortHide (JiurlPortHide) | X | JiurlPortHide.sys | Added by the Troj/Progent-A TROJAN! |
| jsdaemon | L | jsdaemon.exe | Related to fax service from JetFax Inc. |
| Juniper Network Connect Service (dsNcService) | L | dsNcService.exe | Related to Juniper Networks Inc. Networking Platform. |
| K4NV | X | k4nv.exe | Added by a variant of the Trojan.K4NV.Process WORM! Note: located in C:\WINDOWS\k4nv.exe |
| K9 Time Synchronization | L | k9nt.exe | Related to HC Mingham-Smith Limited http://www.kaska.demon.co.uk/history.htm |
| Kaseya Agent | L | AgentMon.exe | Related to Kaseya Inc. |
| Kaspersky Anti-Virus 6.0 (AVP) | L | avp.exe | Related to Kaspersky_Anti-Virus Note: Located in C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ |
| Kaspersky Anti-Virus Service (KLBLMain) | L | kavmm.exe | Related to Kaspersky virus removal program. |
| KAV Monitor Service | L | avpm.exe | Kaspersky AntiVirus |
| kavsvc | L | kavsvc.exe | Kaspersky AntiVirus |
| kbdrv64 | X | KBDRV64.SYS | Added by the TROJ_ROOTKIT.K TROJAN! Read the link, rootkit type stealth involved. |
| kdc | X | svchost.exe -k kdc | Added by the Fuwudoor TROJAN! |
| Kerberos Key Transaction Coordinator (kerbkey) | L | kerb.exe | Verify one computer's identity to another and to set up encryption keys for a secure connection between them. http://www.computerworld.com.au/index.php/id;886626422;fp;512;fpid;6860893 |
| Kerio MailServer (KerioMailServer) | L | mailserver.exe | Related to Kerio_MailServer Note: Located in C:\Program Files\Kerio\MailServer\ |
| Kerio Personal Firewall | L | persfw.exe | Kerio Firewall |
| Kerio Personal Firewall 4 (KPF4) | L | kpf4ss.exe | Related to Kerio Personal FireWall. |
| Kernell32 | X | termsv.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Keyboard Service System Files (Keyboard Service) | X | navupdate64.exe | Added by a variant of the WIN32.RBOT WORM! Note: This worm file is found in the System32 folder. |
| Kingsoft Antivirus KWatch Service (KWatchSvc) | L | KWatch.EXE | Related to Kingsoft_Antivirus virus protection and content filtering. Note: located in C:\KAV****\ [* = 4 digits representing the year.] |
| Kingsoft Personal Firewall Service (KPfwSvc) | L | KPfwSvc.EXE | Related to Kingsoft_Antivirus virus protection and content filtering. Note: located in C:\KAV****\ [* = 4 digits representing the year.] |
| kingxxx | X | svchost.exe | Troj/PWS-ACY , http://www.sophos.com/security/analyses/trojpwsacy.html Note: Located in %programfiles%\windows media player |
| Knob Service (KNOBSERV) | L | KnobService.exe | File belongs to Acer_Inc |
| Kodak Camera Connection Software | L | KodakCCS.exe | Kodak Software to connect digital cameras |
| konfig | L | mcp.exe | Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin |
KONICA MINOLTA PageScope Net Care (PageScope Net Care Service) | L | JavaService.exe | Related to KONICA_MINOLTA_PageScope a client-server network printer management utility included with all KONICA MINOLTA printers. Note: Located in C:\Program Files\KONICA MINOLTA\PageScope Net Care\ |
| KSD2Service | X | ravsvc.exe | Win-Trojan/Downloader.8804 |
| KSD2Service | X | notaped.exe | Troj/DownLd-ABB |
| KSD2Service | X | WINL0GON.exe | Troj/Dloadr-AXH |
| KService | ? | KService.exe | Added by KService It's part of a peer to peer package people agree to when signing up with 'Sky By Broadband' but it seems to be causing afew concerns over bandwidth use, the recurring issue when this is in logs is slow speeds, it doesnt uninstall when you remove Sky By Broadband and does not have a Add/Remove screen entry but it is a genuine service as Sky clearly state what it is on their site and in the terms and conditions. Removal Application provided by Sky READ_THE_INSTRUCTIONS Note: Located in C:\Program Files\KService\ |
| KService | L | KService.exe | "Kontiki Delivery Management System" The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers" NoteLocated in C:\Program Files\Kontiki |
| LANDesk Remote Control Service (ISSUSER) | L | issuser.exe | Related to LANDesk_Remote_Control Service. Note: Located in C:\Program Files\LANDesk\LDClient\ |
| LANDesk® Management Agent | L | residentagent.exe | Part of LANDesk Management Suite. |
| lanmandrv | X | lanmandrv.sys | Troj/Agent-ELF |
| LanSafe Power Monitor (LanSafe PM) | L | PowerMonitor.exe | Related to LanSafe_Power_Monitor from Powerware. Uninterruptible Power Supply Note: Located in C:\Program Files\Powerware\LanSafe\Bin\ |
| LanSafe Process Manager | L | xyntservice.exe | Related to LanSafe_Process_Manager from Powerware. Uninterruptible Power Supply Note: Located in C:\Program Files\Powerware\LanSafe\Bin\ |
| Lavasoft Personal Firewall Service (LavasoftFirewall) | L | lpfw.exe | Related to Lavasoft_Personal_Firewall service. Note: Located in C:\Program Files\Lavasoft\Personal Firewall\ |
| LckFldService | ? | LckFldService.exe | ? Could be related Proland Software. ? - http://www.pspl.com/ |
| LCS | L | lcs.exe | Related to 3Com Wireless USB Utility Located in C:\Program Files\3COM Technology Corporation |
| LEC TranslateDotNet Server | L | LogoMedia TranslateDotNet Server.exe | Translates email, web pages, documents and instant messages. Made by the Language Engineering Company, for more information Click_Here File location is in the Program Files\Power Translator folder. |
| Leica Microsystems Data Container V1 | L | LMSDataContainerServer.exe | Related to Leica_Microsystems Now Vistec_Semiconductor_Systems advanced technologies in optics. |
| Lexar JD31 (LxrJD31s) | L | LxrJD31s.exe | Lexar "JumpDrive" driver. From Lexar_Media_Inc |
| Lexar Secure II (LxrSII1s) | L | LxrSII1s.exe | Related to Lexar_Media Inc. removable flash memory cards, USB flash drives, card readers etc... |
| Lexar SG20 | L | LxrSG20s.exe | Related to Lexar_Media Inc. Lexar offers a wide range of storage products. Note: Located in C:\WINDOWS\SYSTEM32\ |
| LexBce Server | L | LEXBCES.EXE | Lexmark Printer Service |
| LibUsb-Win32 - Daemon, Version 0.1.8.0 | L | libusbd-nt.exe | LibUsb open-source USB driver |
| LicCtrl Service | L | runservice.exe | Part of the eLicense Copy Protection scheme employed by some software and games. (Castlecops Startup List) |
| License Agent | L | cla.exe | License Agent for the HiPath 1220 digital PBX system from Siemens. For more information Click_Here File location is in the Program Files\Licensing\License Agent\bin folder. |
| License Management (CLMTomcatStarterSvc) | L | tomcat.exe | Related to Apache_Tomcat Owner: Alexandria Software Consulting. |
| License Management Service ESD | L | Licence Manager ESD.exe | Related to the Licence_Manager_ESD.exe is the element5 License Management Service, used by some software for license checking and management. Leave it alone to ensure the software installed on your computer working properly. Note: located in C:\Program Files\Common Files\element5 Shared\Service\ |
| LicenseManagerSocket | L | LicenseManagerSocket.exe | Related to UIC License Manager a propriatiry Sofstware. Used to activate a software on customer computers for a specified length of time. Note: Located in C:\Program Files\Universal Instruments\License Manager\ |
LightScribeService Direct Disc Labeling Service (LightScribeService) | L | LSSrvc.exe | LightScribe related to Hewlett Packard |
| LiveShare P2P Server | L | RoxLiveShare.exe | Related to Roxio_Inc |
| LiveShare P2P Server 9 (RoxLiveShare9) | L | RoxLiveShare9.exe | Related to Roxio_Inc |
| LiveUpdate | L | LUCOMS~1.EXE | Related to Norton Internet securty suite and provides up to date antivirus data for your Norton Anti-virus product. (Filename is LUCOMSERVER.EXE, or LUCOMSERVER_2_5.EXE) |
| LiveUpdate Notice Service | L | PIFSvc.exe | Related to LiveUpdate_Notice_Service from Symantec Note: Located in C:\Program Files\Common Files\Symantec Shared\PIF\ |
| LmHosts | X | svchost.exe -k LmHosts | Added by the Fuwudoor TROJAN! |
| LMMng (memlow) | X | memlow.sys | Added by the Troj/Haxdoor-AA TROJAN! |
| Loading Outpost Connections | X | cmdtel.exe | Win32.Bagz.i email virus |
| Local Network Service (algs) | X | gettfo.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. The filename can be different |
| Local Security Authority Server (LSaServ) | X | lsasrv.exe | Detected as W32/Hupigon.gen76 by F-Secure Note: Located in %windir%\cursors |
| Local Security Authority Subsystem Library (LSA Server) | X | lsasrv.exe | Added by the Win32/Amahkey.F TROJAN! Note: This trojan is located in C:\%WINDIR%\ |
| Local Security Authority Subsystem Service (lsass) | X | lsass.exe | Added by the W32/Tilebot-AK or W32.Spybot.ABDO WORM! Note: This is not the legitimate Windows process lsass.exe (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. |
| Local Security Authority System Service (lsass) | X | lsass.exe | Added by the W32/Rbot-AJA WORM! Note: This is not the legitimate Windows process lsass.exe (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Local Security Policy (Windows Local Security Policy) | X | wpablan.exe | Unidentified SDbot, probable variant of "W32/Sdbot-CWR". |
| Local Service (LocalSystem) | X | chfmon.exe | Added by the W32/Agobot-AIM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Read the link, allows remote access, steal information ... |
| Logical Disk Manager Administrative Service | L | dmadmin.exe | Veritas logical disk manager |
| Logitech (Logitech Checker) | X | logitech.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| Logitech Bluetooth Service (LBTServ) | L | LBTSERV.EXE | Related to bluetooth products from Logitech |
| Logitech MM50 Kernel Drivers | X | mm50krnl.exe | W32/Spybot-NT Read the link, allows remote access |
| Logitech Process Monitor (LVPrcSrv) | L | LVPrcSrv.exe | Related to Logitech QuickCam Provides additional configuration options for these devices. |
| LogMeIn | L | LogMeIn.exe | Related to LogMeIn LogMeIn Rescue is used by IT helpdesks to provide instant remote support to customers and employees. Note: located in C:\Program Files\LogMeIn\ |
| Logon Process (WinLogon) | X | winlogon.exe | Added by a the Win32.IRCBot.zx Spyware WORM! a variant of the W32/IRCBot-UN Note: This worm\trojan is located in C:\%WINDIR%\ |
| LOGON suport service | X | IES4SERVICE.SYS | Added by the Goldun.G TROJAN! Note: This trojan file is found in the System32 folder. |
| Logon Task Manager | X | symon.exe | Added by the Worm_Ircbot_Gen TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Logon Terminal Manager | X | spoolsc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| LogonSvc (LogonSvcID) | L | logonsvc.exe | Related to E-Pop web conferencing Note: Located in C:\Program Files\E-Pop\ |
| Lookout Citadel Server (LkCitadelServer) | L | lkcitdl.exe | Related to Lookout_Citadel_Server From National Instruments, Inc. Note: Located in C:\WINDOWS\system32\ |
| Lotus Notes Single Logon | L | nslsvice.exe | IBM Lotus Notes Single Logon Service - http://www.anti-spy.info/process/nslsvice.exe.html |
| Lpdriver (Lpdriver) | X | lpdriver.sys | Added by the W32/Tilebot-H or W32/Sdbot-ADG WORM! Note: This worm file is found in the System32 folder. |
| LSA Server | X | lsasrv.exe | Win32/IrmBot.worm.215040 Note: Located in %windir% |
| LSA Shel (Export Version) | X | lsass.exe | Added by the W32/Tilebot-HQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| LSA Shell Export-Version | X | lsass.exe | Added by the W32/Tilebot-IU WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| lsass (lsass) | X | lsass.exe | Added by the W32/Rbot-AIC WORM! Note: This is not the legitimate Windows process. (Which is always found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| lsass (Workstations) | X | autoexec.exe | Added by the W32/Sdbot-AFN WORM! Note: This worm file is found in the System32 folder. |
| LsassFTP daemon (LsassFTPD) | X | LsassFtpd.exe | Added by the SDBOT.CDW WORM! Read the link, rootkit type stealth involved. |
| LsassFTPzz daemon (LsassFTPDzz) | X | LsassFtpdz.exe | Added by the W32/Rbot-ARL WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Lsdiorw | L | lsdiorw.exe | Part of macdisk |
| LVSrvLauncher | L | SrvLnch.exe | Related to Logitech products |
| LWWLicenseService | L | LWWLicenseService.exe | Related to Wolters_Kluwer The Professional's First Choice for information, tools and solutions that help professionals make their most critical decisions. Note: located in C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\ |
| lxbs_device | L | lxbscoms.exe | Related to LXB_Device LXB provides, secure backup. |
| lxbt_device | L | lxbtcoms.exe | Lexmark International services. http://www.lexmark.com/ |
| lxbu_device | L | lxbucoms.exe | Related to Lexmark Printers. Provides additional configuration options for these devices |
| lxbx_device | L | lxbxcoms.exe | Related to Lexmark International, Inc Printer service. Note: located in C:\WINDOWS\System32\ |
| lxby_device | L | lxbycoms.exe | Related to Lexmark Printer service. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| lxcc_device | L | lxcccoms.exe | Related to Lexmark International, inc. Communication module for Lexmark products. Disabling will cause loss of functionality. |
| lxcd_device | L | lxcdcoms.exe | Related to Lexmar Lexmark International, Inc. Printers Note: Located in C:\WINDOWS\System32\ |
| lxce_device | L | lxcecoms.exe | Related to Lexmark, Inc. printers |
| lxcf_device | L | lxcfcoms.exe | Lexmark printer related |
| LXCGCustomerConnect | L | LXCGserv.exe | Related to Lexmark_Inkjet_printer Spool driver. Note: Located in C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ |
| lxcg_device | L | lxcgcoms.exe | Related to Lexmark printer |
| lxcr_device | L | lxcrcoms.exe | Related to Lexmark 2400 series printer monitor software. Disabling will cause loss of functionality. Note: Located in C:\Program Files\Lexmark 2400 Series\ |
| lxct_device | L | lxctcoms.exe | Related to Lexmark_International and its printer services. red]Note: Located in C:\WINDOWS\SYSTEM32\ |
| Lync USB Auditor Service (LyncUSBServ) | L | lyncusb.exe | Related to Lync_USB A toolkit that delivers an integrated removable media device discovery and auditing solution for enterprise IT management applications. |
| M-Audio CMIDI Installer (MA_CMIDI_InstallerService) | L | MA_CMIDI_Inst.exe | Related to M-Audio_CMIDI Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio MA_CMIDI\ |
M-Audio Fast Track Installer (FastTrackInstallerService) | L | MAUSBFTInst.exe | Related to M-Audio_Fast_Track Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio\Fast Track USB\ |
| M-Audio Ozone Installer (OzoneInstallerService) | L | ozinst.exe | Related to M-Audio_Ozone products. Note: Located in C:\Program Files\M-Audio\Ozone\Install\ |
| M-BUS/M-NET Administration (MCONTROL) | L | mcontrol.exe | Related to Siemens Energy & Automation Platform. Note: located in C:\Program Files\ProcessSuite\MBUSDRVR\ |
| M1 Licensing Helper (iLicenseSvc) | L | iLicenseSvc.exe | Related to Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\WINDOWS\Intellution\ |
| mac128 | X | mac128.sys | Added by the Troj/Klutz-A Trojan! |
| MacFormatService | L | FORMATM.EXE | Related to Conversions Plus from DataViz |
| Machine Debug Manager (MDM) | L | mdm.exe | Visual studio debuger, if you install vs2003, mdm.exe is found in c:/program files/common files/microsoft shared/vs7debug For more info Click_Here |
| Macromedia Licensing Service | L | Macromedia Licensing.exe | Related to Macromedia products: Flash, Dreamweaver, etc. |
| Macromedia Updater (mmupdate) | X | 19D.tmp".exe | Added by a variant of the Win32.Small.oa TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ The filename is randum in the format xxxx.tmp".exe |
| MagicTuneEngine | L | MagicTuneEngine.exe | Related to MagicTune_Engine from Samsung. Magic Tune Premium is an update of MagicTune 3.6 for Samsung monitors. Note: Located in C:\Program Files\MagicTune Premium\ |
| Mailgate Mail/Proxy Service | L | mgatesvc.exe | Mailgate Internet Connectivity Server |
| Manageer Network Connections | X | telcmd.exe | BAD - Look how manager is spelled. |
| Manageer Network Connections (Kern32) | X | telcmd.exe | A new service added by the Troj/Agent-CP TROJAN, with a display name of Manageer Network Connections. |
| Manager (Windows XP Manager) | X | msnmgr.exe | Added by the W32/Kassbot-L Read the link, rootkit type stealth involved. |
Managing FAT and NTFS partitions (Defragmentation Manage) | X | dfrgfat16.exe | Added by the W32/Codbot-N WORM! |
| Mangomind Drive Repair (MindRepair) | L | dirtcon.exe | Related to Mangomind access your business critical files from anywhere, at any time, from any computer. Note: Located in C:\Program Files\Mango\Mind\Utilities\ |
| mapi Helper | L | ImapiHelper.exe | ISO recorder |
| MarkVision Server (MvServer) | L | lexmvservice.exe | Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\ |
| MarkVision Web Server (MvWebServer) | L | lexwebservice.exe | Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\ |
| Mass Effect(TM) Xbox 360 | X | mfxbox.exe | W32/Spybot-MS Read the link, allows remote access |
| Mass Effect™ Xbox 360 | X | mfxbox.exe | Added by the W32/Spybot-MS WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling the automatic startup of other software |
| MATLAB Server (matlabserver) | L | matlabserver.exe | Related to The MathWorks Inc. |
| MaxBackServiceInt | L | MaxBackServiceInt.exe | Related to Maxtor_backup service. Note: Located in C:\Program\Maxtor\Maxtor Backup\ |
| MaxSyncService (NTService1) | L | SyncServices.exe | Related to Maxtor_OneTouch service. Note: Located in C:\Program\Maxtor\OneTouch\Utils\ |
| Maxtor Performance Analysis Tool | X | winrcn.exe | Troj/IRCBot-VY Read the link, allows remote access |
| Maya 6 PLE Documentation Server | L | wrapper.exe | Related to Alias Systems Corp. |
| MBackMonitor | L | MBackMonitor.exe | Mcafee related |
| MC/Empower i.collect | L | icserv.exe | an internet cleaning utility issued by various ISP's for their customers use |
| McAfee Agent | L | myAgtSvc.exe | Related to Network Associates, Inc. |
| McAfee Alert Manager (AlertManager) | L | amgrsrvc.exe | Related to McAfee_Alert_Manager , http://www.mcafee.com/ deals with alert management. Note: Located in C:\Program Files\Network Associates\Alert Manager\ |
McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) | L | Msssrv.exe | Related to Network Associates, Inc. |
| McAfee AntiSpyware Service | L | massrv.exe | Related to McAfee AntiSpyware service. |
| McAfee Application Installer Cleanup | ? | 012703~1.EXE | Appears to be related to a mcafee uninstaller, if it is still present after a reboot, it should be removed |
| McAfee Desktop Firewall Service (FireSvc) | L | FireSvc.exe | Related to McAfee Desktop Firewall Service. Note: located in C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\ |
| McAfee E-mail Proxy (Emproxy) | L | emproxy |