| Name | Status | Filename | Description |
@%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) | L | wmpnetwk.exe | Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\ |
| @%SystemRoot%system32qwave.dll,-1 (QWAVE) | L | svchost.exe | Part of Windows Vista |
Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE) | L | Belpic PCSC Service.exe | Belgium Identity Card Middleware from Zetes/CSC |
| Dell Printer Status Database (DLSDB) | ? | DLSDBNT.EXE | Related to Dell_Printers Note: Located in C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\ |
| license | L | lic_srv.exe | Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin |
| LXCCCustomerConnect | L | LXCCserv.exe | Related to Lexmark printers Note: Located in %windir%\System32\spool\DRIVERS\W32X86\3\\LXCCserv.exe |
| Network Windows Service (MSWindows) | X | urdvxc.exe | Added by the W32/Allaple-B WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| pcAnywhere Install Service - Symantec Corporation | L | pca_run.exe | Part of Symantec PCAnywhere |
| Remote Debug Services | X | smsc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Security Platform Management Service (IFXSpMgtSrv) | L | IFXSPMGT.exe | Related to Security_Platform_Management Service from Infineon Technologies. Note: Located in C:\WINDOWS\system32\ |
| Shell Software Detection (ShellSWDetection) | X | shellsw.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| SolidWorks Licensing Service | L | SolidWorksLicensing.exe | Part of a SolidWorks product |
| Windows Zero Connection (WinZConn) | ? | mswnt.exe | Probable backdoor trojan |
| Wireless Adapter Configurator | L | WirelessDaemon.exe | Related to BT's home hub products |
| $sys$aries | X | aries.sys | Added by the SonyBMG_First4DRM ROOTKIT! Read the link, rootkit type stealth involved. Thanks Sony. |
| %NVSVC.name% | L | nvsvc32.exe | NVidia driver |
| (Any service name) | O | srvany.exe | This utility allows running Windows NT\2000\XP applications as services. Can also be used to load Malware. See Explanation ... Example of how to find the file being loaded with Service name iOpusService |
| (non-roman characters) | X | sServer.exe | Added by the Troj/Feutel-AB TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| (random file name without extension) | X | (random file name).sys | Added by the TROJ_ROOTKIT.AI TROJAN! Read the link, rootkit type stealth involved. |
| (random name) | X | window.exe | Troj/Hupigon-BS Note: Located in %windir% Read the link, steals information and allows remote access |
| (Random) *See description* | X | irjit.dll | Added by the Backdoor.CVM TROJAN! Note: This trojan file is found in the System or System32 folder. *Check the link for the list of random service names.* |
| (special characters) (myserver) | X | myserver.exe | Added by the Troj/Dropper-BR TROJAN! |
| *Microsoft Update | X | wstcl.exe | No from Microsoft. |
| *Microsoft Update | X | wuytc.exe | unknown virus |
| *windows update | X | wsctl.exe | malware virus. possibly "Win32.Rbot.gen" |
| *windows update | X | wuaucrlt.exe | Added by the W32.Spybot.HUR WORM! |
| *wuauclt.exe | X | random | Related to WORM_RBOT.AKU or variant. |
| .NET Framework Service | X | svchost.exe | "Trojan-PSW.Win32.Sagic.15" Virus |
| .NET Framework Service (.NET Connection Service) | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ Note The proper location for that operating file is in C:\%WINDIR%\System32 |
.NET Runtime Optimization Service v2.0.50215_X86 (clr_optimization_v2.0.50215_32) | L | mscorsvw.exe | Related to Microsoft_NET_Framework NET Runtime Optimization Service. |
| 1784-PCIDS DeviceNet | ? | PcidsService.exe | Appears to be from Rockwell software |
| 1789-SIM Simulator Module (SimModuleService) | ? | SimModuleService.exe | Appears to be from Rockwell software |
| 19E7E238 | X | 19E7E238.EXE | Troj/Agent-ELX |
| 32-bit Installation Host (inst32) | X | inst32.exe | Added by the W32/Chinegan-A WORM! Note: This worm is located in C:\Program Files\Common Files\inst32\ |
| 32-bit Registration Host (reghost32) | X | reghost32.exe | Added by the W32/Rbot-GKR WORM! Note: This worm is located in C:\Program Files\Common Files\System\ |
| 39672EA4 | X | 39672EA4.EXE | Troj/GrayBir-EW |
| 3Com DMI Agent | L | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards |
| 3ComBOOTP | L | 3CBOOTPS.EXE | A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services |
| 3ComPXE | L | 3CPXES.EXE | A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services |
| 3ComTFTP | L | 3CTFTPS.EXE | A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services |
| 3dkeybd | O | 3dkeybd.exe | Unknown... No answers on the net. |
| 64Bit architecture emulation (wrmsrvice) | X | WRMSRVICE.SYS | Added by the TROJ_ROOTKIT.AG TROJAN! Read the link, rootkit type stealth involved. |
| 80xFire daemon (80xFire) | X | 80xFire.exe | Added by the W32/Tilebot-BK WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| 9F9DF57C | X | (random name) | Troj/DwnLdr-GUT |
| @%SystemRoot%ehomeehstart.dll,-101 (ehstart) | L | svchost.exe | Windows Media Center Service Launcher in the Windows Vista edition |
| @%SystemRoot%system32seclogon.dll,-7001 (seclogon) | L | svchost.exe | Part of Windows Vista |
| a-squared Free Service (a2free) | L | a2service.exe | Related to a-squared free edition, from Emsi Software GmbH |
| aaksrv | L | aaksrv.exe | Spydex Advanced Anti keylogger |
| AAMQDispatcher | L | AAMQDispatcherService.exe | Compuware Serversoftware |
| ABCSpell Helper Service | L | ABCSpellService.exe | Spell checker (Ect, ect) for Outlook Express. For more information Click_Here |
| Abel | X | Abel.exe | Source: http://www.pestpatrol.com/PestInfo/C/Cain.asp |
| abhcop | X | abhcop.sys | Added by the PigSearch Adware. Read the link, rootkit type stealth involved. |
| AC | X | acoustic.exe | Added by the SDBOT.CRN WORM! Read the link, rootkit type stealth involved. |
| Ac Profile Manager Service (AcPrfMgrSvc) | L | AcPrfMgrSvc.exe | Related to the Ac_Profile_Manager_Service installed as a part of ThinkPad Access Connections suite on ThinkPad laptops. Note: Located in C:\Program Files\ThinkPad\ConnectUtilities\ |
| AC-DNAME (AC-DNAME) | X | acoustic.exe | Added by the SDBOT.CFN WORM! Read the link, rootkit type stealth involved. |
| Accenture Media Viewer (MediaViewer) | L | streamviewerservice.exe | Related to Accenture_Media_Viewer |
| Access Remote PC Service 4.3 | O | rpcsetup.exe | Access_Remote_PC remote access software. Legitimate, but remote access could be considered dangerous unless monitored carefully. |
| ACMService (ACMService) | L | | Added by the ACM SPYWARE! **Note this is a commercial computer monitoring software |
| ACNUSvc | L | acnupdatersvc.exe | Related to Accenture global management consulting, technology services and outsourcing company Note: Located in c:\program files\acnu\ |
| Acronis Scheduler2 Service (AcrSch2Svc) | L | schedul2.exe | Related to Acronis_True_Image creates the exact copy of your hard disk and allows you to instantly restore the entire machine including operating system. Note: Located in C:\Program Files\Common Files\Acronis\Schedule2\ |
| Active Virus Shield (AVP) | L | avp.exe | Related to Active_Virus_Shield from AOL. Note: Located in C:\Program Files\AOL\Active Virus Shield\ |
| ActiveXperts Network Monitor (AxsNmSvc) | L | AxsNmSvc.exe | Added by ActiveXperts_Network_Monitor allows administrators to monitor the network for failures and irregularities. Note: Located in C:\Program Files\ActiveXperts\ |
Actuate Process Management Daemon 8 (__AC_PROCESS_MGMT_DAEMON8) | L | pmd8.exe | Actuate_Enterprise Reporting Applications for business intelligence analytic services |
| Ad-Aware 2007 Service (aawservice) | L | aawservice.exe | Related to Ad-Aware_2007 anti-spyware solution. This program can find and remove spyware and malware from your computer. Note: Located in C:\Program Files\Lavasoft\ |
| Ad-Axis Client | L | aaclient.exe | Related to Lavasof's Ad-Aware SE Enterprise Edition 2005 |
| Adaptador de rendimiento de WMI | L | wmiapsrv.exe | Windows Management Instrumentation Performance Adapter Service Windows XP and 2003. Note: Located in C:\WINDOWS\System32\wbem\wmiapsrv.exe |
| Adaptec I/O Manager Server | L | iomgr.exe | Related to Adaptec product |
| Adaptec RAID Remote Services Agent | L | afaagent.exe | Related to Adaptec, Inc. |
| Adaptec Storage Manager Notifier | L | notify.exe | Related to Adaptec procuct |
| Adaptec Web Server | L | arcpd.exe | Related to Adaptec procuct. |
| AdaptecStorageManagerAgent | L | StorServ.exe | Related to Adaptec Incorporated |
| Adapter Switching | L | RoamSvc.exe | Intel Adapter Switching |
| AddFiltr | L | AddFiltr.exe | Found on HP computers |
| ADF Installer Service (ADF Installer) | L | AgentSVC.exe | Related to Citrix Installation Manager Service |
| Admin Works Agent X8 (AWService) | L | awServ.exe | Related to AdminWorks from Avocent Corporation. A cost effective IT management software tool for small and medium size businesses. Note: Located in C:\Program Files\Intel\IDU\ |
| AdministraciĂłe aplicaciones | L | services.exe | Spanish Windows 2000 applications managing |
| Administrador de cuentas de seguridad | L | lsass.exe | Spanish Windows 2000 security accounts manager |
| Administrador de discos | L | services.exe | Spanish Windows 2000 disks manager |
| Administrador de sesiĂłe Ayuda de escritorio remoto | L | sessmgr.exe | This service manages and controls Remote Assistance |
| Administrador de utilidades | L | UtilMan.exe | Spanish Windows 2000 utility manager |
| Adobe Active File Monitor | L | PhotoshopElementsFileAgent.exe | Related to Adobe photoshop. |
| Adobe LM Service | L | Adobelmsvc.exe | Required for PhotoshopCS |
| Adobe Update Manager (Adobe3M) | X | mshss.exe | Added by the Troj/Wollf-B TROJAN! Note: This worm\trojan file is found in the System32 folder. |
| Adobe Version Cue CS2 | L | VersionCueCS2.exe | Related to Adobe Products |
| AdobeVersionCue | L | VersionCue.exe | Adobe related |
| ADSService | L | ADSSER~1.EXE | Related to Aluria_Active_Defense_Shield Service. An EarthLink Co. Note: Located in C:\Program Files\EarthLink\Protection Control Center\ |
| Advanced Networking Service (hnmsvc) | L | hnm_svc.exe | Related to Advanced_Networking_Service from Dell. Note: Located in %\Program Files%\Dell Network Assistant\ |
| Advantage Database Server | L | ADS.EXE | Related to Extended Systems' Advantage_Database_Server |
| AEClientHostService | L | AEClientHostService.exe | Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\Program Files\GE Fanuc\Alarm Viewer\Host\ |
| Age of Empires III: The WarChiefs | X | ageofempires.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K) |
| Agente de directivas IPSEC | L | lsass.exe | Spanish Windows 2000 IPSEC policy agent |
| Agere Modem Call Progress Audio (AgereModemAudio) | L | agrsmsvc.exe | Related to Agere_Modem Call Progress Audio. (Now owned by LSI Corp.) Note: Located in C:\Windows\system32\ |
| Agere Service (AgrSrvce) | L | AgrSrvce.exe | Related to Proxim_Corp Client manager software associated with the ORiNOCO wireless LAN card. |
| AIM (AIM) | X | aim.exe | Added by the W32/Rbot-AGC or W32/Sdbot-BFX WORM! Read the link, rootkit type stealth involved. |
| Aim Version 6 (Aimv6) | X | aim6.exe | Identified as the Rbot.cgu infection. This infection is part of the family of worms and IRC backdoors. Note: This worm is located in C:\WINDOWS\Cursors\ |
| aim.ex | X | IEXPLORER.EXE | Added by the SDBOT.COW WORM! Read the link, rootkit type stealth involved. |
| Alerter | L | svchost.exe | Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. |
| AlfaCleanerService | X | ACServer.exe | AlfaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware. This program tends to be installed with other known Smitfraud infections. |
| ALGE | X | Hacker.com.cn.exe | Troj/GrayBr-CP Read the link, allows remote access |
| Almacenamiento protegido | L | services.exe | Spanish Windows 2000 protected storage |
| Altera JTAG Server (JTAGServer) | L | JTAGServer.exe | Related to Altera Quartus II Software. Note: Located in C:\altera\quartus50\bin\ |
| Alternative User Input Services (Ctfmon) | X | ctfmon.exe | Added by the W32/Tilebot-JR WORM! Note: This worm is located in C:\%WINDIR%\ Note This is not the cftmon.exe normally found in C:\WINDOWS\System32\ |
| Altiris Agent (AeXNSClient) | L | AeXNSAgent.exe | Related to Alteris services. http://www.altiris.com |
| Altiris Carbon Copy (CarbonCopy32) | L | ccsrvc.exe | Related to Alteris services. http://www.altiris.com |
| Altiris Client Service | L | ACLIENT.exe | Related to Altiris, Inc. |
| Altiris eXpress NS Client (AeXNSClient) | L | AeXNSClient.exe | Related to Altiris_eXpress NS Database and SVS (Software Virtualization Services). |
Altiris eXpress NS Client Transport (AeXNSClientTransport) | L | AeXNSClientTransport.exe | Related to Altiris_eXpress NS Database and SVS (Software Virtualization Services). |
| Aluria Message Service (MsgSrvService) | L | AluriaMsgSrv.exe | Aluria security center |
Aluria Security Center Spyware Eliminator Service (ASCService) | X | ascserv.exe | Aluria Spyware Eliminator "Spyware remover" a rogue program of dubious repute - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "Alura" |
| Aluria Spyware Eliminator Service | O | ASEServ.exe | Aluria Spyware Eliminator |
| AL_ADSService | X | AL_ADSService.exe | Aluria Spyware Eliminator "Spyware remover" a rogue program of dubious repute - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "Alura" |
| Amadeus Automatic Update | L | AutoUpdate.exe | Related to Amadeus powerful front office travel management tool. Note: Located in C:\Program Files\Automatic Update\ |
| AMD PowerNow! . Technology Service (GemServ) | L | GemServ.exe | Related to Advanced Micro Devices, Inc. - http://www.amd.com/ |
| Ampi32 (wdfmgr) | X | msvcrt.exe | Added by the W32/Tilebot-Q WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Analysis Server (MSSQLSERVER) (MSSQLServerOLAPService) | L | msmdsrv.exe | Related to Microsoft_SQL_server suite. |
| ANIWZCSd Service | L | ANIWZCSdS.exe | Related to Alpha_Networks |
| AntiSpyUltra (Zonelaps) | X | vsmom.exe | Added by the W32/Tilebot-E WORM! Read the link, rootkit type stealth involved. |
| AntiVir PersonalEdition Classic Guard (AntiVirService) | L | avguard.exe | Part of Antivir |
| AntiVir Scheduler (AntiVirScheduler) | L | sched.exe | Related to AntiVir antivirus program. |
| AntiVir Service | L | AVGUARD.EXE | AntiVir antivirus |
| AntiVir Update | L | AVWUPSRV.EXE | AntiVir Antivirus |
| antivirus32 | X | antivirus32.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| antivirusdll | X | winmsgslive.exe | Added by the W32/Sdbot-CXQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Modifies some FTP files, read the link |
| ANTS Profiler service | L | RedGate.Profiler.Service.exe | Related to Red Gate Software Ltd |
| AnyPoint Service - Intel Corporation | L | APSERVER.EXE | Belongs to Intel_Anypoint home networking system |
| AOL Antivirus Update Service (aolavupd) | L | aolavupd.exe | Related to AOL Antivirus Update Service. |
| AOL Connectivity Service | L | AOLAcsd.exe | Owner: America Online. Description: AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Also shown as AOL Connectivity Service (AOL ACS). |
| AOL Connectivity Service | L | acsd.exe | AOL related |
| aol software (Aol Software) | X | smss.exe | Added by the W32/Tilebot-FM WORM! Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link. |
| AOL Spyware Protection Service | L | aolserv.exe | Related to AOL |
| AOL TopSpeed Monitor | L | aoltsmon.exe | AOL Topspeed |
| Apache | L | Apache.exe | Apache Web Server Software |
| Apache2 | L | Apache.exe | Apache Web Server |
| APACS+ NIM32 (NIM32) | L | Nim32.exe | Related to Siemens Energy & Automation Platform. Note: located in C:\Program Files\ProcessSuite\NIM\ |
| APC PBE Server | L | pbeserver.exe | APC PowerChute Business Edition Server (For UPS) |
| APC UPS Service | L | mainserv.exe | Related to American Power Conversion Corporation |
| AppExpress Client | L | ece.exe | Related to Endeavros Technology, Inc and Microsoft_Encarta |
| Application Layer Gateway (Application Gateway Service) | X | WeRecl.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. More here |
| Application Layer Gateway Manager (AppLayerGatewayMgr) | X | alg.exe | Added by W32/Tilebot-EU WORM!, Note: not to be confused with see_Here located in C:\Windows\System32\ this infection is locate in C:\Windows\ |
| Application Layer Gateway Service (ALG) | L | alg.exe | Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall located in C:\Windows\System32\ |
| Application Layer Gateway Services | X | alg.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Application Layer Gateway System (ALGS) | X | algsys.exe | Added by the W32/Rbot-DDF WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Application Layer Service | X | weRecv.exe | Added by the SystemPoser TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Application Layer Service (algserv) | X | algserv.exe | Troj/Agent-ECW Note: Located in %windir%\system32 |
| Application Layer Service Control (applilserv) | X | applayer.ex | W32/Rbot-GHL Note: Located in %windir%\system32 Read the link, allows remote access |
| Application State Service (AppSvc) | X | apsvc.exe | Added by the W32/Rbot-FWW WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| AppMgmt | X | svchost.exe -k AppMgmt | Added by the Fuwudoor TROJAN! |
| AppnNode | L | appnnode.exe | Related to IBM_Server Note: Located in C:\WINDOWS\system32\Drivers\ |
| ARC Plugin (ARCPLUG) | X | arci.exe | Added by the W32/Tilebot-HB WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Steal information from Protected Storage |
| ArcaBit NetMonitor (ABNetMon) | L | NetMonSV.exe | ArcaVir an AntiVirus software from Poland. A procuct of ArcaBit Sp. z o.o |
| ArchestrA Logger (aaLogger) | L | aaLogger.exe | Related to ArchestrA Software architecture for the integration of your automation systems. |
| Ares Chatroom server (AresChatServer) | L | chatServer.exe | Related to the Ares P2P software |
| Argos Billing Dialog | L | WorkstationMonitor.exe | Related to Argos_Billing_Dialog from Sepialine inc. Print Monitor. Note: Located in c:\Program Files\Sepialine\Argos Print Monitor\ |
| ArGoSoft Mail Server Plus | L | mailservernt.exe | Related to ArGo Software Design Mail Server |
Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) | L | arr_srvs3,0,1,9.exe | Related to SSL_VPN SSL VPN Secure Access Gateways from Array Networks. Anytime, anywhere secure access. Note: Located in C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\ |
Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) | L | arr_isrv4,0,1,3.exe | Related to SSL_VPN SSL VPN Secure Access Gateways from Array Networks. Anytime, anywhere secure access. Note: Located in C:\Program Files\Array Networks\Common\4,0,1,3\ |
| Ascent Capture Service | L | acsvc.exe | Related to Kofax Image Products. |
| ASF Agent | L | ASFAgent.exe | Intel Alert Standard Format Console - asfagent.exe is a part of a systems management suite bundled with other applications, mainly Dell's OpenManage. |
| AshampooDefragService | L | aDefragService.exe | Related to Ashampoo Magic Defrag Utility |
| ASMAgent | L | ASMAgent.exe | Related to ASAP_eSMART Smart Asset Management tool. |
| ASNFTP daemon (ASNFTPD) | X | AsnFtpd.exe | Added by the W32/Tilebot-BD WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| ASP.NET (State Service) | | ASP.NET.exe | Troj/GrayBir-EC Note: Located in %windir% Read the link allows remote access |
| ASP.NET State Service (aspnet_state) | L | aspnet_state.exe | Related to Microsoft Windows Operating System and is the ASP State Service. |
| Asset Insight Client (AICLIENT) | L | Aiclient.EXE | Asset Insight from Tangram - http://castlecops.com/s1883-AICLIENT_EXE.html |
| Asset Management Agent | L | UMCSTUB.EXE | Related to Unicenter Asset Management by Computer_Associates |
| Asset Management Daemon | L | dtsslsrv.exe | Display configuration software used by several manufacturers under differing names such as Image Tune or EZTune etc... Note: located in C:\Program Files\... |
| Asus Motherboard Utility (Asus) | X | asus.exe | Added by the WORM_SPYBOT.IY WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| ASUSKeyboardService | L | asuskbservice.exe | Added by ASUS_Keyboard Service and provides additional configuration options for these devices. Note: located in C:\%WINDIR%\ |
| ASWLSVC | L | ASWLSVC.exe | Relate to the ASUS_Wireless_LAN_Card_Services |
| Asynchronous Load Balance (ySvcHst) | X | srvnst.exe | Added by ServiceThreadHandler.Process TROJAN! Note: located in C:\WINDOWS\System32\ |
| Asynchronous UPnP Support Services | X | UPnPSvc.dll | Troj/PWS-ANB Read the link, steals information |
| AT Host Service | L | atnthost.exe | Related to WebEx |
| Atheros Configuration Service | L | acs.exe | related to Atheros Wireless LAN |
| Ati HotKey Poller | L | Ati2evxx.exe | ATI Video Card Control Panel |
| ATI Smart | L | ati2sgag.exe | ATI Video Card Control Panel |
| ATIintergrated (ATIintergrated) | X | atigraphics.exe | Added by the SDBOT.CRX WORM! Read the link, rootkit type stealth involved. |
| ATK Keyboard Service (ATKKeyboardService) | L | ATKKBService.exe | Related to ASUSTeK_Computer Inc. ASUS Keyboards and provides additional configuration options for these devices. |
| Audio Adapter (VGADown) | X | avp.exe | Added by an unidentified TROJAN!. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Auto HotKey Poller | X | winpol.exe | Added by a variant of the W32/Malware Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| AutoComplete Service | L | autocomp.exe | Tracks Eraser Pro |
| Autodata Limited License Service | L | ADCDLicSvc.exe | Related to Autodata Limited |
| Autodesk Data Management Job Dispatch | L | Connectivity.WindowsService.JobDispatch.exe | Related to Autodesk_Data_Management Web Server. Note: Located in C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\ |
| Autodesk EDM Server | L | Connectivity.EDMWS.Server.exe | Related to Autodesk_Data_Management Web Server. Note: Located in C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\ |
| Autodesk Licensing Service | L | AdskScSrv.exe | Related to Autodesk, Inc. |
| Autodesk MapGuide® Server 6.3 (MapServer6.3) | L | MapServer.exe | Related to Autodesk Inc. |
| Autodesk Network Licensing Service | L | AdskNetSrv.exe | Related to Autodesk_Network Licensing service. Note: Located in C:\Program Files\Common Files\Autodesk Shared\Service\ |
| AutoMate 5 (AutoMate5) | L | AutoMate5Svc.exe | Related to Automate from Network Automation, Inc. A Task Service. Note: Located in C:\Program Files\automate\ |
| AutoMate 6 (AutoMate6) | L | AMTS.exe | Related to AutoMate from Network Automation. Tools necessary to completely automate business processes. Note: Located in C:\Program Files\AutoMate 6\ |
| Automatic LiveUpdate Scheduler | L | ALUSchedulerSvc.exe | Related to to the Symantec LiveUpdate service which updates your Symantec products periodically. |
| Automatic Update Service (Automatic Update) | X | wuapi.exe | Added by the W32/Codbot-AC WORM! Note: This worm\trojan file is found in the System32 folder. |
| AutoStore (autostore) | L | batch.exe | Related to NSi's AutoStore from Notable Solutions, Inc. Capture documents and securely saving the content in your business applications. |
| AutoUpdate (Windows Server AutoUpdate) | X | Winupdate.exe | Troj/GrayBrd-CF Note: Located in %windir%\system32 Read the link, allows remote access and logs keystrokes |
| Av Update Monitor (AvSvcMonitor) | L | AvMonitor.exe | Avast |
| avast! Antivirus | L | ashServ.exe | Related to Avast AntiVirus |
| avast! iAVS4 Control Service | L | aswUpdSv.exe | Related to Avast AntiVirus |
| avast! Mail Scanner | L | ashMaiSv.exe | Related to Avast AntiVirus |
| avast! Web Scanner | L | ashWebSv.exe | Related to AWIL Software http://www.avast.com/ |
| Avast32 Start as Service | ? | avserver.exe | seems to belong to Avast anti-virus software |
| AVCore (SrvMain) | X | avservice.exe | As of yet Unknown Worm, Trojan or Malware. The file (avservice.exe) is found in the Documents and Settings\All Users\Application Data folder. |
| Aventail Connect (As32Svc) | L | as32svc.exe | Related to Aventail_Corp |
| AVG Anti-Spyware Guard (Anti-Malware Development a.s) | L | guard.exe | AVG Anti-virus product. |
| AVG E-mail Scanner | L | avgemc.exe | Related to AVG anti-virus |
| AVG Firewall (AVGFwSrv) | L | avgfwsrv.exe | Related to AVG_Firewall Note: located in C:\PROGRA~1\Grisoft\AVG7\ |
| AVG6 Service | L | avgserv.exe | AVG 6 Anti virus |
| AVG7 Alert Manager Server | L | avgamsvr.exe | Related to AVG Anti-Virus. |
| AVG7 Resident Shield Service (AvgCoreSvc) | L | avgrssvc.exe | Related to Grisoft_AVG_Resident Shield Service. Note: Located in C:\PROGRAM Files\Grisoft\AVG7\ |
| AVG7 Update Service | L | avgupsvc.exe | Used by the AVG 7 Antivirus program to keep your definitions up to do date. Note : For more information see AVG |
| avgav.exe (AVG) | X | avgav.exe | W32/Sdbot-DCT Read the link, allows remote access |
| Avid SDM Service (AvidSDMService) | L | AvidSDMService.exe | Related to Avid_SDM_Service from Avid Technology Note: Located in C:\WINDOWS\system32\ |
| Avid Startup | L | AvidStartup.exe | Associated with Avid_Digital_Media Products |
| avinitnt | L | avinitnt.exe | Related to Command AntiVirus for Windows Component, made by Command Software Systems, Inc. Which merged with Authentium in 2002. |
| AVKernel | X | AVKernel.exe | Rouge Anti-Virus Program. Made by WinSoftware, Ltd. For more information on WinAntiVirus 2005 Click_Here Note: Not recommended. |
| AVM FRITZ!web Routing Service (de_serv) | L | de_serv.exe | Installed alongside DSL drivers from AVM Fritz's range of modem products. http://www.liutilities.com/products/wintaskspro/processlibrary/de_serv/ |
| AVM IGD CTRL Service | L | IGDCTRL.EXE | Related to AVM_IGD_CTRL DSL Service. Note: Located in C:\Program Files\FRITZ!DSL\ |
| AVM WLAN Connection Service | L | WlanNetService.exe | Related to broadband products from avm.de |
| AVP Control Centre Service | L | avpcc.exe | Kaspersky AntiVirus |
| AVP UPDATE IONTERFACE A6 (avA6) | X | AVA6.SYS | Added by the DLOADER.AJQ TROJAN! Note: This has also been seen using the Display name AVP update interface A6. This trojan file is found in the System32 folder. |
| AVP-SE | X | avp-32.exe | WORM_AGOBOT.FS Read the link, allows remote access |
| AVPX TCP (avpx32) | X | avpx32.sys | Added by the Troj/Haxdoor-AH TROJAN! Read the link, rootkit type stealth involved. |
| AVPX64 TCP (avpx64) | X | avpx64.sys | Added by the Troj/Haxdoor-AH TROJAN! Read the link, rootkit type stealth involved. |
| avsinc | L | | |
| avsuite (mssuite) | X | msuite.exe | Added by the W32/Sdbot-ABC WORM! Read the link, rootkit type stealth involved. |
| AVSync Manager | L | Avsynmgr.exe | From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application |
| AVupdate service interface X2 (avupdate2) | X | avupdate2.sys | Added by the Troj/Hanlo-A TROJAN! Note: This trojan file is located in the System32 folder. |
| AvUpdSvc | L | avupdsvc.exe | Part of Avast! anti-virus software |
| “RDRIVâ€Â (rdriv) | X | RDRIV.SYS | Added by the TROJ_ROOTKIT.E TROJAN! Read the link, rootkit type stealth involved. |
| B's Recorder GOLD Library General Service (bgsvcgen) | L | bgsvcgen.exe | Related to B_H_A_Corp B' Recording Gold for CD/DVD burning and authoring software. |
| BackOnTrack Callback Service (BOTCbs) | L | bcbs_xp.exe | Related to BackOnTrack from System OK. Note: Located in C:\Program Files\SystemOK\BackOnTrack\WinXP\ |
| Backup Exec 8.x Alert Server (BackupExecAlertServer) | L | alertServer.exe | Related to Veritas Software backup tool. |
Backup Exec 8.x Notification Server (BackupExecNotificationServer) | L | nsvr.exe | Related to Veritas Software backup tool. |
| Backup Exec Agent Browser (BackupExecAgentBrowser) | L | benetns.exe | Related to the Backup Exec application from Veritas http://www.liutilities.com/products/wintaskspro/processlibrary/benetns/ |
Backup Exec Device & Media Service (BackupExecDeviceMediaService) | L | pvlsvr.exe | Related to Veritas Backup Exec and offers essential functionality for Backup Exec. http://www.processlibrary.com/directory/files/pvlsvr/index.php |
| Backup Exec Job Engine (BackupExecJobEngine) | L | bengine.exe | Backup service for Veritas Backup Exec. This program is essential in keeping backups up to date and should not be terminated. http://www.processlibrary.com/directory/files/bengine/index.php |
| Backup Exec Naming Service (BackupExecNamingService) | L | benser.exe | Veritas Software Corporation. This is the Backup Exec naming service which is needed in order to achieve some backups and restores. http://www.processlibrary.com/directory/files/benser/index.php |
Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) | L | beremote.exe | process that belongs to Backup Exec from Veritas http://www.liutilities.com/products/wintaskspro/processlibrary/beremote/ |
| Backup Exec Server (BackupExecRPCService) | L | beserver.exe | Related to Veritas Backup Exec. This program is essential in keeping backups up to date and should not be terminated. http://www.processlibrary.com/directory/files/beserver/index.php |
| BackupClientSvc | L | BackupClientSvc.exe | Related to NovaNet_WEB NovaStor Corp. Online Backup Services. |
| bbc (cnn) | X | imsins.exe | Troj/Hupigon-U |
| bbserver | X | bbserver.exe | Troj/Hupigon-PS Note: Located in %windir% Read the link, allows remote access |
| bcrcogqrkyko | X | mueyzrua5.exe | |
BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) | L | BeatJamHttpService.exe | See_BeatJam BeatJam Music Server Edition. |
| BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) | L | BeatJamUPnPService.exe | See_BeatJam Justsystem audio software BeatJam. |
| Bell & Howell Database Manager (dbmang) | L | DBMANG.EXE | Related to Bell_and_Howell |
| Bell & Howell Monitor Service (BHMonitorService) | L | monitor.exe | Related to Bell_and_Howell |
| BelMonitor Service (BelMonitorService) | L | BANTMonitorSvc.exe | Related to Belarc, inc. |
| BES Client (BESClient) | L | BESClient.exe | Related to BESClient by BigFix Inc |
| Beyond Remote Server | O | BRServer.exe | Beyond Remote Remote Legitimate, but allows remote access so should be removed if it was not intentionally installed |
| BGS_SDService | L | BGS_SDservice.exe | Related BMC Software, Inc. - http://www.bmc.com/ |
| bh611 | L | NT611SVC.EXE | Related to Bell_and_Howell |
| BigPond Broadband Cable Login | L | bpcService.exe | Telstra's BIGPOND_BROADBAND_CABLE |
| Biometric Authentication Service | L | DpHost.exe | Related to DigitalPersona, Inc. |
| BitDefender Communicator | L | xcommsvr.exe | Related to bitdefender Antivirus |
| BitDefender Desktop Update Service | L | livesrv.exe | Update service for BitDefender_Antivirus |
| BitDefender Scan Server | L | bdss.exe | Related to Bitdefender antivirus |
| BitDefender Virus Shield | L | vsserv.exe | Related to bitdefender (Virusshield) |
| Black Hole Professional Version (wmupdate) | X | svch0st.exe | Detected as Backdoor.Win32.Ciadoor.123.d by Kaspersky |
Black Hole2005 Professional Version (Black Hole2005 Professional) | X | QQ.exe | Added by the Troj/BlackHol-C TROJAN! |
Black Hole2005 Professional Version (Black Hole2005 Professional) | X | server.exe | Added by the Troj/Singu-W TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| BlackICE | L | blackd.exe | Black Ice firewall |
| Blue Coat K9 Web Protection (WebFilter) | L | k9filter.exe | Related to K9 Web Protection |
| Bluesocket IPSec Service (BlueService) | L | BlueService.exe | Related to Bluesocket WLAN service. Note: Located in C:\Program Files\Bluesocket MS IPSec Config Tool\ |
| BlueSoleil Hid Service | L | BTNtService.exe | BlueSoleil is a Bluetooth device manager for Windows. Made by the IVT_Corporation The file associated with this service is found in the Program Files\IVT Corporation\BlueSoleil folder. |
| Bluetooth Notification Service (Btnfserv) | X | btserv.exe | Added by the W32/Sdbot-CSD WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Bluetooth Service | L | btwdins.exe | Bluetooth Service |
| bobo | L | momo | panda platinium antivirus |
| Boeing Permissions Elevator | L | elevate.exe | The Boeing Company (internal use) |
| Boingo Monitor Service | L | wmonitor.exe | Boingo's Free_Wi-Fi_Software |
| Bonjour Service | L | mDNSResponder.exe | Create's a network of computers and smart devices. Made by Apple Computer, Inc. For more information Click_Here File location is in the Program Files\Gizmo Project folder. |
| BoolTern (BoolTern) | X | svch0st.exe | Added by the W32/Tilebot-U WORM! Note: This (svch0st.exe) is not the legitimate Windows process (Which is always found in the System32 folder, also notice the difference in the spelling.) The legitimate Windows process (svchost.exe) should not be seen in Msconfig or as a Startup item. This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Boonty Games | X | Boonty.exe | Boonty_Games Used with Boonty box. Will not uninstall from Add/Remove programs. This is from their Privacy Policy. "We also may share payment information with third parties who provide payment services and share aggregate data regarding the type and number of videogames you download, your age, gender, occupation, education level, geographic location, computer equipment data and on-line and video game interests, activities and practices to game publishers. In addition, we share e-mail addresses with third party e-mail carriers who assist us in sending out our e-mails to many of our customers at the same time. Subsidiaries and controlled affiliates are not viewed as third parties for the purpose of data transfers, and hence personal information may be shared within those subsidiaries and affiliates without obtaining additional consent." |
| Broadcom ASF IP monitoring service v3.0.1 | L | basfipm.exe | Related to Broadcom communications - hardware. |
Brother BidiAgent Service for Resource manager (brmfbags) | L | BrmfBAgS.exe | Related to Brother_BidiAgent Service products, from Brother Industries. Note: Located in C:\WINDOWS\System32\ |
| Brother Popup Suspend service for Resource manager | L | Brmfrmps.exe | Brother printer related |
| Browser | X | svchost.exe -k Browser | Added by the Fuwudoor TROJAN! |
| BrSplService | L | brsvc01a.exe | related to Brother Industries Ltd |
| BT Modem Lock | L | ModemLock.exe | Related to NetProtector Parental control. |
| BUFFALO Wireless Configuration Service (bwcsrv) | L | bwcsrv.exe | Related to BUFFALO_Wireless Configuration Service Note: Located in C:\WINDOWS\System32\Drivers\ |
| Buffalo Wireless Service (BWSVC) | L | bwsvc.exe | Related to Buffalo_Wireless_Service The Multimedia Combo Set by SANSUN Industries. Note: Located in C:\Program Files\BUFFALO\Client Manager 2\ |
| BullGuard Email Monitoring (BsMailProxy) | L | svchost.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BullGuard File Monitoring (BsFileSpy) | L | svchost.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BullGuard Firewall (BsFirewall) | L | svchost.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BullGuard LiveUpdate (BGLiveSvc) | L | BullGuardUpdate.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BullGuard Main (BGMainSvc) | L | svchost.exe | Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\ |
| BusinessC (BusinessContinuity) | X | msstl.exe | Added by the SDBOT.CJR WORM! Read the link, rootkit type stealth involved. |
| Bytemobile Web Configurator (bmwebcfg) | L | bmwebcfg.exe | Related to Bytemobile Inc. Mobile Content Filtering. |
| C-DillaCdaC11BA | O | CDAC11BA.EXE | copy protection software |
| C-DillaSrv | L | CDANTSRV.EXE | C-Dilla License Management software from MacroVison |
| CA ISafe | L | isafe.exe | Related to Computer Associates virus software. |
| CA License Client | L | lic98rmt.exe | Computer Associates |
| CA License Server | L | lic98rmtd.exe | Computer associates |
| CA Pest Patrol Realtime Protection Service (ITMRTSVC) | L | ITMRTSVC.exe | Related to CA_Pest_Patrol Realtime Protection Service Note: Located in C:\Program Files\CA\PPRT\bin\ |
| CaCCProvSP | L | ccprovsp.exe | Related to eTrust_Internet_Security_Suite from Computer Associates International Inc. Note: Located in C:\Program Files\CA\eTrust Internet Security Suite\ |
| CachemanXP | L | CachemanXP.exe | CachemanXP Memory Manager |
| CAILI | L | caili.exe | related to CarryIco Software, installed by a flash card reader driver setup utility. |
| CAISafe | L | ISafe.exe | Part of eTrust EZ Antivirus |
| CanerServer | X | caner.exe | Troj/Hupigon-ES |
| Canon BJ Memory Card Manager | L | Bjmcmng.exe | Canon Bubblejet Memory Card Utility |
| Canon Camera Access Library 8 (CCALib8) | L | CALMAIN.exe | Canon digital camera software that provides additional configuration options for the devices. |
| Canon Driver Information Assist Service | L | CnxDIAS.exe | CANON Driver Information Assist Core Module. This file should be found in the Program Files\Canon\DIAS folder. |
| Canon PIXMA iP6000D Memory Card Manager | L | PDUiP6000DMemCrdMgr.exe | Related to Canon PIXMA iP6000D Bubble Jet printer |
| Capture Device Service | L | DevSvc.exe | Related to Capture_Device InterVideo Service. Note: Located in C:\Program Files\Common Files\InterVideo\ |
| Capture Service (CaptureService) | L | CaptureService.exe | Related to Impact_360 from Witness Systems, Inc. Workforce management. Note: Located in C:\WINDOWS\system32\DirectX\ |
| Carbon Copy Scheduler (CarbonCopyScheduler) | L | schdsrvc.exe | Related to Alteris services. http://www.altiris.com |
| CarboniteService | L | carboniteservice.exe | Related to Carbonite_online_backup automatically backs up all the the files on your computer. |
| Card Adapter (NETDown) | X | smss.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This is not the legitimate Windows Process smss.exe. (Which is found in the System32 folder.) This worm/trojan file (smss.exe) is found in the Windows or Winnt folder. |
| cdmonsvc32 | X | cmmonsvc32.exe | Worm.Opanki_Variant.Process Note: Located in %windir% |
| Cdsys (Cdsys) | X | cdcd.sys | Added by the Troj/Agent-IA TROJAN! Note: This trojan file is found in the System32 folder. |
CE-Infosys Security System (CE-Infosys Security Service) | ? | ceisvc.exe | Seems to be legit, belongs to this company Ce-infosys_suite It will be left as unknown until more is found out about the company. |
| CeEPwrSvc | L | CeEPwrSvc.exe | Related to TOSHIBA and COMPAL ELECTRONIC INC. |
| CelInDrv | X | CelInDriver.sys | Win32/Agent.ABF Note:Located in %system% Read the link, collects sensitive information |
| CentennialClientAgent | L | CAgent32.exe | Related to Centennial UK Limited - http://www.centennial.co.uk/ |
| CentennialIPTransferAgent | L | xferwan.exe | Related to Centennial UK Limited - http://www.centennial.co.uk/ |
| cFosSpeed System Service (cFosSpeedS) | L | spd.exe | cFos_Software Internet acceleration program related. Note: May be necessary for the software to work properly. |
| change me please (VIRUS) | X | sysdat.exe | Added by the W32/Tilebot-L WORM! |
| Changed me (Patch) | X | systemz32.exe | W32/Tilebot-JD Read the link, allows remote access and uses rootkit stealth |
| Charter High-Speed Security Suite | O | SERVIC~1.EXE | Related to F-Secure, Backweb application |
| chckntfs | X | chckntfs.exe | Added by the W32/Tilebot-EF WORM! Note: This worm\trojan is located in C:\%WINDIR%\ |
| chkext(chkext) (chkext) | X | chkext.exe | Added by the W32/Sdbot-CRW WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Chong3 Me (MlCR0SOFTS UPDATE) | X | N0RTAN.EXE | Added by the SDBOT.CNM WORM! Read the link, rootkit type stealth involved. |
| Chong3 Me (MlCR0SOFTS UPDATEe) | X | lexplarer.exe | Added by the SDBOT.CWB WORM! Read the link, rootkit type stealth involved. |
| cics.REGION1 | L | cicssvc.exe | Related to IBM Corp. |
| cics.REGION2 | L | cicssvc.exe | Related to IBM Corp. |
| cicssfs.SCMMC223 | L | cicssfssvc.exe | Related to IBM Corp. |
| cidaemon | L | .exe | Microsoft Indexing Service filter daemon |
| cidaemon | L | cidaemon.exe | Microsoft Indexing Service filter daemon |
| Cisco Configuration Service (CCS) | L | ccs.exe | Related to Related to Cisco_Systems Note: Located in C:\WINDOWS\system32\ |
| Cisco Systems, Inc. STC Agent (STCAgent) | L | agent.exe | Related to Cisco Systems inc. SSL VPN Client, Note: located in C:\Program Files\Cisco Systems\SSL VPN Client\ |
| Cisco Systems, Inc. VPN Service | L | cvpnd.exe | part of Cisco VPN |
| Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal) | L | ctxcpubal.exe | Related to Citrix MetaFrame |
| Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched) | L | ctxcpusched.exe | Related to Citrix MetaFrame |
Citrix CPU Utilization Mgmt/User-Session Sync (CTXCPUUsync) | L | ctxcpuusync.exe | Related to Citrix MetaFrame |
| Citrix Print Manager Service (cpsvc) | L | CpSvc.exe | Related to Citrix MetaFrame, control Printer Management. |
| Citrix SMA Service | L | SmaService.exe | Related to Citrix MetaFrame |
| Citrix Virtual Memory Optimization | L | CtxSFOSvc.exe | Related to Citrix MetaFrame, Monitors all DLLs on a server to find where collisions are occurring |
| Citrix WMI Service (CitrixWMIService) | L | ctxwmisvc.exe | Related to Citrix MetaFrame |
| Citrix XML Service (CtxHttp) | L | ctxxmlss.exe | Related to Citrix MetaFrame |
| Citrix XTE Server (CitrixXTEServer) | L | XTE.exe | Related to Citrix MetaFrame |
| CL500_510 Remote Server | L | KaNTSRV.exe | Related to Panasocic_Color_Laser_Printer server. Note: Located in C:\PROGRAM FILES\PANASONIC\REMOTE SERVER\ |
| Client Debug Manager | X | spoolvc.exe | W32/Sdbot-DCX Read the link, allows remote access |
| Client Disk Manager | X | symon.exe | Added by the W32/Tilebot-IN WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Client IP-IPX | X | svchosts.exe | Added by a variant of the W32/SDBOT WORM! Note: Located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K) |
| Client Network (CdmService) | L | cdmsvc.exe | Related to Citrix MetaFrame, maps client drives and peripherals for access in ICA sessions. |
| Client Server Runtime Proces | X | csrss.exe | Added by the WORM_SDBOT.BTI WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Malicious activities read the topic. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. |
| Client Server Runtime Process | L | csrss.exe | Microsoft Client Server Runtime Process |
| Client Server Runtime Service (csrss32) | X | csr.exe | Added by the W32/Sdbot-AFM WORM! Note: This worm file is found in the Windows or Winnt folder. |
| Client Update Service for Novell | L | cusrvc.exe | Related to Novel server. |
| Client/Server Runtime Server Subsystem (CSRSS) | X | csrss.exe | W32/IRCBot-UN Note: Located in %windir%, not to be confused with the legitimate file in %windir%\system32 (%windir%\system on windows 98/ME) Read the link, allows remote access and steals information |
| Client32 | L | client32.exe | NetSupport Manager by "NetSupport Ltd.". |
| Cliente de seguimiento de vinculos distribuidos | L | services.exe | Spanish Windows 2000 distributed links tracking client |
| Cliente DHCP | L | services.exe | Spanish Windows 2000 DHCP client |
| Cliente DNS | L | services.exe | Spanish Windows 2000 DNS client |
| Clients Server Runtime Process | X | csrss.exe | Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR% This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| Clients Server Runtime Process (Windows Internet) | X | csrss.exe | Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| clmss (Content List Management Sub System) | X | clmss.exe | Added by the W32/Tilebot-AO WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Cobian Backup 8 service (CobBMService) | L | cbService.exe | Related to Cobian_Backup An Open Source projects. Note: Located in C:\Program Files\Cobian Backup 8\ Note Open souce project can be modified. Make sure you scan the program with a Virus protection program before using. |
| Codec | X | WINCODEC.EXE | Added by the SDBOT.CJO WORM! Read the link, rootkit type stealth involved. |
| Cognos ReportNet | L | cogbootstrapservice.exe | Related to Cognos_ReportNet Business Intelligence software. Note: located in C:\Program Files\Cognos\crn\bin\ |
| ColdFusion Graphing Server | L | JRun.exe | Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc. |
ColdFusion Management Repository Server (ColdFusion Management Repository) | L | jrun.exe | Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc. |
| ColdFusion Management Service | L | CANamingAdapter.exe | Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc. |
| ColdFusion Monitoring Service (ClusterCATS Service) | L | ccmgr.exe | Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc. |
| ColdFusion MX Application Server | L | jrunsvc.exe | Related to Macromedia Cold Fusion software. |
| ColdFusion MX ODBC Server | L | swstrtr.exe | Related to Macromedia Cold Fusion software. |
| COM Host | L | comHost.exe | Related to Norton/Symantec Internet Security |
| COM Message Transfer (mscommt) | X | svchost.exe -k mscommt | Added by the Troj/Dbit-A TROJAN! |
| COM+ Component Service (COMCSVC) | X | winmgnt.exe | Added by unknown malware, the file winmgnt.exe may be a Serv-U FTP server used to download other malicious files to your computer. File location is in the System32 folder. |
| COM+ Interface (svcmngr) | X | svcgirl.exe | Added by an unknown malware. Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder. |
| COM+ Messages | X | svchosts.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| COM+ System Client (ComSysCnt) | X | cmsvc.exe | Identified as the SdBot.bis worm Note: This worm is located in C:\WINDOWS\repair\ |
| COM+ System Service (COMSS) | X | SSMS.EXE | Added by unknown malware. File location is in the System32 folder. |
| COM+ System Service (DLLHOST) | X | dllhost.exe | Added by the Backdoor.Win32.SdBot.xd as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| COM+ System Source (COMSysSRC) | X | vmnat.exe | W32/Tilebot-JE Note: Located in %windir%\system32 Read the link, allows remote access |
| Command Service (cmdService) | X | command.exe | Adware |
| CommServer | L | CommSvr.exe | Related to the HiPath 1220 digital PBX system from Siemens. For more information Click_Here File location is in the Program Files\Siemens\HiPath 1220\CommServer2.0 folder. |
| Comodo Application Agent (CmdAgent) | L | cmdagent.exe | Related to Comodo_Firewall from Comodo. Note: Located in C:\Program Files\Comodo\Firewall\ |
| Compaq Advisor | L | compaq-rba.exe | Related to Compaq |
| Compaq DMI Web Agent | L | WebDmi.exe | Related to Compaq Computer. |
| Compaq Local Alerter | L | cpqalert.exe | Related to Compaq Computer. Allows for "fault, performance, and configuration management". Recommended for corporate users only. |
| Compaq Local Alerter (CPQALERT) | L | CPQAlert.exe | Related to compaq products |
| Compaq Presario SSH | X | cpsd.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K) |
| Compaq Remote Diagnostics Enabling Agent | O | Cpqdfwag.exe | Related to Compaq diagnostics utility. |
| Compuware Open Server | L | cwjboss.exe | Compuware Serversoftware |
| comrepl | X | comrepl32.exe | Added by the W32/Rbot-DNH WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| comrepl | X | comreplsvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Config Loader | X | scvhost.exe | several Agobot variants |
| ConfigFree Service | L | CFSvcs.exe | Toshiba related |
| Configuration Loader (bF) | X | wincrt32.exe | Virus and Trojan tools. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JP&VSect=Sn |
| Configuration Loading | X | svchos1.exe | several Agobot variants |
| Connected Agent Service (AgentSrv) | L | AgentSrv.EXE | Related to Connected Corporation. - http://www.connected.com/ |
| Connected Launcher | L | CBlaunch.exe | Connected backup software |
| Connected RegCap | L | CBRegCap.EXE | Connected backup software |
| Connection Rese | X | webadmin.exe | W32/Forbot-FY adds this, with a display name of Website Administrator Info. |
| Content Index service | L | cisvc.exe | Microsoft Content Index service |
| Content Monitoring Tool | L | msCMTSrvc.exe | Compaq CMTS |
| ContentProtect (CwCpSvc20) | L | cwsvc.exe | Related to ContentWatch Parental Control Internet Filter. |
| Contivity VPN Service | L | Extranet_serv.exe | Related to Novel server. |
| Contour Shuttle Device Engine (ShuttleEngine) | L | ShuttleEngine.exe | Related to Contou_Design |
| Control Services | X | expl0rer.exe | Win-Trojan/BlackHole.125440 |
| Control Task Manager | X | cvsys.exe | Added by an unidentified TROJAN! Note: of the IRC/bot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| COSIDS_TB | L | TbMux32.exe | Related to http://www.transaction.de/ |
| coste | O | martinr.coste@neuf.fr | antivirus |
Cox High Speed Internet Security Suite System Service (AuthSysSvc) | L | SysSvcNt.exe | Related to Cox High Speed Internet Security Suite System Service. Note: Located in C:\Program Files\Cox\Applications\app\ |
| cpanelx (Microsoft Control Panel) | X | cpanelx.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm file is found in the Windows or Winnt folder. |
| cpqdmi | L | cpqdmi.exe | Compaq version of the Desktop Management Interface |
| CPUCooLServer Service (CPUCooLServer) | L | CooLSrv.exe | Part of CPUCooL |
| CQG Installation Service | L | cqginsts.exe | Related to CQG, Inc. CQG provides extensive historical data online for charting and technical analysis. |
| crauto | L | crauto.exe | Background task of the Paragon Encrypted Disk software which enables you to have encrypted virtual hard disks to store sensitive data. (answers that work) |
| Creative Labs Licensing Service | L | CreativeLicensing.exe | Related to Creative Labs Licensing Service. Note: located in C:\Program Files\Common Files\Creative Labs Shared\Service\ |
| Creative Service for CDROM Access | L | CTsvcCDA.exe | Creative Service for CDROM Access |
| crss32.exe | X | crss32.exe | Added by the W32/Tilebot-GT WORM! Note: This worm\trojan is located in C:\%WINDIR% |
| Crypkey License | L | crypserv.exe | CrypKey Software Licensing System from Cobalt Systems |
| Cryptainer service (ssoftservice) | L | ssoftsrv.exe | Owner:Cypherix Cypherix Encryption Software |
| Cryptic Protected Storage (CryptProtectedService) | X | cpstorage.exe | Added by the W32/Tilebot-HO WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Cryptographic Engine (EngSvc) | X | csvc.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Crystal APS (CrystalAPS) | L | CrystalAPS.exe | Related to Crystal_APS Now owned by Business Objects. Note: Located in C:\Program Files\Seagate Software\Enterprise\x86\ |
| Crystal Cache Server (CacheServer) | L | cacheserver.exe | Crystal_Decisions_Cache_Server Now owned by Business Objects |
| Crystal Event Server | L | EventServer.exe | Crystal Decisions Event Server |
Crystal Input File Repository Server (CrystalInputFileServer) | L | inputfileserver.exe | Crystal_Decisions_File_Repository_Server Now owned by Business Objects. |
| Crystal Management Server | L | CrystalMS.exe | Crystal Decisions Management Server |
Crystal Output File Repository Server (CrystalOutputFileServer) | L | outputfileserver.exe | Crystal_Decisions_Output_File_Repository_Server Now owned by Business Objects |
| Crystal Program Job Server | L | ProgramServer.exe | Crystal Decisions Job Server |
| Crystal Report Application Server | L | crystalras.exe | Crystal Decisions Report Application Server |
| Crystal Report Job Server (JobServer_Report) | L | JobServer.exe | Crystal_Decisions_Report_Job_Server Now owned by Business Objects |
| Crystal Web Component Server (WebCompServer) | L | WebCompServer.exe | Related to Crystal Decisions Enterprise software. Now owned by Business_Objects Note: Located in C:\Program Files\Seagate Software\WCS\ |
| CsdDriver | X | CsdDriver.sys | Troj/Goldun-EE |
| CTI Central Management | X | cti.exe | Lowers IE security settings |
| Curtains for Windows System Service (CurtainsSysSvc) | L | CurtainsSysSvcNt.exe | Related to Authentium, Inc. http://www.authentium.com/ |
| CVSNT 2.5.01.1927 Dispatch service (cvsnt) | L | cvsservice.exe | Related to CVS_on_NT service Machines. From March Hare Software. Note: Located in C:\Program Files\CVSNT\ |
| CVSNT 2.5.01.1927 locking service (cvslock) | L | cvslock.exe | Related to CVS_on_NT service Machines. From March Hare Software. Note: Located in C:\Program Files\CVSNT\ |
| CWAFAdminController | L | CWAFAdminController.exe | Compuware Seversoftware |
| CWAFAdminMonitor | L | CWAFAdminMonitor.exe | Compuware Serversoftware |
| CWAFEventRouter | L | cwafservice.exe | Compuware Serversoftware |
| CWAFNotesService | L | CWAFNotesService.exe | Compuware Serversoftware |
| CWAFReportScheduler | L | CWAFSchedService.exe | Compuware Serversoftware |
| CWAFRmiRegistry | L | CWAFRmiRegistry.exe | Compuware Serversoftware |
| CWShredder Service | L | CWShredder.exe | CWShredder tool from Trend Micro. |
| CXPT_Service - Cyberspace Headquarters, LLC | L | wcservice.exe | Related to Internet_Security Suite from COSMI Corp. |
| CyberArmor Run Service | L | casvc.exe | CyberArmor an Enterprise Class Personal Firewall |
| Cyberhawk | L | CHService.exe | Related to Cyberhawk from Novatix, Protects against Viruses, Spyware, Identity Theft. Note: Located in C:\Program Files\Novatix\Cyberhawk\ |
| CyberLink Background Capture Service (CBCS) (CLCapSvc) | L | CLCapSvc.exe | Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp |
| CyberLink Media Library Service | L | CLMLServer.exe | Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp |
| Cyberlink RichVideo Service(CRVS) (RichVideo) | L | RichVideo.exe | CyberLink RichVideo is an advanced technology designed to save precious video editing time. |
| CyberLink Task Scheduler (CTS) (CLSched) | L | CLSched.exe | Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp |
| CYGWIN cygserver (cygserver) | L | cygrunsrv.exe | Related to Cygwin_RedHat powerful tools to assist developers in migrating applications from UNIX®/Linux to the Microsoft® Windows®; platform. Note: located in C:\Apps\cygwin\bin\ |
| CypressLink | L | CypressLinkService.exe | Related to Related to CypressViewer from Siemens. Medical software. Note: Located in C:\Program Files\Acuson\CypressViewer\Bin\Release\ |
| D-Link IP servellience Launcher (D-Link_ST3402) | L | Launcher_DL.exe | Related to D-link Software. Note: Located in C:\Program Files\D-Link\IP surveillance\ |
| DameWare Mini Remote Control | L | DWRCS.EXE | Related to DameWare Development |
| DameWare NT Utilities 2.6 (DNTUS26) | L | DNTUS26.EXE | Related to Dameware_NT_Utilities program that allows remote access and control of a computer. This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed. Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K) |
| dashsvc | L | Dashsvc.exe | Motion computer pen interface. :Owner: Motion Computing Inc. |
| Data Protector Inet | L | OmniInet.exe | Related to Hewlett-Packard OpenView OmniBack II |
| Datakey's Log Service (DkLogger) | L | DkLog.exe | Made by Datakey, Inc. |
| Datakey's Token Service (DkTknSrv) | L | dkcktkn.exe | Made by Datakey, Inc. |
| DataSvr | L | DataServer.exe | Related to Wave_Systems_Corp An identity protection application that is configured to use digital certificates. |
| Datax Sagef Server (SagefServer) | L | Datax.Sagef.Server.exe | Related to DataX Server. Note: Located in C:\Program Files\Datax\Servidor Sagef\ |
| DB2 - DB2 (DB2) | L | db2syscs.exe | Related to IBM Corp. |
| DB2 - DB2DAS00 (DB2DAS00) | L | db2syscs.exe | Related to IBM Corp. |
| DB2 Governor (DB2GOVERNOR) | L | db2govds.exe | Related to IBM Corp. |
| DB2 JDBC Applet Server | L | db2ccs.exe | Unknown.Found in an IBM application. |
| DB2 JDBC Applet Server (DB2JDS) | L | db2jds.exe | Unknown, found in a IBM application. |
| DB2 Remote Command (DB2REMOTECMD) | L | db2rcmd.exe | Related to IBM Corp. |
| DB2 Security Server (DB2NTSECSERVER) | L | db2sec.exe | Related to IBM Corp. |
| DB2DAS - DB2DAS00 | L | db2dasrrm.exe | IBM DB2 related. The DB2 Admin Server process. This process supports both local and remote administration requests using the DB2 Control Center. |
| Dcfssvc | L | dcfssvc.exe | Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can\'t load pictures from your camera/dock - Kodak\'s dock is an example |
| Dcom Helper (DcmHlp) | X | dcmhelp.exe | Addec by the W32/Sdbot-AJA WORM! Note: This worm\trojan is located in C:\%WINDIR%\ |
| DCOM PC Service (mspcdcom) | X | mspcdcom.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| DCPFLICS | L | DCPFLICS.exe | Related to: Discreet Turbosquid/3dsmax Plugin Protection |
| DCS Loader | L | OPHALDCS.EXE | Print spooler service for Oki_Data printer |
| dcznetv2 (dcznetv2) | X | dcznetv2.exe | Added by the W32/Tilebot-O WORM! Note: This worm/trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| DDE de red | L | netdde.exe | Spanish Windows 2000 network DDE |
| Debug Config System | X | lrsys.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Debug System Manager | X | spoolvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Deepsight Extractor | L | ExtractorService.exe | Symantec Security Analyser |
| DeepSight Extractor CC Service | L | ccExtractorService.exe | Related to Symentec corp. |
| DeepSight Extractor Service for NPF03 | L | ExtractorServiceNPF03.exe | Symantec Security Analyser |
| DeepSight Extractor Service for NPF04 | L | ExtractorServiceNPF04.exe | Symantec Security Analyser |
Defragmentation Management Handler (FAT Defragmentation) | X | dfrgfat32.exe | Added by the W32/Codbot-AB WORM! Note: This worm\trojan file is found in the System32 folder. |
| DefWatch | L | defwatch.exe | Symantec Antivirus related |
| Dell Printer Status Watcher (DLPWD) | L | DLPWDNT.EXE | Related to Dell_Printers Note: Located in C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\ |
| Dell Wireless WLAN Tray Service (wltrysvc) | L | WLTRYSVC.EXE | Related to wireless networking for Broadcom wireless network cards, found on Dell PCs |
| DellDmi | L | DellDmi.exe | Related to Dell's OpenManage software. |
| DEventAgent | L | EventAgt.exe | Related to: Dell OpenManage and used for server management. |
| DEVICEMAP | X | DEVICEMAP.SYS | Added by the TROJ_ROOTKIT.O TROJAN! Read the link, rootkit type stealth involved. |
| DF5Serv | L | DF5Serv.exe | By Faronics Corporation |
| dgtsys (dgtsys) | X | dgtsys.sys | Added by Adware-DigitalNames |
| DHCP Client (Ulead Service) | X | dhcpclient.exe | Added by the W32/Codbot-AG WORM! |
| Diagnostic Facility COM Server (CdfSvc) | L | CdfSvc.exe | Related to Citrix MetaFrame Presentation Server |
| DiamondCS Process Guard Service v3.000 | L | dcsuserprot.exe | process guard |
| DigiCtrl | L | digisc.exe | Related to Matrox_Electronic_Systems DigiSuite Service Control |
| Digidesign MME Refresh Service (DigiRefresh) | L | MMERefresh.exe | Related to Digidesgin Protocols Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R |
| digiSPTIService | L | digiSPTIService.exe | Related to Pro_Tools digital audio workstation (DAW) technology. |
| Digitizer Service (Digitizer) | L | digtizer.exe | Related to Digitizer_Service from Wacom Tech. Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Dimension4 | L | D4.exe | Related to Dimension4 Thinking Man Software - Note: Located in C:\Program Files\D4\ |
| direct sound rss (dsrss) | X | dsrss.exe | Added by the Backdoor.SdBot.xd as identified by ewido. Note: This worm\trojan is located in C:\%WINDIR%\ |
| DirectUpdate engine | L | DUService.exe | Direct Update - registers dynamic IPs to a fixed hostname |
| DirectX Debug Service (DXDebug) | L | DXDebugService.exe | Related to the Microsoft DirectX SDK and offers a debug facility for this development suite. |
| DirectX Drivers | X | D1rectX.exe | Added by the SDBOT.CIF WORM! This should not be confused with Microsoft DirectX files. Read the link, rootkit type stealth involved. |
| DirectX Graphics (dxdmain) | X | dxdmain.exe | Added by the W32/Codbot-O WORM! |
| DirectX Service (Cakad) | X | explorer.exe | Troj/DwnLdr-GTD Read the link, allows remote access |
| DirectX Service (DirectFezt) | X | explorer.exe | Troj/Crybot-G Note: Located in the downloaded program files folder Read the link, allows remote access |
| DirectX Service (DirectService) | X | directx.exe | Added by the Troj/Crybot-B TROJAN! This should not be confused with Microsoft DirectX files. Note: Allows a remote intruder to gain access and control over the computer through IRC channels. |
| DirectX Service (DirectValk) | X | explorer.exe | Added by the Troj/Crybot-F TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| DirectX Service (DirectXopm) | X | explorer.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\COMMAND\ Folder. Note This should not be confused with C:\%WINDIR%\explorer.exe which is the Microsoft Operating file. |
| directx.exe | X | directx.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. |
| DIRECWAY Webcast (DPC_SRV_WEBCAST) | L | dpcproxy.exe | Related to DIRECWAY Webcast - http://www.directway.com/ |
| DirMS_Defragmentation | L | DirmsService.exe | Related to DirMS_Defragmentation from DIRMS. Allows the user to defragment hard drives with a user-friendly GUI. Note: Located in C:\Program Files\MATCO\ |
| Disk Checker Service (Check Disk) | X | chkdsk.exe | Added by the W32/Tilebot-IS WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Read the link |
| Disk Indexing Service (DiSVC) | X | disvc.exe | Added by the Troj/IRCBot-UX TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Disk Management Service (VxSvc) | L | VxSvc.exe | Related to Dell Open Management system. http://www.what-process.com/process-info.aspx?p=VxSvc.exe |
| Disk Monitor Services (DiskMon32) | X | svchost.exe -k dmon | Added by the Hanmon TROJAN! Note: This trojan file is found in the System32 folder. |
| Diskeeper | L | DkService.exe | Executive Software's Diskeeper (Defragmenter) |
| Distributed Link Tracking Extensions | X | kernel32dll.exe | Added by the W32/Myfip-I worm. |
| Distributed Link Tracking Service (TrkWksvc) | X | TrkWksvc.exe | Added by the W32.Toxbot.B WORM! |
| Distributed Transaction Coordinator (MSDTC) | L | msdtc.exe | Related to the Distributed_Transaction_Coordinator on Windows 2003. Note: Located in C:\%WINDIR%\System32\ |
| Distributed Transaction Server (MSDCT) | X | msdtc.exe | Troj/Hupigo-SJ Read the link, allows remote access |
| distributed.net client | X | iosdt.exe | You have a Trojan virus on your PC . IOSDT.EXE is its main file. You most probably tried to download illegal copies of Microsoft software, and got infected by this trojan virus as a result (it gives access to your PC from the Internet). |
| distributed.net client (dnetc) | L | dnetc.exe | Client part of the dstributed.net general-purpose distributed computing project. |
| DK2 Network Server (DNServer32) | L | DNSrv32.exe | Related to DESkey_Hardware reliable and flexible means to protect your software from piracy. Note: Located in C:\Program Files\DESkey\DK2 Network Server\ |
| DkeySync | L | syncservice.exe | Related to GE_Security_Supra Note: Located in c:\program files\ge security supra\ |
| dlbt_device | L | dlbtcoms.exe | Something by Dell Computers |
| dlbu_device | L | dlbucoms.exe | Related to Dell computers |
| dlbx_device | L | dlbxcoms.exe | Related to Dell computers. |
| dlcc_device | L | dlcccoms.exe | Dell printer related. File is found in the System32 folder. |
| dlcg_device | L | dlcgcoms.exe | Related to Dell_Printer Communication System Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| dlcj_device | L | dlcjcoms.exe | Related to Dell Photo AIO Printer, may be the driver. |
| DLL Manager (mswindll) | X | mswindll32.exe | Added by the W32/Tilebot-AQ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| dllmgr64 | X | dllmgr64.exe | Added by a Backdoor.SdBot.xd trojan identified by EWIDO. Note: This worm\trojan is located in C:\%WINDIR%\ |
| DLT - Dell Computer Corporation | L | DLT.exe | Related to Dell OpenManage system management software |
| DM Primer (DMPrimer) | L | dmprimer.exe | Related to Unicenter_Remote_Control_Host From Computer Associates Note: Located in C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\ |
| DM1Service | L | DM1Service.exe | Related to OLYMPUS Corporation |
| dmisrv | L | dmisrv.exe | Appears to be part of Dell OpenManage_Client_Instrumentation Software. |
| dmserver | X | svchost.exe -k dmserver | Added by the Fuwudoor TROJAN! |
| DNS Client Service | X | svshost.exe | Identified as the SdBot.awe worm Note: This worm is located in C:\%WINDIR%\System32\ |
| DNS Manager (dnsmgr) | X | dnsmgr.exe | Added by a variant of W32.Wargbot WORM! Note: This worm is located in C:\%WINDIR%\System32 |
| DNS Server (DNS Server) | X | svchost.exe | Added by the Troj/Feutel-Y TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This trojan file is found in the Windows or Winnt folder. |
| DNS4Me Client (DNS4MeClient) | L | DNS4MeClient.exe | Related to Dynamic_DNS_service from RhinoSoft.com that makes it possible for you to start hosting your own web site, FTP server, mail server, and more. |
| DNSCacheReader | X | j[random number].exe | Troj/TinyDL-J Note: Located in C:\Windows\System32 |
| DNSexit | L | dnsexit_srv.exe | Provides reliable DNS Services free of charge to top level domains for both business and internet users. http://www.dnsexit.com/ |
| dnWhoDisp | L | dnwhodisp.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Documentum Desktop Component Installer | L | DcComponentInstaller.exe | Related EMC_Corporation Content management software. |
| Download Manager Lite Service (DownloadManagerLite) | L | dm.exe | Related to Net_Cable TV. Note: Located in C:\Program Files\NCTV\bin\ |
| DPI Assistant Service (srvdpi) | L | srvdpi.exe | Related to Ositech_Communiction Service. Note: Located in C:\WINDOWS\System32\ |
| Dragon Age - Bioware | X | dragonage.exe | Added by the W32/Vanebot-M WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ dllcache\ (XP/WinNT/2K) Will try to teminate virus protections software. |
| Driver Cache (Driver Cache) | X | Driver Cache.exe | Added by the Troj/Feutel-S TROJAN! |
| DSDM de DDE de red | L | netdde.exe | Spanish Windows 2000 network DDE DSDM |
| dservice | X | dservices.exe | W32/Spybot-NM Note: Located in %windir%\system32\dllcache Read the link, allows remote access |
| DTS Agent | L | tngdta.exe | Computer Associates Data Transport Service Agent |
| DTS Browser | L | tngdoba.exe | Computer Associates Data Transport Service Browser |
| DTS Metrics Gatherer | L | tngdtmg.exe | Computer Associates Data Transport Service |
| DUN Manager Service | ? | dmservc.exe | Dial-up and routed networking enhancement - http://www.magsys.co.uk/dunman/ |
| DUN_SERVICE3 | X | dun3.exe | Added by the Trojan.Sokiron TROJAN! |
| DVD-RAM_Service | L | DVDRAMSV.exe | DVD driver |
| DVDrealm (DVDrealm) | X | DVDrealm.sys | Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved. |
| DvpApi | L | dvpapi.exe | Command Software Systems, Inc. - anti Virus |
| dx32hhec | X | dx32hhlp.exe | Added by the Nemog TROJAN! |
| Dynamic Library Host (DLLHOSTS) | X | dllhost.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: Note: This worm\trojan is located in C:\%WINDIR%\ More here |
| DynamicHost (DLHOST) | X | dlhost.exe | Added by the W32/Tilebot-BO WORM! Note: This worm file is found in the Windows or Winnt folder. |
| E6F7BD90 | X | Random_Name.exe | Troj/BDoor-ADP |
| E8CA85CC | X | E8CA85CC.EXE | Troj/JD-A Read the link, steals information |
EarthLink Firewall Process Path Service (ElnkFWPPService) | L | EFWPPS~1.EXE | Related to EarthLink_Firewall Process. Note: Located in C:\Program Files\EarthLink\Protection Control Center\ |
EarthLink Protection Control Center Service (ELNKService) | L | ELNKServ.exe | Related to EarthLink_Protection_Control Center Service. Note: Located in C:\Program Files\EarthLink\Protection Control Center\ |
| EarthLinkSafeConnectAgent | L | SanaAgent.exe | Part of the EarthLink protection center |
| Earthworks License Manager | L | ewlicense_manager_nt.exe | Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Note: Located in C:\Program Files\Common Files\Earthworks |
| Earthworks License Services | L | LicenseServicesNT.exe | Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Located in C:\Program Files\Common Files\Earthworks |
| Easy File & Folder Protector (ACDService) | L | EFPAP.exe | Easy_File_&_Folder_Protector Deny access to certain files and folders, or to hide them securely from viewing and searching |
| EC2007 Service 1.40 (EC2007Service) | L | ec27ser.exe | Electronic_Chart_Display_and_Information System (ECDIS). Data production for Electronic Navigational Charts. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| ECA (cpanel) | X | javapanel.exe | Added by the W32/Tilebot-Y WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| eEye Application Bus (eeyeevnt) | L | eeyeevnt.exe | Related to eEye Digital Security |
| eEye Retina Engine (RetinaEngine) | L | RetinaEngine.exe | Related to eEye Digital Security |
| Electronic Arts Licensing Service | L | EA Licensing Service.exe | Related to EA_Licensing_Service.exe is installed with some games from Electronic Arts. It is required for the games to run. Leave it alone if you want to play any games from EA Note: located in C:\Program Files\Common Files\Electronic Arts Shared\ |
| ELNK Update Service (ELNKUpdateService) | L | UpdateService.exe | Related to EarthLink's protection centre |
| EloSystemService | L | EloSrvce.exe | Elo TouchSystems, Inc. - http://www.elotouch.com |
| EloTouchscreen | L | EloTouch.exe | Related to Elo TourchSystems, Inc. |
| elpow_spy | X | elpow_spy.sys | Added by the ElpowKeylogger Spyware! Note: This file is found in the System32\drivers folder. Read the link, rootkit type stealth involved. |
| Emagic EMI System Tray Service (emitray) | L | emitray.exe | The tray icon of the emagic EMI 2/6 USB audio interface |
| EMCliSrv | L | EMCliSrv.exe | Related to Express_Metrix PC inventory and software usage tracking. Note: Located in C:\WINDOWS\system32\wex4962\ |
| Empty (m_hook) | X | m_hook.sys | Troj/BagleDl-CJ Note: Located in %windir%\system32 Read the link, rootkit stealth involved |
| Enables Java Support (Java) | X | winjava.exe | Added by the W32/Codbot-AA WORM! Note: This worm/trojan file is found in the System32 folder. (May use various filenames and will startup with system even in Safe mode.) |
| Enables Javascript Support (Javascript) | X | javascript.exe | Added by the W32/Codbot-V WORM! |
| Encryption Service | L | encsvc.exe | Related to Citrix MetaFrame |
| end task (Taskend) | X | Taskend.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Entrust Login Interface (ELIService) | L | etlisrv.exe | Related to Entrust Login Interface service, Made by Entrust Technologies Ltd. This file is found in the Windows or Winnt folder. |
| ENUFF Server (ENXPSVR) | L | ENSERVS.EXE | Enuff Parental Control Software by Akrontech |
| ENUFF XP Service (ENXPSVC) | L | CVSEXPSS.EXE | Enuff Parental Control Software by Akrontech |
| EP2005-SAGEM Usb Switcher (EpMonitor) | ? | EpMonitor.exe | Appears to be related to EpMonitor from "Eightfold Technologies" |
| EPrint III Service | L | LPSVS03N.EXE | Related to LEADTOOLS_ePrint From Lead Tech. Perform additional processing to your print job before sending it to the driver. |
| EPS Printer Driver | X | EPSONSYS.SYS | Added by the Goldun.I TROJAN! Note: This trojan file is found in the System32 (NT/2000/XP) folder. Also look for Winlogon Notify: printpnp - printpnp.dll |
EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) | L | EpStsSrv.exe | Related to EPSON_ESC/POS Status service by SEIKO EPSON Corp. Note: Located in C:\WINDOWS\SYSTEM32\ |
| Epson Printer Status Agent (StatusAgent) | L | SAgentNT.exe | Related to Epson_Printer Status agent. Note: Located in C:\Program Files\Common Files\EPSON\EBAPI\ |
| EPSON Printer Status Agent2 | L | SAgent2.exe | detects and configures an Epson Printer Port where applicable |
| Epson Printer Status Agent4 (StatusAgent4) | L | SAgent4.exe | Related to Epson Corp. |
| EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) | L | E_S00RP2.EXE | Related to the EPSON Status Monitor 3 |
| EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) | L | E_S00RP1.EXE | Related to the EPSON Status Monitor 3 |
| EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) | L | E_S30RP1.EXE | Epson status monitor |
| EpsonBidirectionalService | L | eEBSVC.exe | Related to Epson printers. |
| eRecovery Service (eRecoveryService) | L | eRecoveryService.exe | Related to eRecoveryService Management from Acer Empowering Technology Note: Located in C:\Acer\Empowering Technology\eRecovery\ |
| eScan Monitor Service | L | avpm.exe | eScan Antivirus |
| eScan Server-Updater | L | TRAYSSER.EXE | eScan antivirus |
| Escritorio remoto compartido de NetMeeting | L | mnmsrvc.exe | Spanish Windows 2000 Netmeeting remote desktop sharing service |
| Esker FTPD (ftpds) | L | WFTPDSNT.EXE | Related to Esker software |
| Esker License Control (EskerLicenseControl) | L | eslcbcst.exe | Related to Esker License control |
| Esker LPD (lpds) | L | WLPDSNT.EXE | Related to Esker software |
| Esker NFSD (nfsds) | L | WNFSDSNT.EXE | Related to Esker software |
| EstaciĂłe trabajo | L | services.exe | Spanish Windows 2000 "workstation" |
| ET54FG | X | ET54FG.SYS | Added by the TROJ_ROOTKIT.N TROJAN! Read the link, rootkit type stealth involved. |
| eToken Notification Service (ETOKSRV) | L | eTSrv.exe | Related to eToken Notification Service from Aladdin Knowledge Systems, Ltd. Authentication and password management. Note: Located in C:\WINDOWS\system32\ |
| eTrust Antivirus Job Server | L | InoTask.exe | Associated with eTrust Antivirus/InoculateIT |
| eTrust Antivirus Realtime Server | L | InoRT.exe | Related to eTrust's AntiVirus Internet Security solution. |
| eTrust Antivirus RPC Server | L | InoRpc.exe | Associated with eTrust Antivirus/InoculateIT |
| EUQ_Monitor | L | EUQMonitor.exe | Related to a Trend Micro product |
| Event Log Watch | L | LogWatNT.exe | Computer Associates |
| Event Monitor (evmon) | X | spoolcll.exe" -netcvs | Added by the W32.Spybot.IVQ WORM! |
| EvtEng | L | EvtEng.exe | Related to Intel Corporation http://www.what-process.com/process-info.aspx?p=EvtEng.exe |
| ewido anti-spyware 4.0 guard | L | guard.exe | Related to ewido_suite Note: located C:\Program Files\ewido anti-spyware 4.0/ |
| ewido security suite control | L | ewidoctrl.exe | Related to ewido networks |
| ewido security suite guard | L | ewidoguard.exe | Related to ewido networks |
| Examinador de equipos | L | services.exe | Spanish Windows 2000 computers browser |
| ExecView Communication Module (ECM) (ECM Service) | L | ECM.exe | Related to VERITAS_ExecView |
| Exten. controlador Instrumental de admon. de Windows | L | services.exe | Spanish Windows 2000 windows management instrumentation drive extension |
| Extend360 Agent (ServiceMgr) | L | ServiceMgr.exe | Related to Fiberlink's Extend360 TM mobile Note: Located in C:\Program Files\Fiberlink\Extend360\ |
Extended Windows Security (Microsoft Extended Windows Security) | X | elRecvr.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\ (Win9x/Me), C:\%WINDIR%\ (XP/WinNT/2K) |
| Externtelecom | X | extel.exe | Added by the W32/Sdbot-AAX WORM! Read the link, rootkit type stealth involved. |
| F-Prot Antivirus Update Monitor | L | fpavupdm.exe | Related F-Prot Antivirus Update Monitor by FRISK_Software_International |
| F-Secure 2006 (BackWeb Plug-in - 4476822) | L | SERVIC~1.EXE | Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder. |
| F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) | L | SERVIC~1.EXE | Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder. |
| F-Secure Anti-Virus Firewall Daemon | L | fsdfwd.exe | Related to F-Secure Corporation. |
| F-Secure Authentication Agent (FSAA) | L | FSAA.EXE | Related to F-Secure antivirus |
| F-Secure Automatic Update Agent (FSAUA) | L | fsaua.exe | Related to F-Secure Corporation. Note: Located in C:\Program Files\F-Secure\FSAUA\program\ |
| F-Secure BackWeb LAN Access | O | fsbwlan.exe | Related to F-Secure_BackWeb LAN Access. This File should be found in the Program Files\F-Secure Internet Security\backweb\7681197\program folder. |
| F-Secure Gatekeeper Handler Starter | L | fsgk32st.exe | Related to F-Secure Anti-Virus Prog. |
| F-Secure HTTP Server (fshttps) | L | fshttps.exe | F-Secure Corporation http://www.what-process.com/process-info.aspx?p=fshttps.exe |
| F-Secure Management Agent | L | FSMA32.EXE | Related to F-Secure Anti-Virus Prog. |
| F-Secure Network Request Broker | L | FNRB32.EXE | Related to F-Secure_Anti-Virus software. This File should be found in the Program Files\F-Secure\Common\ folder. |
| FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) | L | RNADiagReceiver.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) | L | RNADiagnosticsSrv.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| fan.eeewl.com | X | nsvce32.exe | Added by the TROJ_AGENT.IOF TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Fast Track Installer (FastTrackInstallerService) | L | GBInst.exe | Related to Fast_Track_USB from M-Audio. Note: Located in C:\Program Files\M-Audio Fast Track\ |
FastUserSwitchingCompatibil (Fast User Switching Compatibil) | X | svchost.exe | Added by the Troj/Keylog-AT TROJAN! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This trojan file is found in the Windows or Winnt folder. |
| Fear Service (FSVC) | X | fear32.exe | Added by the W32/Tilebot-T WORM! Note: This worm file is found in the Windows or Winnt folder. |
| Fiberlinkcomm Wireless Engine | L | BWEngine.exe | Related to Fiberlink's Extend360 TM mobile Note: Located in C:\Program Files\Fiberlink\Extend360\WENGINE2\ |
| FIFA WORLD CUP 2007 | X | fifa2007.exe | Added by the W32/Spybot-MQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\(XP/WinNT/2K) Steal information from Protected Storage and terminate certain anti-virus and security software |
| File and Folder Protector | L | ffpsrv.exe | Related to SoftHeap.Com a software shop of Atlantic Coast PLC http://www.softheap.com/ |
| FileCabinet CS Print Service (FCPrintService) | L | csifcsvc.exe | Related to FileCabinet_CS Print Service Note: Located in C:\%WINDIR%\ |
| FileChecker | L | filechecker.exe | Related to FileChecker from Javacool software. Watches important system files for changes, modifications, or tampering (by malicious programs). |
| FileZilla Server FTP server (FileZilla Server) | L | FileZilla Server.exe | Related to FileZilla A FTP and SFTP client for Windows from SourceForge.net |
| Firebird Guardian | L | fbguard.exe | Firebird Guardian |
| Firebird Server | L | fbserver.exe | Firebird Database Server |
| FireDaemon Service: events (events) | X | FireDaemon.EXE | Reported by Ewido security suite as Backdoor.SdBot.nj. Note: FireDaemon is a legitimate product that has been included, illegally, as part of the payload in a series of Worms and Trojans that exploit various security holes in Microsoft's Operating System products. For More information including cleanup Click_Here |
| FireDaemon Service: rundll (rundll) | X | FireDaemon.EXE | Reported by Ewido security suite as Backdoor.SdBot.nj. Note: FireDaemon is a legitimate product that has been included, illegally, as part of the payload in a series of Worms and Trojans that exploit various security holes in Microsoft's Operating System products. For More information including cleanup Click_Here |
| firefox auto update | X | firefox.exe | Added by the W32/Tilebot-DN WORM!, Note: Located in C:\%WINDIR%\ |
| Firewall service (FWSvc) | X | FWSvc.exe | Related to WinAntiVirus Pro - rogue "antivirus" |
| Fix-It Task Manager (mxserver) | L | mxserver.exe | Related to Ontrack Inc. Data Recovery service. |
| Flash Communication Admin Service (FlashComAdmin) | L | FlashComAdmin.exe | Appears to be modem driver related, Made by Macromedia, Inc. |
| Flash Communication Server (FlashCom) | L | FlashCom.exe | Appears to be modem driver related, Made by Macromedia, Inc. |
| FLEXlm server for PTC | L | lmgrd.exe | lmgrd.exe is a process associated with the Macrovision application-generic license server. |
| FLEXnet Licensing Service | L | FNPLicensingService.exe | Related to FLEXnet_Publisher from Macrovision. Note: Located in C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\ |
| Folder Size (FolderSize) | L | FolderSizeSvc.exe | Related to Folder_Size Adds an other column to your folder view. Note: Located in C:\Program Files\FolderSize\ |
Folding@Home (FAH@C:+FAH+fah-service+FAH502-Console.exe) | L | FAH502-Console.exe | Related to Stanford University - Folding@home is a distributed client computing effort by Stanford University http://tech-report.com/etc/folding/ |
| Font Cache Downlevel | L | FontCacheService.exe | Service installed by the Microsoft Avalon open beta. |
| ForceWare Intelligent Application Manager (IAM) | L | nSvcAppFlt.exe | Related to Nvidia Corp. Intelligent Application Manager. |
| ForceWare IP service (nSvcIp) | L | nSvcIp.exe | Related to Nvidia Corp. Network Access Manager. |
| ForceWare user log service (nSvcLog) | L | nSvcLog.exe | Related to Nvidia Corp. Network Access Manager. |
| Fortech Proxy+ | L | ProxyPlus.exe | FORTECH Ltd. http://www.proxyplus.cz/ |
| Fortinet Service Scheduler (FA_Scheduler) | L | scheduler.exe | Related to Fortinet security systems are the new generation of real time network protection systems. Note: located in C:\Program Files\Fortinet\FortiClient\ |
| Framework | O | srvany1234.exe | Unknown owner: Location C:\WINDOWS\system32\srvany1234.exe |
| Freeloader Monthly Subscription Service | L | Freeloader Monthly Subscription Service File.exe | Related to freeloader.com Online game services. |
| FreePOPs | L | freepopsservice.exe | FreePOPs is distributed by the GNU General Public License is intended to guarantee your freedom to share and change free software. Make sure your copy is not adware or includes a virus. Note: Located in C:\Program Files\FreePOPs\ |
| FreeSSHDService | L | FreeSSHDService.exe | Related to OpenSSH A free SSH/SecSH protocol suite providing encryption for network services like remote login or remote file transfer. Note: located in C:\Program Files\freeSSHd\ |
| FreezeScreenSaver | X | FreezeScreenSaver.exe | FREEZESCREENSAVER.EXE_is_Adware Note: Located in C:\WINDOWS\system32\ |
| frepdll.exe | X | FREPDLL.EXE | Added by the W32/Tilebot-D WORM! Note: Gives the fake description "ET dll Locator tool". Read the link, rootkit type stealth involved. |
| FS Service Control | L | NTServApp.exe | Related to ArchestrA Software architecture for the integration of your automation systems. |
| fsbwsys | L | fsbwsys.exe | Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder. |
| Fujitsu Services VPN Manager (FS_VPNmanager) | ? | FSVPNManager.exe | Appears to be software from Fujitsu |
| FUS_Server (USEPigeonServer) | X | FTPServer.exe | Added by the Troj/Hunpigon-RO TROJAN! Note: This trojan file is found in %windir% |
| FW Configuration Interpreter | L | UmxCfg.exe | Tiny Firewall |
| FW Event Manager | L | UmxAgent.exe | Tiny Firewall |
| FW Live Update | L | umxlu.exe | Tiny Firewall |
| FW Policy Manager | L | UmxPol.exe | Tiny Firewall |
| FW User to IP Address Translation | L | umxuta.exe | Tiny Firewall |
| FW User-Mode Helper (UmxFwHlp) | L | UmxFwHlp.exe | Tiny Software Firewall User-Mode Helper. Made by Tiny Software, Inc. A subsidiary of Computer_Associates_International The file associated with this service is located in the Program Files\Tiny Firewall folder. |
| fwnet64 (fwnet) | X | fwnet64.exe | Added by Backdoor.SDBot.gen Note: This worm\trojan is located in C:\%WINDIR%\ |
| FwSRService | L | fwsrservice.exe | CheckPoint SecuRemote |
| gb | X | ibm*****.dll | Trojan-PSW:W32/Sinowal.CP Read the link, steals information Note: ***** is a 5 digit random number |
| GB-PVR Recording Service | L | gbpvrrecordingservice.exe | Part of GB-PVR Personal video recorder software |
| GBPoll | L | GBPoll.exe | Seems to be Roxio GoBack related |
| GbpSv | X | svchost.exe | Troj/Banker-EFM Read the link, steals information Note: Located in %windir% |
| GCX Service | X | GCXSRVC.EXE | Added by the RBOT.CUE WORM! Read the link, rootkit type stealth involved. |
| GEARSecurity | L | GEARSEC.EXE | Related to GEAR software. |
| Gene6 FTP Server | L | G6FTPSERVER.EXE | Related to Gene6 Sarl. http://www.g6ftpserver.com/ |
| General Network Service | X | winsocks32.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| generic host process (svchost) | X | svchost.exe | Added by the W32/Tilebot-BB WORM! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Generic Host Process (svchost) | X | SVCHOST.EXE | Added by the SDBOT.CNK WORM! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
Generic Host Process For Win32 Services (Generic Host Process) | X | svchost.exe | Added by the W32/Tilebot-DM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
Generic Service for HID Keyboard Input Collections (GenericHidService) | L | HIDSERVICE.exe | Enhanced Driver for Keyboards and Windows http://www.microsoft.com/whdc/device/input/w2kbd.mspx |
| GFI LANguard N.S.S. 7.0 Attendant Service | L | lnssatt.exe | Related to GFI_LANguard_Network Security Scanner from GFi. Note: Located in C:\Program Files\GFI\LANguard Network Security Scanner 7.0\ |
| GFI LANguard System Integrity Monitor 3 agent service | L | cfservice.exe | GFI LANguard System Integrity Monitor is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. Made by GFI_Software_Ltd File location is in the Program Files\GFI\System Integrity Monitor 3 folder. |
| GhostStartService | L | GHOSTS~2.EXE | Related to Norton. GHOSTSTARTSERVICE is the background support task/service for Ghost for Windows. |
| Giga Pocket Hardware Detector | L | shwserv.exe | Sony computers |
| gldr | X | gldr.exe | Trojan Related |
| Google Updater Service (gusvc) | L | GoogleUpdaterService.exe | Related to Google_Updater_Service Note: Located in C:\Program Files\Google\Common\Google Updater\ |
| GoogleDesktopManager | L | GoogleDesktopManager.exe | Related to Google_Desktop_Manager Note: Located in C:\Program Files\Google\Google Desktop Search\ |
| GoToMyPC | L | g2svc.exe | Related to Citrix Online |
| GoverLAN Service (GOVsrv) | L | GOVsrv.EXE | Owner:PJ Technologies Inc. See_Here |
| Gray (Pigeon) | X | Scrsss.exe | Added by the Troj/GrayBrd-AM TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| GrayPigeonServer | X | in.exe | Added by a variant of the Troj/GrayBrd-AP TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| GrayPigeonServer | X | G_Server2006.exe | Added by the Troj/Graybrd-EI TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. More: delete this file also G_Server2006Key.DLL |
| GrayPigeon_Hacker.com.cn | X | winlogoin.exe | Added by the Troj/GrayBrd-BA TROJAN! Added by an unknown malware. Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder. |
| Gray_Pigeon (GrayPigeon) | X | .exe | Added by the Troj/GrayBrd-EH TROJAN! Note: This worm\trojan file is found in the Program Files folder. |
| Gray_Pigeon (GrayPigeon) | X | G_Server2.0.exe | Troj/Hupigon-CH Note: Located in %windir% Read the link, allows remote access |
| Gray_Pigeon_Serve (GrayPigeonServer) | X | G_Server.exe | Added by the Troj/Feutel-I or Troj/Feutel-AI TROJAN! |
| Gray_Pigeon_Server (GrayPigeonServer) | X | G_Server1.2.exe | Added by the Troj/GrayBrd-AP TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| Gray_Pigeon_Server1.236 (GrayPigeonServer1.236) | X | G_Server1.236.exe | Troj/Hupigon-RW Read the link, allows remote access |
| Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) | X | G_Server2.0.exe | Added by the Troj/GrayBird-O TROJAN! |
| GreenBorder Client Manager Service (clnt_ClientMan) | L | ClientMan.exe | Related to GreenBorder Secure your browsing activities on the internet. Note: Located in C:\Program Files\GreenBorder\ |
| GridIron X-Factor After Effects Peer #1 (XFACTORAE1) | L | xlr8d.exe | Related to GridIron Nucleo For digital post production professionals using Adobe® After Effects® on a multi-processor or new multi-core computer |
| Groove Installer Service | O | GrooveInstallerService.exe | ??? |
| GS30s | L | GS30s.exe | Related to Gizmo!_Secure USB flash drive software by Crucial |
| handle (handle) | X | handle.exe | Added by the SDBOT.CDD WORM! Read the link, rootkit type stealth involved. |
| Handling the DHCP requests (DHCP Client) | X | dhcpclient.exe | Most likely a W32.Toxbot_variant |
| Hardware Clock Driver (hwclock) | X | hwclock.exe | Added by the W32/Hwbot-A WORM! |
| Hardware Detection (Serv-U) | X | svchost.exe | Reported by Kaspersky Anti-Virus as Win32.Serv-U.gen Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This file is found in the System32\drivers\etc\data\ folder. |
| Hardware Monitor Service (Hardware Monitor) | X | mshms.exe | Added by the Troj/Wollf-A TROJAN! |
| Hardware Monitoring Program (ADMService) | L | admServ.exe | Related to Avocent Embedded Software and Solutions Division |
| Harmony | L | RSOBSERV.EXE | Related to Rockwell_Automation Inc. FactoryTalk suite |
| haxdrv | X | haxdrv.sys | Added by the Troj/Rootkit-U TROJAN! Read the link, rootkit type stealth involved. |
| hcalway | X | hcalway.sys | Added by the PigSearch Adware. Read the link, rootkit type stealth involved. |
| hexadecimal (HexadecimaRepresentation) | X | Edit.exe | Added by the W32/Sdbot-AAY WORM! Note: File name may be different. Read the link, rootkit type stealth involved. |
| HF30Service | L | HF30Service.exe | Related to Lock_Folder Password protection for files, folders, and drives. Note: Located in c:\Program Files\Everstrike Software\Hide Folder 3.1\ |
| hgz | X | Hacker.com.cn.exe | Added by a variant of the Troj/Feutel-CJ TROJAN Note: This worm\trojan is located in C:\%WINDIR%\HgzServer\ Folder. |
| Hibernation | L | hibserv.exe | Related to Compaq-Hewlett Packard hibernation service. |
| HICOM LAN Bridge VCapiDrv (vcapidrv) | ? | vcapintsvc.exe | Could be related to a new version of HICOM LAN Bridge? |
| HID Input Service WIN32 (HID_Input_Service_WIN32) | X | msiexecu.exe | Added by the Troj/Raser-AS TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Creates this file SndSystem.sys which acts as a rootkit. |
| HID Output Service (HODSrv) | X | hpsvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Horario de Windows | L | services.exe | Spanish Windows 2000 "windows time" |
| host (host) | X | host.exe | Added by the Troj/GrayBrd-AR TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| host Service For Windows (mshost) | X | mshost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Host Services (Host Services) | X | svhosts.exe | Added by the W32/Tilebot-AC WORM! Note: This is not the legitimate Windows process svchost.exe (Notice the difference in the spelling.) This worm\trojan file (svhosts.exe) is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Host Services (Host Services) | X | myhost.exe | Added by the W32/Tilebot-AT WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Hotplug Devices Manager | X | hotplug.exe | Added by the W32.Orpheus.A WORM! |
| Hotspot Shield Service (HotspotShieldService) | L | openvpnas.exe | Related to Hotspot_Shield helps secure your computer, your anonymity and your online communications when using free wi-fi. Note: Located in C:\Program Files\Hotspot Shield\bin\ |
| Houdini License Client (HoudiniServer) | L | hserver.exe | Related to Houdini_License_Server from Side Effects Software Inc. Note: Located in C:\WINDOWS\system32\ |
| Houdini License Server (HoudiniLicenseServer) | L | sesinetd.exe | Related to Houdini_License_Server from Side Effects Software Inc. Note: Located in C:\WINDOWS\system32\ |
| HP Configuration Interface Service | L | HPConfig.exe | HPConfig Module |
| HP Hard Drive Thermal | L | HDThermal.exe | Related to Hewlett-Packard company. |
| HP Insight Event Notifier (CIMnotify) | L | cimntfy.exe | Related to HP products |
| HP Insight Foundation Agents (CqMgHost) | L | cqmghost.exe | Related to HP products |
| HP Insight NIC Agent (CpqNicMgmt) | L | cpqnimgt.exe | Related to HP products |
| HP Insight Server Agents (CqMgServ) | L | cqmgserv.exe | Related to HP products |
| HP Insight Storage Agents (CqMgStor) | L | cqmgstor.exe | Related to HP products |
| HP OpenView Trace Service | L | OVTrace.exe | HP OpenView Internet Services |
| HP Port Resolver | L | hpbpro.exe | Related to Hewlett-Packard Company |
| HP ProLiant Remote Monitor Service (CpqRcmc) | L | CpqRcmc.exe | Related to HP_ProLiant_Remote_Monitor_Service Note: This file is located in C:\%WINDIR%\ |
| HP ProLiant System Shutdown Service (sysdown) | L | sysdown.exe | Related to HP products |
| HP RF Device Service | L | HpRfDev.exe | support for HP managing wireless devices |
| hp service (Hpsys) | X | hpsys.exe | Added by the W32/Codbot-AF WORM! Note: This service has nothing to do with HP. This worm\trojan file is found in the System32 folder. |
| HP Status | L | hpb2ksrv.exe | Related to Hewlett-Packard Company |
| HP Status Print | L | hpbhksrv.exe | Related to Hewlett-Packard company. |
| HP Status Server | L | hpboid.exe | Related to Hewlett-Packard Company |
| HP System Management Homepage (SysMgmtHp) | L | smhstart.exe | Related to HP products |
| HP Version Control Agent (cpqvcagent) | L | vcagent.exe | Related to HP products |
| HP WMI Interface (hpqwmi) | L | HPQWMI.exe | Related to Hewlett-Packard |
| hpdj | ? | hpdj.exe | Maybe HP related? Sits in TEMP folder. |
| hpdj | L | hpztsb04.exe | Hewlett Packard printer toolbox, sits in taskbar. Path to executable file - %windir%\system32\spool\drivers\w32x86\3\ |
| hpdriver | X | hpdriver.sys | Added by the Troj/Rootkit-AA TROJAN! Note: This trojan file is found in the System32 folder. Read the link, rootkit type stealth involved. |
| HpPrinter | X | hpserver.exe | Added by the Troj/CmjSpy-W Trojan! |
| hpqwmiex | L | hpqwmiex.exe | Related to HP_ProtectTools security manager |
| HPR34K8 | X | hpr34k8.sys | Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved. |
| HPWirelessMgr | L | HPWirelessMgr.exe | Located in HP Notebook Utilities - guessing for wireless connection. |
| HTTP SSL (HTTPFilter) | L | lsass.exe | Related to Application_Isolation_Mode_Functions Microsoft IIS 6.0. Note: Located in C:\%WINDIR%\System32\ |
| huapeak | ? | huapeak.exe | Unknown origin. |
| Hummingbird Inetd (HCLInetd) | L | inetd32.exe | Related to Hummingbird Ltd. - http://www.hummingbird.com/ |
| Hummingbird Jconfig Daemon (Jconfigd) | L | jconfigdnt.exe | Related to Hummingbird Ltd. - http://www.hummingbird.com/ |
| HXD Service 100 (HackerDefender100) | X | newka.exe | Virus http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39265 |
| H_Server (H_Server) | X | G_Server.exe | Added by the Troj/GrayBird-W TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| i386p | X | I386P.SYS | Added by the Backdoor.Rustock TROJAN! Found in the System32\drivers folder. Read the link, rootkit type stealth involved. |
| IAA Event Monitor | L | iaantmon.exe | Intel related |
| Iap | L | Iap.exe | Related to Dell OpenManage Client Instrumentation. |
| IBM Automatic Server Restart Executable (ibmasrex) | L | ibmasrex.exe | Unknown owner :Location C:\WINDOWS\system32\ibmasrex.exe Related to IBM servers. |
IBM CICS Transaction Gateway (IBMCICSTransactionGateway) | L | CTGSERVICE.EXE | Related to IBM Corp. |
| IBM CICS Universal Client (CICSClient) | L | cclserv.exe | Related to IBM Corp. |
| IBM Enterprise Extender (ldlcserv) | L | ldlcserv.exe | Related to IBM Corp. - http://www.anti-spy.info/process/ldlcserv.exe.html |
| IBM HDD APS Logging Service (TPHDEXLGSVC) | L | TPHDEXLG.EXE | Related to IBM's Active_Protection_System Made by the IBM_Corporation The file associated with this service is located in the System32 folder. |
| IBM KCU Service | L | TpKmpSVC.exe | related to IBM ThinkPad |
| IBM Mobility Client DHCP Control (artdhcp) | L | artdhcp.exe | Related to IBM_Mobility_Client DHCP Control Note: Located in C:\Program Files\IBM\Mobility Client\ |
| IBM MQSeries | L | amqsvc.exe | IBM WebSphere® MQ to exchange information across different platforms |
| IBM PM Service | L | ibmpmsvc.exe | Power management driver for IBM laptops |
| IBM PSA Access Driver Control | L | PsaSrv.exe | related to Professional Services Automation (PSA) from SharpOWL |
| IBM Rapid Restore Ultra Service | L | rrpcsb.exe | related to Xpoint Technologies |
| IBM Trace Facility (TrcBoot) | L | trcboot.exe | Related to IBM Corp. |
| IBM User Verification Manager | L | uvmserv.exe | Related to IBM_User_Verification_Manager (UVM) secure logon interface. Note: located in C:\Program Files\IBM\Security\ |
IBM WebSphere Application Server V5 - server1 (IBMWAS5Service - server1) | L | wasservice.exe | Related to IBM WebSpere server. |
| IBWin Service | L | IBWin Service.exe | Related to IBackUp_for_Windows Backup on character sets other than US/English. Note: Located in C:\Program Files\IBackup For Windows\ |
| iClarityQoSService | L | QosServM.exe | Related to Avaya_IP Softphone. Note: Located in C:\WINDOWS\system32\ |
| ICONICS License Server (GenRegistrar) (GenRegistrar) | L | GenRegistrarServer.exe | Related to ICONICS Inc. Visualization and Automation software products |
| ICQ Update Service (ICQUPD) | X | kpsf.sys | Detected as Backdoor.HackDefender. Rootkit type stealth involved. |
| ICRAplus | L | ICRAplus.exe | Related to ICRAplus internet filter, parental control etc. Note: Located in C:\Program Files\ICRAplus\ICRAplus\ |
| icrss manager 32bit (icrss) | X | icrss.exe | Added by the W32/Rbot-FZB WORM! Note: Located in C:\WINDOWS\system\ |
| icservice - ONTRACK Data International, Inc. | L | icserv.exe | Related to SuperAdBlocker |
| iD2 Smart Card Server (id2scaps) | L | id2scaps.exe | iD2 is a client product that brings security, user authentication and digital signatures to standard Internet browsers by utilising Smart Cards and the client-side of the SSL protocol. |
| ieupdater (Microsoft IE Updater) | X | ieupdate.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Documents and Settings\user name\Local Settings\Temp\ |
| ieupdater1 (Microsoft IEUpdater1) | X | ie_updater.exe | Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\ |
| ieupdater2 (Microsoft IE Updater2) | X | ~tmp0374.exe | Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Documents and Settings\(user name)...\ Note: filename is random. |
| ieupdater2 (Microsoft IEUpdater2) | X | ie_updater.exe | Added by the Troj/Bckdr-QGB TROJAN! Note: This Trojan is located in C:\ ROOT folder. |
| ieupdater21 (Microsoft IEUpdater21) | X | ie_updater.exe | Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\ |
| ieupdater22 (Microsoft IEUpdater22) | X | ie_updater.exe | Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\ |
| iexplorer (iexplorer) | X | iexplorer.exe | Added by the Troj/Singu-U TROJAN! Note: This trojan file is found in the System32 folder |
| IgniteService.exe | L | IgniteService.exe | Related to Accenture_Media_Viewer |
Image Converter video recording monitor for VAIO Entertainment | L | IcVzMon.exe | Related to Sony_VAIO computers. |
| ImagePath (VGADown) | X | avp.exe | Troj/Maran-AA Read the link, steals information |
| ImagePath (win32ssr) | X | win32ssr.exe | Added by the W32/Sdbot-AMA WORM! Read the link, rootkit type stealth involved. |
| IMail FINGER Server (FINGRD32) | L | FINGRD32.exe | Related to Ipswitch Inc. Network Management. |
| IMail IMAP4 Server (IMAP4D32) | L | IMAP4D32.exe | Related to Ipswitch Inc. Network Management. |
| IMail LDAP Service (OpenLDAP-slapd) | L | slapd.exe | Related to Ipswitch Inc. Network Management. |
| IMail Monitor Service (IMONITOR) | L | IMonitor.exe | Related to Ipswitch Inc. Network Management. |
| IMail POP3 Server (POP3D32) | L | POP3D32.exe | Related to Ipswitch Inc. Network Management. |
| IMail PWD Server (PSERVE) | L | PSERVE.exe | Related to Ipswitch Inc. Network Management. |
| IMail Queue Manager Service (QUEUEMGR) | L | queuemgr.exe | Related to Ipswitch Inc. Network Management. |
| IMail SMTP Server (SMTPD32) | L | smtpd32.exe | Related to Ipswitch Inc. Network Management. |
| IMail Sys Logger Service (SYSLOGD) | L | SYSLOGD.exe | Related to Ipswitch Inc. Network Management. |
| IMail Web Calendar Service (IWEBCAL) | L | IWebCal.exe | Related to Ipswitch Inc. Network Management. |
| IMail Web Service (IWEBMSG) | L | iwebmsg.exe | Related to Ipswitch Inc. Network Management. |
| IMail WHOIS Server (WHOISD32) | L | WHOISD32.exe | Related to Ipswitch Inc. Network Management. |
| IMAPI CD-Burning COM Service | L | ImapiRox.exe | IMAPI CD-Burning COM Service |
| IMAPI CD-Burning COM Service (ImapiService) | L | imapi.exe | Related to recording of CDs. |
| IMountSRV | L | IMountSRV.exe | Related to Paragon hard_disk_manager |
| Inbound Distributor Service | L | inbounddistributorservice.exe | Related to Inbound_Logistics |
| InCD File System | L | InCDsrv.exe | InCD Packet Writer related. |
| InCD Helper | L | InCDsrv.exe | InCD Packet Writer service from Nero Burning ROM (Ahead Software) |
| Independent Management Architecture (IMAService) | L | ImaSrv.exe | Related to Citrix MetaFrame |
| Index Service (b3) | X | dllhost32.exe | Added by the WORM_AGOBOT.CH WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Indexing Helps (Indexingbox) | X | svchest.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More] here |
| Indexing The System Files (Indexing Service) | X | winupdatez.exe | winupdatez.exe |
| Indexings Services | X | systen32.exe | Added by a variant of the W32/SDBOT WORM! Note: C:\Program Files\Common Files\Microsoft Shared\MSINFO\ |
| Inicio de sesiĂłn red | L | lsass.exe | Spanish Windows 2000 net logon |
| Input Service (Input_Service) | X | msiexecu.exe | Added by a variant of the Troj/Raser-AS TROJAN. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Input Virtual Component (AVCMSC) | X | msipsvc.exe | Added by a variant of the SdBot.aad family of TROJAN! Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Install Driver Manager (Install Driver Table Manager) | X | wpablan.exe | Added by the W32/Sdbot-CWR TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder. |
| InstallDriver Service (ISDS) | X | csscv.exe | Added by the W32/Sdbot-CPL WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| InstallDriver Table Manager | L | IDriverT.exe | Related to Macrovision Corporation. |
| InstallShield Licensing Service | L | InstallShield Licensing Service.exe | Related to InstallShield_Licensing_Service from Macrovision. Create high-quality software installation engines. |
| Instantáas de volumen | L | vssvc.exe | Volume Shadow Copy Service found in Windows XP and 2003. |
| Instrumental de administraciĂłe Windows | L | WinMgmt.exe | Spanish Windows 2000 windows management instrumentation |
| Integrated Multimedia Server | L | ImmsService.exe | Related to Integrated_Multimedia_Server MultiMedia Router from NetGear. Note: Located in C:\Program Files\NETGEAR\MEDIAS~1\ |
| Intel Alert Handler | L | hndlrsvc.exe | Related to Intel Corp. |
| Intel Alert Originator | L | iao.exe | Related to Intel Corp. |
| Intel CI Manager | L | CiMgrLdr.exe | Related to Intel Corp. |
| Intel Client Instrumentation for DMI (ni_nic) | L | ni_nic.exe | Intel Client Instrumentation for DMI |
| Intel File Transfer | L | xfr.exe | Related to Intel Corp. |
| Intel IIDS | L | IIDS.exe | Related to Intel Corp. |
| Intel Local Scheduler Service | L | LOCALSCH.EXE | Part of LANDesk Management Suite. |
| Intel NCS NetService (NetSvc) | L | NetSvc.exe | Intel NCS NetService |
| Intel PDS | L | pds.exe | Related to Intel Corp. |
| Intel QIP Client Service | L | QIPCLNT.EXE | Part of LANDesk Management Suite. |
| Intel Speedstep Technology | X | intelst.exe | Win32/IRCBot.worm.128512.H |
| Intel SSM | L | ssm.exe | Related to Intel Corp. |
| Intel Targeted Multicast | L | tmcsvc.exe | Part of LANDesk Management Suite. |
| Intel(R) NMS | L | NMSSvc.exe | NIC Management Service - diagnostics program for Intel Pro family network cards |
| Intel® Active Monitor (imonNT) | L | imonnt.exe | http://www.liutilities.com/products/wintaskspro/processlibrary/imonnt/ |
| Intel® NMS | L | NMSSvc.exe | Related to Intel Corp. |
| Intel® Alert Service (AlertService) | L | AlertService.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\CCU\ |
| Intel® Application Tracker (MCLServiceATL) | L | MCLServiceATL.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\ |
| Intel® Desktop Utilities Service (iHCService) | L | IDUServ.exe | Related to Intel® Desktop_Utilities service from OSA Technologies. Inc. Note: Located in C:\Program Files\Intel\IDU\ NoteNow owned by Avocent_Corporation, http://www.avocent.com/web/en.nsf/Content/04072004-F |
| Intel® Quick Resume Technology Drivers (ELService) | L | ELService.exe | Related to Intel® _Quick_Resume_Technology Drivers. Note: Located in C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ |
| Intel® Remoting Service (Remote UI Service) | L | Remote UI Service.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\ |
| Intel® Software Services Manager (ISSM) | L | ISSM.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ |
| Intel® Viiv™ Media Server (M1 Server) | L | mediaserver.exe | Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ |
| Interbase Guardian | L | ibguard.exe | Interbase database server related |
| InterBase InterClient Server | L | interserver.exe | Interbase database server related |
| InterBase Server | L | ibserver.exe | Interbase database server |
| Internet Connection Manager | X | (random name).exe | Troj/Agent-ELW |
| Internet Connection Monitor Engine | L | ICMNT.EXE | User reports that it's for a Home Router from Deerfield Communications www.deerfield.com/ |
| Internet Explorer (Internet Explorer) | X | Internet.exe | Added by the Troj/Feutel-AA TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| Internet Proxy | L | InternetProxy.exe | Related to ICRAplus internet filter, parental control etc. Note: Located in C:\Program Files\ICRAplus\ICRAplus\ |
| Internet Service Manager (INETSVC) | X | INETSVC.EXE | Added by the Backdoor.Win32.SdBot.xd detected by Kaspersky More: Here Note: This worm\trojan is located in C:\%WINDIR%\ |
| Internet TCP Protocol (Win_ad) | X | TCPServer.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\wadsys\ (Win9x/Me), C:\%WINDIR%\wadsys\ (XP/WinNT/2K) |
| internew (internew) | X | system.exe | Added by the Troj/Cmjspy-BN TROJAN! |
| InterPlot IMF Printer Driver Service | L | pidrpcs.exe | InterPlot device drivers - See Here InterPlot/Overview.htm |
| Intespention (Win32) | X | IEXPLORE.exe | Added by the W32/Forbot-FL WORM! |
| Intranet Service (IntranetService) | X | intranet.exe | Owner:Brought to you by the Bandwidth Bandits. Location: C:\WINDOWS\SYSTEM32\intranet.exe |
| Intuit Entitlement Service v2 | L | Intuit.Spc.Map.EntitlementClient.Server.Service.exe | Related to Intuit_Entitlement_Service Installed with Intuit QuickBooks Point Of Sale software. Note: Located in C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\ |
| Intuit QuickBooks FCS (QBFCService) | L | Intuit.QuickBooks.FCS.exe | Part of Intuit QuickBooks software |
| InVircible Scheduler (IVScheduler) | L | IVSCHED.EXE | Security software package to protect personal computers and PC networks. Owner: NetZ Computing Ltd. Israel. InVircible |
| iolo DMV Service (ioloDMV) | L | ioloDMVSvc.exe | Part of system mechanic |
| iolo System Guard | L | IoloSGCtrl.exe | Related to System_Mechanic by Iolo |
| Iomega Active Disk | L | ADService.exe | Related to Iomega Corporation |
| Iomega Activity Disk2 | L | ActivityDisk.exe | ActivityDisk Iomega Corporation SmartSoft ActivityDisk |
| Iomega App Services | L | AppServices.exe | Iomega related |
| IomegaAccess | L | IOMEGAACCESS.EXE | related to Iomega Backup |
| ION Java Daemon 2.0 | L | ion_srv.exe | Related to ITT_Visual_Information_Solutions ION Script is a powerful tool for creating Web-based IDL visualization and analysis applications. Note: Located in C:\Program Files\RSI\IDL60\products\ion20\ion_java\bin\ |
| ION Java Daemon 6.1 | L | ion_srv.exe | Related to ITT_Visual_Information_Solutions ION Script is a powerful tool for creating Web-based IDL visualization and analysis applications. Note: Located in C:\Program Files\RSI\IDL61\products\ion61\ion_java\bin\ |
| Ip4Sec (Ip4Sec) | X | ip.sys | Added by the Satiloler.E TROJAN! Read the link, rootkit type stealth involved. |
| Ip6Fw | X | ip6fw.sys | Troj/Agent-ELV |
| iPAHelper.exe | L | iPAHelper.exe | Related to iPod_Access for Windows. Note: Located in C:\Program Files\iPod Access for Windows\ |
| iPassConnectEngine | L | iPassConnectEngine.exe | Related to iPassConnect Universal Client. iPass addresses the needs of both users and IT by making safe, simple and effective network access a reality, no matter where end users are located. Note: Located in C:\Program Files\iPass\iPassConnect iRAS\ |
| iPod Service | L | iPodService.exe | Related to Apple iPod. |
| iPodSrv | L | iPodSrv.exe | Related to iPod Apple software. Note: located in C:\Program Files\iPod\bin\ in Windows 2000/XP/2003. |
| IPODT1000 (ssipod1) | | ssipod1.sys | Troj/Goldun-FI |
| IPRIP | X | ipripst.dll | Detected as W32/Mofei-V Located in \ipripst.dll |
| IPRIP (IPRIP) | X | svchost.exe -k netsvcs | Added by the Backdoor.Ripgof TROJAN! Read the link, rootkit type stealth involved. |
| IPS Core Service (IPSSVC) | L | IPSSVC.EXE | A VPN client service found in Lenovo Thinkpad. Note: located in C:\WINDOWS\system32\ |
| Ipswitch WS_FTP Queue (ftpqueue) | L | ftpsched.exe | Related to Part of WS_FTP Pro from Ipswitch. Note: Located in C:\Program Files\WS_FTP Pro\ |
| Ipswitch WS_FTP Service (iFtpSvc) | L | iFtpSvc.exe | Related to Ipswitch_WS_FTP The main exe file of WS-FTP server. Note: Located in C:\iFtpSvc\ |
| IPtable | X | ipconfig32.exe | Added by the W32/Tilebot-AP WORM! Note: This worm file is found in the Windows or Winnt folder. |
| IPv6 Helper Driver | X | csass.exe | Added by the AGOBOT.TC WORM! |
| IPX/SPX (NWLink) | X | usbmini.sys | Troj/Proxy-CY Note: Located in %windir%\system32\drivers Read the link, allows remote access |
| IrBridge User-Level Interface (USRBRIDG) | L | usrbridg.exe | Related to the Extended Systems infrared port, made by Extended_Systems Inc. This file should be located in the Windows\System32\ or Winnt\System32 folder. |
| ISAM SMT Service (ISAMsmt) | L | isamsmt.exe | Related to IBM Global Services - http://www.anti-spy.info/process/isamsmt.exe.html |
| iSeries Access for Windows Remote Command (Cwbrxd) | L | CWBRXD.EXE | Related to IBM Corporation. http://www.ibm.com/ |
| ISEXEng | X | angelex.exe | Bargain Buddy variant |
| ISP Ampi Service | X | isampi.exe | Added by the W32/Tilebot-JJ WORM! Note: This worm is located in C:\%WINDIR%\ Read the link, allows remote access |
| ISSI EZUpdate (ISSIMon) | L | issimsvc.exe | Related to Ibm_Global_Services Used internally by IBM for automatic updating of software and microsoft patching Note: Located in c:\sdwork\ |
| ISSvc | L | ISSVC.exe | Related to Norton Internet Security |
| Italian Grand Prix | X | grand.exe | Added by the W32/Spybot-MK WORM! Note: C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| iTunes Music Service (iTunesMusic) | X | iTunesMusic.exe | Added by W32.Spybot.NLX WORM! Rootkit Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| IWin service | X | iwinapp.exe | Added by a variant of the Trojan/Backdoor TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Ixia Endpoint (IxiaEndpoint) | L | endpoint.exe | Added by Ixia_Endpoint Note: Located in C:\PROGRA~1\NetIQ\Endpoint\ |
| Jaguar | L | jagsrv.exe | Related to Sybase_EAServer Note: Located in C:\Sybase\EAServer\bin\ |
| Java development Services | X | logins32.exe | Added by the W32/Tilebot-HC WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Steal information from Protected Storage |
| Java development Services | X | windows.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Java inetice | X | realetin.exe | Added by the Troj/Bckdr-PQM TROJAN! Note: This worm\trojan is located in C:\Program Files\Common Files\Microsoft Shared\MSINFO\ |
| Java Sun Scheduler (JUSCHED) | X | jusched.exe | Added by the W32/Sdbot-CQC WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. More here |
| JavaPlatform64 | X | JavaPlatform | Added by the W32/Kassbot-M WORM! Note: Located in C:\%WINDIR%\ |
| JiurlPortHide (JiurlPortHide) | X | JiurlPortHide.sys | Added by the Troj/Progent-A TROJAN! |
| jsdaemon | L | jsdaemon.exe | Related to fax service from JetFax Inc. |
| Juniper Network Connect Service (dsNcService) | L | dsNcService.exe | Related to Juniper Networks Inc. Networking Platform. |
| K4NV | X | k4nv.exe | Added by a variant of the Trojan.K4NV.Process WORM! Note: located in C:\WINDOWS\k4nv.exe |
| K9 Time Synchronization | L | k9nt.exe | Related to HC Mingham-Smith Limited http://www.kaska.demon.co.uk/history.htm |
| Kaseya Agent | L | AgentMon.exe | Related to Kaseya Inc. |
| Kaspersky Anti-Virus 6.0 (AVP) | L | avp.exe | Related to Kaspersky_Anti-Virus Note: Located in C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ |
| Kaspersky Anti-Virus Service (KLBLMain) | L | kavmm.exe | Related to Kaspersky virus removal program. |
| KAV Monitor Service | L | avpm.exe | Kaspersky AntiVirus |
| kavsvc | L | kavsvc.exe | Kaspersky AntiVirus |
| kbdrv64 | X | KBDRV64.SYS | Added by the TROJ_ROOTKIT.K TROJAN! Read the link, rootkit type stealth involved. |
| kdc | X | svchost.exe -k kdc | Added by the Fuwudoor TROJAN! |
| Kerberos Key Transaction Coordinator (kerbkey) | L | kerb.exe | Verify one computer's identity to another and to set up encryption keys for a secure connection between them. http://www.computerworld.com.au/index.php/id;886626422;fp;512;fpid;6860893 |
| Kerio MailServer (KerioMailServer) | L | mailserver.exe | Related to Kerio_MailServer Note: Located in C:\Program Files\Kerio\MailServer\ |
| Kerio Personal Firewall | L | persfw.exe | Kerio Firewall |
| Kerio Personal Firewall 4 (KPF4) | L | kpf4ss.exe | Related to Kerio Personal FireWall. |
| Kernell32 | X | termsv.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Keyboard Service System Files (Keyboard Service) | X | navupdate64.exe | Added by a variant of the WIN32.RBOT WORM! Note: This worm file is found in the System32 folder. |
| Kingsoft Antivirus KWatch Service (KWatchSvc) | L | KWatch.EXE | Related to Kingsoft_Antivirus virus protection and content filtering. Note: located in C:\KAV****\ [* = 4 digits representing the year.] |
| Kingsoft Personal Firewall Service (KPfwSvc) | L | KPfwSvc.EXE | Related to Kingsoft_Antivirus virus protection and content filtering. Note: located in C:\KAV****\ [* = 4 digits representing the year.] |
| kingxxx | X | svchost.exe | Troj/PWS-ACY , http://www.sophos.com/security/analyses/trojpwsacy.html Note: Located in %programfiles%\windows media player |
| Knob Service (KNOBSERV) | L | KnobService.exe | File belongs to Acer_Inc |
| Kodak Camera Connection Software | L | KodakCCS.exe | Kodak Software to connect digital cameras |
| konfig | L | mcp.exe | Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin |
KONICA MINOLTA PageScope Net Care (PageScope Net Care Service) | L | JavaService.exe | Related to KONICA_MINOLTA_PageScope a client-server network printer management utility included with all KONICA MINOLTA printers. Note: Located in C:\Program Files\KONICA MINOLTA\PageScope Net Care\ |
| KSD2Service | X | ravsvc.exe | Win-Trojan/Downloader.8804 |
| KSD2Service | X | notaped.exe | Troj/DownLd-ABB |
| KSD2Service | X | WINL0GON.exe | Troj/Dloadr-AXH |
| KService | ? | KService.exe | Added by KService It's part of a peer to peer package people agree to when signing up with 'Sky By Broadband' but it seems to be causing afew concerns over bandwidth use, the recurring issue when this is in logs is slow speeds, it doesnt uninstall when you remove Sky By Broadband and does not have a Add/Remove screen entry but it is a genuine service as Sky clearly state what it is on their site and in the terms and conditions. Removal Application provided by Sky READ_THE_INSTRUCTIONS Note: Located in C:\Program Files\KService\ |
| KService | L | KService.exe | "Kontiki Delivery Management System" The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers" NoteLocated in C:\Program Files\Kontiki |
| LANDesk Remote Control Service (ISSUSER) | L | issuser.exe | Related to LANDesk_Remote_Control Service. Note: Located in C:\Program Files\LANDesk\LDClient\ |
| LANDesk® Management Agent | L | residentagent.exe | Part of LANDesk Management Suite. |
| lanmandrv | X | lanmandrv.sys | Troj/Agent-ELF |
| LanSafe Power Monitor (LanSafe PM) | L | PowerMonitor.exe | Related to LanSafe_Power_Monitor from Powerware. Uninterruptible Power Supply Note: Located in C:\Program Files\Powerware\LanSafe\Bin\ |
| LanSafe Process Manager | L | xyntservice.exe | Related to LanSafe_Process_Manager from Powerware. Uninterruptible Power Supply Note: Located in C:\Program Files\Powerware\LanSafe\Bin\ |
| Lavasoft Personal Firewall Service (LavasoftFirewall) | L | lpfw.exe | Related to Lavasoft_Personal_Firewall service. Note: Located in C:\Program Files\Lavasoft\Personal Firewall\ |
| LckFldService | ? | LckFldService.exe | ? Could be related Proland Software. ? - http://www.pspl.com/ |
| LCS | L | lcs.exe | Related to 3Com Wireless USB Utility Located in C:\Program Files\3COM Technology Corporation |
| LEC TranslateDotNet Server | L | LogoMedia TranslateDotNet Server.exe | Translates email, web pages, documents and instant messages. Made by the Language Engineering Company, for more information Click_Here File location is in the Program Files\Power Translator folder. |
| Leica Microsystems Data Container V1 | L | LMSDataContainerServer.exe | Related to Leica_Microsystems Now Vistec_Semiconductor_Systems advanced technologies in optics. |
| Lexar JD31 (LxrJD31s) | L | LxrJD31s.exe | Lexar "JumpDrive" driver. From Lexar_Media_Inc |
| Lexar Secure II (LxrSII1s) | L | LxrSII1s.exe | Related to Lexar_Media Inc. removable flash memory cards, USB flash drives, card readers etc... |
| Lexar SG20 | L | LxrSG20s.exe | Related to Lexar_Media Inc. Lexar offers a wide range of storage products. Note: Located in C:\WINDOWS\SYSTEM32\ |
| LexBce Server | L | LEXBCES.EXE | Lexmark Printer Service |
| LibUsb-Win32 - Daemon, Version 0.1.8.0 | L | libusbd-nt.exe | LibUsb open-source USB driver |
| LicCtrl Service | L | runservice.exe | Part of the eLicense Copy Protection scheme employed by some software and games. (Castlecops Startup List) |
| License Agent | L | cla.exe | License Agent for the HiPath 1220 digital PBX system from Siemens. For more information Click_Here File location is in the Program Files\Licensing\License Agent\bin folder. |
| License Management (CLMTomcatStarterSvc) | L | tomcat.exe | Related to Apache_Tomcat Owner: Alexandria Software Consulting. |
| License Management Service ESD | L | Licence Manager ESD.exe | Related to the Licence_Manager_ESD.exe is the element5 License Management Service, used by some software for license checking and management. Leave it alone to ensure the software installed on your computer working properly. Note: located in C:\Program Files\Common Files\element5 Shared\Service\ |
| LicenseManagerSocket | L | LicenseManagerSocket.exe | Related to UIC License Manager a propriatiry Sofstware. Used to activate a software on customer computers for a specified length of time. Note: Located in C:\Program Files\Universal Instruments\License Manager\ |
LightScribeService Direct Disc Labeling Service (LightScribeService) | L | LSSrvc.exe | LightScribe related to Hewlett Packard |
| LiveShare P2P Server | L | RoxLiveShare.exe | Related to Roxio_Inc |
| LiveShare P2P Server 9 (RoxLiveShare9) | L | RoxLiveShare9.exe | Related to Roxio_Inc |
| LiveUpdate | L | LUCOMS~1.EXE | Related to Norton Internet securty suite and provides up to date antivirus data for your Norton Anti-virus product. (Filename is LUCOMSERVER.EXE, or LUCOMSERVER_2_5.EXE) |
| LiveUpdate Notice Service | L | PIFSvc.exe | Related to LiveUpdate_Notice_Service from Symantec Note: Located in C:\Program Files\Common Files\Symantec Shared\PIF\ |
| LmHosts | X | svchost.exe -k LmHosts | Added by the Fuwudoor TROJAN! |
| LMMng (memlow) | X | memlow.sys | Added by the Troj/Haxdoor-AA TROJAN! |
| Loading Outpost Connections | X | cmdtel.exe | Win32.Bagz.i email virus |
| Local Network Service (algs) | X | gettfo.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. The filename can be different |
| Local Security Authority Server (LSaServ) | X | lsasrv.exe | Detected as W32/Hupigon.gen76 by F-Secure Note: Located in %windir%\cursors |
| Local Security Authority Subsystem Library (LSA Server) | X | lsasrv.exe | Added by the Win32/Amahkey.F TROJAN! Note: This trojan is located in C:\%WINDIR%\ |
| Local Security Authority Subsystem Service (lsass) | X | lsass.exe | Added by the W32/Tilebot-AK or W32.Spybot.ABDO WORM! Note: This is not the legitimate Windows process lsass.exe (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. |
| Local Security Authority System Service (lsass) | X | lsass.exe | Added by the W32/Rbot-AJA WORM! Note: This is not the legitimate Windows process lsass.exe (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Local Security Policy (Windows Local Security Policy) | X | wpablan.exe | Unidentified SDbot, probable variant of "W32/Sdbot-CWR". |
| Local Service (LocalSystem) | X | chfmon.exe | Added by the W32/Agobot-AIM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Read the link, allows remote access, steal information ... |
| Logical Disk Manager Administrative Service | L | dmadmin.exe | Veritas logical disk manager |
| Logitech (Logitech Checker) | X | logitech.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| Logitech Bluetooth Service (LBTServ) | L | LBTSERV.EXE | Related to bluetooth products from Logitech |
| Logitech MM50 Kernel Drivers | X | mm50krnl.exe | W32/Spybot-NT Read the link, allows remote access |
| Logitech Process Monitor (LVPrcSrv) | L | LVPrcSrv.exe | Related to Logitech QuickCam Provides additional configuration options for these devices. |
| LogMeIn | L | LogMeIn.exe | Related to LogMeIn LogMeIn Rescue is used by IT helpdesks to provide instant remote support to customers and employees. Note: located in C:\Program Files\LogMeIn\ |
| Logon Process (WinLogon) | X | winlogon.exe | Added by a the Win32.IRCBot.zx Spyware WORM! a variant of the W32/IRCBot-UN Note: This worm\trojan is located in C:\%WINDIR%\ |
| LOGON suport service | X | IES4SERVICE.SYS | Added by the Goldun.G TROJAN! Note: This trojan file is found in the System32 folder. |
| Logon Task Manager | X | symon.exe | Added by the Worm_Ircbot_Gen TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Logon Terminal Manager | X | spoolsc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| LogonSvc (LogonSvcID) | L | logonsvc.exe | Related to E-Pop web conferencing Note: Located in C:\Program Files\E-Pop\ |
| Lookout Citadel Server (LkCitadelServer) | L | lkcitdl.exe | Related to Lookout_Citadel_Server From National Instruments, Inc. Note: Located in C:\WINDOWS\system32\ |
| Lotus Notes Single Logon | L | nslsvice.exe | IBM Lotus Notes Single Logon Service - http://www.anti-spy.info/process/nslsvice.exe.html |
| Lpdriver (Lpdriver) | X | lpdriver.sys | Added by the W32/Tilebot-H or W32/Sdbot-ADG WORM! Note: This worm file is found in the System32 folder. |
| LSA Server | X | lsasrv.exe | Win32/IrmBot.worm.215040 Note: Located in %windir% |
| LSA Shel (Export Version) | X | lsass.exe | Added by the W32/Tilebot-HQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| LSA Shell Export-Version | X | lsass.exe | Added by the W32/Tilebot-IU WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| lsass (lsass) | X | lsass.exe | Added by the W32/Rbot-AIC WORM! Note: This is not the legitimate Windows process. (Which is always found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| lsass (Workstations) | X | autoexec.exe | Added by the W32/Sdbot-AFN WORM! Note: This worm file is found in the System32 folder. |
| LsassFTP daemon (LsassFTPD) | X | LsassFtpd.exe | Added by the SDBOT.CDW WORM! Read the link, rootkit type stealth involved. |
| LsassFTPzz daemon (LsassFTPDzz) | X | LsassFtpdz.exe | Added by the W32/Rbot-ARL WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Lsdiorw | L | lsdiorw.exe | Part of macdisk |
| LVSrvLauncher | L | SrvLnch.exe | Related to Logitech products |
| LWWLicenseService | L | LWWLicenseService.exe | Related to Wolters_Kluwer The Professional's First Choice for information, tools and solutions that help professionals make their most critical decisions. Note: located in C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\ |
| lxbs_device | L | lxbscoms.exe | Related to LXB_Device LXB provides, secure backup. |
| lxbt_device | L | lxbtcoms.exe | Lexmark International services. http://www.lexmark.com/ |
| lxbu_device | L | lxbucoms.exe | Related to Lexmark Printers. Provides additional configuration options for these devices |
| lxbx_device | L | lxbxcoms.exe | Related to Lexmark International, Inc Printer service. Note: located in C:\WINDOWS\System32\ |
| lxby_device | L | lxbycoms.exe | Related to Lexmark Printer service. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| lxcc_device | L | lxcccoms.exe | Related to Lexmark International, inc. Communication module for Lexmark products. Disabling will cause loss of functionality. |
| lxcd_device | L | lxcdcoms.exe | Related to Lexmar Lexmark International, Inc. Printers Note: Located in C:\WINDOWS\System32\ |
| lxce_device | L | lxcecoms.exe | Related to Lexmark, Inc. printers |
| lxcf_device | L | lxcfcoms.exe | Lexmark printer related |
| LXCGCustomerConnect | L | LXCGserv.exe | Related to Lexmark_Inkjet_printer Spool driver. Note: Located in C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ |
| lxcg_device | L | lxcgcoms.exe | Related to Lexmark printer |
| lxcr_device | L | lxcrcoms.exe | Related to Lexmark 2400 series printer monitor software. Disabling will cause loss of functionality. Note: Located in C:\Program Files\Lexmark 2400 Series\ |
| lxct_device | L | lxctcoms.exe | Related to Lexmark_International and its printer services. red]Note: Located in C:\WINDOWS\SYSTEM32\ |
| Lync USB Auditor Service (LyncUSBServ) | L | lyncusb.exe | Related to Lync_USB A toolkit that delivers an integrated removable media device discovery and auditing solution for enterprise IT management applications. |
| M-Audio CMIDI Installer (MA_CMIDI_InstallerService) | L | MA_CMIDI_Inst.exe | Related to M-Audio_CMIDI Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio MA_CMIDI\ |
M-Audio Fast Track Installer (FastTrackInstallerService) | L | MAUSBFTInst.exe | Related to M-Audio_Fast_Track Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio\Fast Track USB\ |
| M-Audio Ozone Installer (OzoneInstallerService) | L | ozinst.exe | Related to M-Audio_Ozone products. Note: Located in C:\Program Files\M-Audio\Ozone\Install\ |
| M-BUS/M-NET Administration (MCONTROL) | L | mcontrol.exe | Related to Siemens Energy & Automation Platform. Note: located in C:\Program Files\ProcessSuite\MBUSDRVR\ |
| M1 Licensing Helper (iLicenseSvc) | L | iLicenseSvc.exe | Related to Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\WINDOWS\Intellution\ |
| mac128 | X | mac128.sys | Added by the Troj/Klutz-A Trojan! |
| MacFormatService | L | FORMATM.EXE | Related to Conversions Plus from DataViz |
| Machine Debug Manager (MDM) | L | mdm.exe | Visual studio debuger, if you install vs2003, mdm.exe is found in c:/program files/common files/microsoft shared/vs7debug For more info Click_Here |
| Macromedia Licensing Service | L | Macromedia Licensing.exe | Related to Macromedia products: Flash, Dreamweaver, etc. |
| Macromedia Updater (mmupdate) | X | 19D.tmp".exe | Added by a variant of the Win32.Small.oa TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ The filename is randum in the format xxxx.tmp".exe |
| MagicTuneEngine | L | MagicTuneEngine.exe | Related to MagicTune_Engine from Samsung. Magic Tune Premium is an update of MagicTune 3.6 for Samsung monitors. Note: Located in C:\Program Files\MagicTune Premium\ |
| Mailgate Mail/Proxy Service | L | mgatesvc.exe | Mailgate Internet Connectivity Server |
| Manageer Network Connections | X | telcmd.exe | BAD - Look how manager is spelled. |
| Manageer Network Connections (Kern32) | X | telcmd.exe | A new service added by the Troj/Agent-CP TROJAN, with a display name of Manageer Network Connections. |
| Manager (Windows XP Manager) | X | msnmgr.exe | Added by the W32/Kassbot-L Read the link, rootkit type stealth involved. |
Managing FAT and NTFS partitions (Defragmentation Manage) | X | dfrgfat16.exe | Added by the W32/Codbot-N WORM! |
| Mangomind Drive Repair (MindRepair) | L | dirtcon.exe | Related to Mangomind access your business critical files from anywhere, at any time, from any computer. Note: Located in C:\Program Files\Mango\Mind\Utilities\ |
| mapi Helper | L | ImapiHelper.exe | ISO recorder |
| MarkVision Server (MvServer) | L | lexmvservice.exe | Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\ |
| MarkVision Web Server (MvWebServer) | L | lexwebservice.exe | Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\ |
| Mass Effect(TM) Xbox 360 | X | mfxbox.exe | W32/Spybot-MS Read the link, allows remote access |
| Mass Effect™ Xbox 360 | X | mfxbox.exe | Added by the W32/Spybot-MS WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling the automatic startup of other software |
| MATLAB Server (matlabserver) | L | matlabserver.exe | Related to The MathWorks Inc. |
| MaxBackServiceInt | L | MaxBackServiceInt.exe | Related to Maxtor_backup service. Note: Located in C:\Program\Maxtor\Maxtor Backup\ |
| MaxSyncService (NTService1) | L | SyncServices.exe | Related to Maxtor_OneTouch service. Note: Located in C:\Program\Maxtor\OneTouch\Utils\ |
| Maxtor Performance Analysis Tool | X | winrcn.exe | Troj/IRCBot-VY Read the link, allows remote access |
| Maya 6 PLE Documentation Server | L | wrapper.exe | Related to Alias Systems Corp. |
| MBackMonitor | L | MBackMonitor.exe | Mcafee related |
| MC/Empower i.collect | L | icserv.exe | an internet cleaning utility issued by various ISP's for their customers use |
| McAfee Agent | L | myAgtSvc.exe | Related to Network Associates, Inc. |
| McAfee Alert Manager (AlertManager) | L | amgrsrvc.exe | Related to McAfee_Alert_Manager , http://www.mcafee.com/ deals with alert management. Note: Located in C:\Program Files\Network Associates\Alert Manager\ |
McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) | L | Msssrv.exe | Related to Network Associates, Inc. |
| McAfee AntiSpyware Service | L | massrv.exe | Related to McAfee AntiSpyware service. |
| McAfee Application Installer Cleanup | ? | 012703~1.EXE | Appears to be related to a mcafee uninstaller, if it is still present after a reboot, it should be removed |
| McAfee Desktop Firewall Service (FireSvc) | L | FireSvc.exe | Related to McAfee Desktop Firewall Service. Note: located in C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\ |
| McAfee E-mail Proxy (Emproxy) | L | emproxy.exe | Related to McAfee_Email_Proxy c:\program files\common files\mcafee\EmProxy\ |
| McAfee Firewall | L | CPD.EXE | Related to Network Associates |
| McAfee Framework Service (McAfeeFramework) | L | FrameworkService.exe | McAfee/CA related |
| McAfee HackerWatch Service | L | HWAPI.exe | Related to McAfee_HackerWach Service installed by the McAfee Internet Security suite and whose role is to update the HackerWatch.org website with any suspected hacker attack which you decide to report to the HackerWatch service run by McAfee. Down to end-user preference. Note, however, that this service, introduced in mid-2006, has a tendency to gobble up memory on some PCs, from 30Mb to 50Mb. Read the recommandations. Note: Located in C:\Program Files\Common Files\McAfee\HackerWatch\ |
| McAfee Log Manager (McLogManagerService) | L | mclogsrv.exe | Related to McAfee_SecurityCenter Log Manager. Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee Network Agent (McNASvc) | L | mcnasvc.exe | Related to McAfee_Network_Agent Note: Located in c:\program files\common files\mcafee\mna\ |
| McAfee Personal Firewall Service (MpfService) | L | MPFSrv.exe | Related to McAfee_Personal_Firewall Service. Note: Located in C:\Program Files\McAfee\MPF\ |
| McAfee Privacy Service (GuardDogEXE) | L | GUARDDOG.EXE | Belongs to the software McAfee Internet Security or McAfee Privacy Service. For more information Click_Here |
| McAfee Privacy Service (MPS9) | L | mps.exe | Related to McAfee_Privacy_Service Includes many features for families online including Internet content filtering, blocking personal information from being sent, an event log, and Internet time limits. Note: Located in C:\Program Files\McAfee\MPS\ |
| McAfee Protection Manager (mcpromgr) | L | mcpromgr.exe | Related to McAfee_Integrated_Security Platform. Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee Proxy Service (McProxy) | L | mcproxy.exe | Related to McAfee Proxy Service Note: Located in c:\Program Files\COMMON~1\mcafee\mcproxy\ |
| McAfee Real-time Scanner (McShield) | L | mcshield.exe | Related to McAfee_Virus_Shield Note: Located in C:\Program Files\McAfee\VIRUSSCAN\ |
| McAfee Redirector Service (McRedirector) | L | redirsvc.exe | Related to McAfee_Redirector Service Module. Note: Located in c:\program files\common files\mcafee\redirsvc\ |
| McAfee Scanner (McODS) | L | mcods.exe | Related to McAfee_VirusScan On Demand Scan. Note: Located in C:\Program Files\McAfee\VIRUSSCAN\ |
| McAfee SecurityCenter Update Manager | L | mcupdmgr.exe | McAfee Antivirus updater |
| McAfee SecurityCenter Update Manager (mcupdmgr.exe) | L | mcupdmgr.exe | McAfee Update manager - http://castlecops.com/s5681-MCUPDMGR_EXE.html |
| McAfee Services (mcmscsvc) | L | mcmscsvc.exe | Related to mcafee |
| McAfee SpamKiller Server (MskService) | L | MSKSrvr.exe | Part of McAfee Spamkiller. http://computercops.biz/s6154-MSKSrvr_exe.html |
| McAfee SpamKiller Service (MSK80Service) | L | MskSrver.exe | Related to McAfee SpamKiller Note: Located in C:\Program Files\McAfee\MSK\ |
| McAfee SystemGuards (McSysmon) | L | mcsysmon.exe | Related to McAfee_SystemGuards Service. Note: Located in C:\Program Files\McAfee\VIRUSSCAN\ |
| McAfee Task Scheduler (McTskshd.exe) | L | mctskshd.exe | Related to McAfee_Task_Scheduler Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee Update Manager (mcmispupdmgr) | L | mcupdmgr.exe | Related to McAfee_SecurityCenter Update Manager. Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee User Manager (mcusrmgr) | L | mcusrmgr.exe | Related to McAfee_SecurityCenter MISP User Manager. Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee Wireless Security Service (MwlSvc) | L | MwlSvc.exe | Related to McAfee_Wireless_Security_Service Note: located in C:\PROGRA~1\McAfee\MWL\ |
| McAfee WSC Integration (McDetect.exe) | L | mcdetect.exe | Related to McAfee WSC Integration. |
| McAfee.com McShield | L | mcshield.exe | Related to McAfee |
| McAfee.com Personal Firewall Service | L | MPFSERVICE.exe | Related to McAfee.com Personal Firewall |
| McAfee.com VirusScan Online Realtime Engine | L | mcvsrte.exe | McAfee AntiVirus |
| MCFservice (mcfdrv) | X | mcfdrv.sys | Added by the TROJ_ROOTKIT.R TROJAN! Read the link, rootkit type stealth involved. |
| mchInjDrv | X | mc2A.tmp | Added by the Dialer.ICcontrol DIALER! Note: This malware can make the modem dials long-distance phone numbers that were not configured in the system. This malware file can be found in the Documents and Settings\[CURRENT USER]\Local Settings\Temp folder. |
| mcmmng32 (Microsoft Control Manager) | X | mcmmng32.exe | Added by the W32/Tilebot-HK WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disabling the automatic startup of other software |
| mcp | L | mcp.exe | Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin\mcp |
| McShield | L | Mcshield.exe | this process is associated with McAfee's Internet Security suite. More specifically, it is essential to the Antivirus software and should not be removed |
| MD Simple Burner Service (NetMDSB) | L | NetMDSB.exe | Sony Corp. MiniDisk Simple Burner |
| MDaemon - Alt-N Technologies, Ltd. | L | MDAEMON.EXE | Related to MDaemon,a Windows-based email server. |
| MdeRy | X | rpe.sys | Added by the Backdoor.Ryejet TROJAN! Read the link, rootkit type stealth involved. |
| MEAOI Service (MEAOI) | X | _meaoi.exe | Added by the W32/Tilebot-AM WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| media playr (mediaply) | X | mediaply32.exe | Added by a variant of the IRCbot family of worms and IRC backdoors. Note: located in C:\%WINDIR%\ |
| Mediabee (Mediabee Desktop Server) | L | MbXmlRpcServer.exe | Related to Mediabee Group Planner & Dashboard |
| MediaMax XL Service (MediaMaxXLService) | L | MediaMaxXLService.exe | Related to MediaMax_XL from Streamload, Inc. An application that automatically backs up your files and syncs files between computers. Note: Located in C:\Program Files\Streamload\MediaMax XL\ |
| Medie Sariel Number Services | X | moviemk.exe | Added by the Troj/DownLd-AAP TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| MemDRV (vdnt32) | X | vdnt32.sys | Added by the Troj/Haxdoor-AA TROJAN! |
| Memeo (BMUService) | L | MemeoService.exe | Related to Memeo backup service. Note: Located in C:\Program Files\Tanagra\Memeo\ |
| Memorex Network Analysis Tool | X | winsntp.exe | Added by the W32/Vanebot-AT WORM! Note: This worm is located in C:\%WINDIR%\dllcache\ |
| Memory Check Service (AcerMemUsageCheckService) | L | MemCheck.exe | Found on Acer laptops |
mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) | L | raysat_3dsmax9_32server.exe | Related to Autodesk_3ds_Max_9_3D_animation Create rich and complex design visualization. Note: Located in D:\3dsMax9\mentalray\satellite\ |
| Merak Mail Server Control (MerakControl) | L | control.exe | Related to Merak_Mail_Server Software. A high performance mail server software suite for Windows or Linux |
| Merak Mail Server POP3/IMAP (MerakPOP3) | L | pop3.exe | Related to Merak_Mail_Server Software. A high performance mail server software suite for Windows or Linux |
| Merak Mail Server SMTP (MerakSMTP) | L | smtp.exe | Related to Merak_Mail_Server Software. A high performance mail server software suite for Windows or Linux |
| MERANT XDB Server for NX 3.1 | L | xsrvnx.exe | Related to SERENA Software, Inc. - http://www.serena.com/ |
| Messaging Application Programming Interface (Mapi) | X | mapi.exe | Added by the W32/Sdbot-DFC Worm Read the link, allows remote access |
| Messenger | X | svchost.exe -k Messenger | Added by the Fuwudoor TROJAN! |
| Messenger | X | kernel32.exe | Added by the Troj/Kyth-A TROJAN! Note: Replaces any existing services named Messenger. |
| Messenger | X | sys.exe | Added by the Troj/PcClient-H TROJAN! Note: This worm\trojan file is found in the System32 folder. |
| Messenger | X | KB08953265.exe | Added by the Esteems.F TROJAN! Note: Drops multiple files. |
| Messenger (Messenger) | X | (TROJAN FILE NAME) | Added by the Trojan.Neasemal TROJAN! Note: This trojan file will be found in the System32 folder and may have one of the following file extensions: .kop or .del or .axs |
| Messenger (Messenger) | X | hacker.exe | Added by the Troj/PcClient-M TROJAN! Note: This trojan file is found in the System32 and Temp folders. |
Messenger Sharing Folders USN Journal Reader service (usnjsvc) | L | usnsvc.exe | Related to Messenger_Sharing_Folders_USN_Journal Reader service from Microsoft. Note: Located in C:\Program Files\MSN Messenger\ |
| MetaFrame COM Server (MFCom) | L | mfcom.exe | Related to Citrix MetaFrame |
| MGABGEXE | L | mgabg.exe | Matrox BIOS Guard. What does it do and is it required? |
| MGACtrl | L | mgasc.exe | Related to products from Matrox graphics |
| MgiSvr | L | uMgiSvr.exe | Related to Magic-i from ArcSoft A powerful webcam application designed to enhance users' video chat experience. Note: Located in C:\Program Files\ArcSoft\Magic-i 3\ |
| MICR0SOFT SVCH0ST (MS_SVCH0ST) | X | SVCH0ST.EXE | Detected by BitDefender as Trojan.Spy.Agent.PV |
| Microsoft Agent | X | rschost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K) |
| Microsoft Agent | X | snchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) More: here |
| Microsoft Agent | X | ffchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: Located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Agent | X | lpohost.exe | Added by the W32/Sdbot-CWQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Agent | X | qxchost.exe | Added by the W32/Sdbot-CWP WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Agent | X | lkmhost.exe | W32/Vanebot-AD Note: Located in %windir%\system32\dllcache Read the link, allows remote access |
| Microsoft Agent | X | xnchost.exe | Added by an unidentified TROJAN! of the Sdbot family. |
| Microsoft Agent | X | ppchost.exe | Added by a variant of the W32/Sdbot-CYE WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Agent | X | suchost.exe | W32/Sdbot-DDD Read the link, allows remote access |
| Microsoft AntiSpyware (Beta 1) | L | gcasDtServ.exe | Microsoft AntiSpyware Data Service |
| Microsoft AntiSpyware (Beta 1) | L | gcasServ.exe | Microsoft AntiSpyware Service |
| Microsoft AntiSpyware (Beta 1) | L | GIANTAntiSpywareMain.exe | Microsoft AntiSpyware Main |
| Microsoft Apache for Windows (Windows Apache Service) | X | wpablin.exe | Added by the W32/Tilebot-IL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| Microsoft ASPI Manager (aspi113210) | X | aspi113210.exe | Added by the Troj/Danmec-T TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Modify the hosts file, Terminate AV related processes and services, Steal information. Read the article. Filename is partly random (aspinnnnnn.exe) n representing a number. |
| Microsoft ASPI Manager (aspimgr) | X | aspimgr.exe | Detected as Backdoor.Win32.Agent.aju by Kaspersky |
| Microsoft authenticate service (MsaSvc) | X | msasvc.exe | Added by Worm_Ircbot_Gen Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Bluetooth Support (BthSupp) | X | bthsupp.exe | Added by the W32/Btbot-A WORM! |
| Microsoft Client Agent Service (Microsoft Client Agent) | X | msclient.exe | Added by the W32/Tilebot-BP WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Microsoft Config (mscfg) | X | dczznet.exe | Added by the W32/Rbot-ARK WORM! Note: This is not the legitimate Windows process Msconfig.exe (Which is found in the System or System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Microsoft Corporation | X | systemi32.exe | Variant of the W32.SPYBOT WORM |
| Microsoft Corporation | X | utorrent.exe | Added by a variant of the Backdoor.Win32.Bifrose.la TROJAN! Note: This trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Microsoft Corporation (Windows Wordpad) | X | wordpad.exe | Added by the W32/Tilebot-GL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ This is not Microsoft's wordpad.exe. To make sure check the properties of the file. |
| Microsoft Coyshader Runtime | X | serv32.exe | Added by the W32/Rbot-GHJ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Install a rookit. rdriv.sys run a rootkit removal tool |
| Microsoft Coyshader Runtime | X | service.exe | Added by the W32/Rbot-GHJ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Install a rookit. rdriv.sys run a rootkit removal tool |
| Microsoft CTF Loader | L | ctfmon.exe | CTF Loader |
| Microsoft DHCPA Service | X | mshcp.exe | Added by the W32/Rbot-FNA WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Digital Identity Service (InfoCard Service) | L | infocard.exe | Related to Microsoft_NET_Framework .NET Framework is a development and execution environment that allows different programming languages & libraries to work together seamlessly to create Windows-based applications. |
| Microsoft Distributed Transaction (MSDT) | X | msdt.exe | Added by the W32/Tilebot-BQ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| Microsoft DLL System | X | smsc.exe | Added by the W32/Tilebot-FY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft HDA Protocol (svhda) | X | svhda.exe | aDEED BY THE Backdoor.Win32.IRCBot.rr as detected by Kaspersky TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Microsoft IE | X | IEXPLORE.EXE | Added by the W32/Forbot-AG WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: This is not the legitimate Windows Process. (Which is found in the C:\Program Files\Internet Explorer\ folder.) This worm\trojan file is found in the C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 |
| Microsoft IIS helper | X | msiishlp.exe | Added by the Backdoor.Isen.Rootkit TROJAN! Read the link, rootkit type stealth involved. |
| Microsoft information dll service (msidll) | X | msidll.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Microsoft Internet Explorer | X | iexplore.exe | W32/Tilebot-JS Read the link, allows remote access |
Microsoft Internet Information Services kernel mode driver | X | msiisdrv.exe | Added by the Backdoor.Isen.Rootkit TROJAN! Read the link, rootkit type stealth involved. |
| Microsoft Java Service (Windows Java Service) | X | jusched.exe | Added by an unidentified TROJAN! Note: This trojan is located in C:\%WINDIR%\ |
| Microsoft Language Service (Windows Language Service) | X | alg.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| Microsoft Logon Service | X | mslogon.exe | Added by the W32.Woredbot.C TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Logon User Interface Skining (LogonUInterf) | X | logonui.exe | Detected by Ewido as Backdoor.SdBot.aad. This worm file is found in the Windows or Winnt folder. |
| Microsoft Main Window Service | X | mainwin32.exe | Added by the W32/Spybot-MR WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection |
| Microsoft Media | X | rtsecas.exe | W32/Rbot-KPH Read the link, allows remote access |
| MicroSoft Media Tools | X | MSMEDIA.EXE | Added by the SDBOT.CUH WORM! Note: This worm file is found in the System32 folder. (NT/2000/XP) Read the link, rootkit type stealth involved. |
| MicroSoft Media Tools (MicroSoft Media Tools) | X | MSmedia.exe | Added by the W32/Tilebot-BC WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Microsoft MSI Service | X | msi.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Name Server | X | nssrv.exe | W32/Tilebot-EK Read the link, allows remote access |
| Microsoft Net API (NETAPI) | X | msapi.exe | Added by the W32/Tilebot-HJ WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft NetWork FireWall Services | X | Net_Services.exe | http://www.sophos.com/virusinfo/analyses/w32lovgateaa.html |
| Microsoft NetWork FireWall Services | X | NetServices.exe | http://www.sophos.com/virusinfo/analyses/w32lovgateaa.html |
| Microsoft Network RPC | X | msnetrpc.exe | Related to the Troj/Isen-B |
| Microsoft Networks DN (msndn) | X | msndn.exe | Added by the Backdoor.SdBot.AQZ, A.K.A. Ircbot_Gen WORM! Allows a remote intruder to gain access and control over the computer. |
| Microsoft New Game 2 (svehost32) | X | svehost32.exe | Added by the W32/Tilebot-I TROJAN! Read the link, rootkit type stealth involved. |
| Microsoft Null Development Monitor (msdevnull) | X | msdevnull.exe | Added by the W32/Rbot-AGE Worm! Read the link, rootkit type stealth involved. |
| Microsoft Passport Network CyberShots | X | cybershots.exe | Added by the W32/Spybot-ND WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF). |
| Microsoft Path Finder Service (MSpath) | X | mspath.exe | Added by the W32/Sdbot-AEO WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| Microsoft Path Finder Service (mspathfinder) | X | mspathfinder | Added by the W32/Tilebot-AH WORM! Rootkit Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) | X | wmiapsv.exe | Added by the Backdoor.Win32.SdBot.aad TROJAN! Reported by Kaspersky More Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft Print Spooler (WINDRIVER) | X | scvhost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft proxysys (proxysys) | X | proxysys.exe | W32/Tilebot-JC Read the link, allows remote access |
| Microsoft Registry Viewer (Dumpreg) | X | DUMPREG.EXE | Added by the SDBOT.BXI WORM! Read the link, rootkit type stealth involved. |
| Microsoft Sata emulation (mside) | X | mside.exe | Added by the Worm.Opanki.BK WORM! Note: This worm\trojan is located in C:\%WINDIR%\SYSTEM\ Read the technical details |
| Microsoft SCC Host Protocol (POOLSVR) | X | poolsv.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft SCC Host Protocol (TaskMGM) | X | taskmg.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft sdk core (sdk) | X | lsass.exe | Added by the Troj/IRCBot-PF TROJAN! Note: Located in C:\%WINDIR%\ |
| Microsoft Security Login Service | X | mssecure32.exe | Added by the W32/Vanebot-R WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) Attempts to terminate a number of processes related to security and anti-virus applications. |
| Microsoft security update service (msupdate) | X | msvcrtd.exe | Related to a variant of the Trojan.Win32.Agent.NCR family. TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Microsoft Service Manager (winmdgr) | X | winsvcmgr.exe | Added by the W32/Rbot-AAD WORM! Read the link, rootkit type stealth involved. |
| Microsoft SQL Server Debug (sql) | X | sqldebug.exe | Added by the W32/Tilebot-FF WORM! Note: Located in C:\%WINDIR%\ |
| Microsoft SSL (ssl) | X | ssl.exe | Added by the W32.Esbot.C WORM! Note: This Worm\Trojan file is found in the System32 folder and has nothing to do with the (Secure Socket Layer) |
| Microsoft Star Window Service | X | starwin32.exe | Added by the W32/Rbot-FNT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ dllcache\ (XP/WinNT/2K) |
| Microsoft Star Window Service | X | svcshoter.exe | Added by the WORM_SDBOT.ANK WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32]dllcache (XP/WinNT/2K) provides the remote user virtual control over the affected system, thus compromising system security. |
| Microsoft Star Window Service | X | starwksvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K) |
| Microsoft Startup Manager. (Microsoft Startup Manager) | X | msput.exe | Added by the W32/Sdbot-BAY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Svc Services Dispatcher | X | svcsrv.ldr | unknown malware |
| Microsoft Terminal Service | X | msterminal.exe | Added by the W32/Sdbot-CPZ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\DllCache\ (XP/WinNT/2K) |
| Microsoft TG Mannager | X | mtgm.exe | Added by the WORM_SDBOT.EMT WORM! Note: This worm is located in C:\%WINDIR%\ Read the link, allows remote access |
| Microsoft Translation Service (MTServ) | X | mtserv.exe | Added by the W32/Rbot-GAL WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Updata ver2005 (Microsoft Updata ver2005) | X | tw725.exe | Added by the Troj/Feutel-P TROJAN! |
| Microsoft Update | X | SCVVC.exe | Added by a variant of the W32/Malware Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Microsoft update (msnupdate) | X | windupdate.exe | Added by the SDBOT.CGV WORM! Read the link, rootkit type stealth involved. |
| Microsoft update Service | X | msiupdate32.exe | Added by the W32/Vanebot-S WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF). Attempts to terminate a number of processes related to security and anti-virus applications |
| Microsoft Validation Service | X | mvsr32.exe | Detected as Backdoor.SdBot.bem by AVG-antispyware |
| Microsoft Validation Service | X | wmiprsv.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ |
Microsoft Virtual Private Network (MS Virtual Private Network) | X | MSVPN32.exe | Added by the W32/Rbot-AIO WORM! |
| Microsoft VPS Service | X | msvps.exe | Added by the W32/Rbot-FNI WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disables the automatic startup of other software |
| Microsoft Webserver (Microsoft Webserver) | X | Microsoft Webserver.exe | Added by the Troj/Hupigon-FU TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| Microsoft Windows (Microsoft Windows) | X | system.exe | Added by the W32/Rbot-AMQ WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Microsoft Windows Avantage Service (Windows Avantage) | X | avantage32.exe | Added by the W32/Tilebot-HE WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disables the automatic startup of other software. |
| Microsoft Windows BDA Service | X | svhba.exe | Added by the W32/Vanebot-P WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disables the automatic startup of other software |
| Microsoft Windows DMR Service (Windows DMR Service) | X | dmrproc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ More here |
| Microsoft windows FTPd | X | updtftpini.exe | Added by the W32/Rbot-FUS WORM! Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K) More] here |
| Microsoft Windows HDA Service | X | svhda.exe | Added by the W32/IRCBot-SL WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Windows HelpFile (Windows Helpfile) | X | services.exe | Added by the W32/Tilebot-FQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disabling the automatic startup of other software |
| Microsoft Windows Internet Connections Manager (net32b) | X | net32b.exe | Added by the W32/Cuebot-N WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Deactivates the Microsoft Internet Connection Firewall (ICF). |
| Microsoft Windows Man Service (Windows Man Service) | X | winmgr.exe | Added by the W32/Sdbot-DTL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
Microsoft Windows Protection (Windows Protection Service) | X | winlogon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Microsoft Windows Software Update Service (mswsus) | X | mswsus.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Windows Spool Service (Windows Spool Service) | X | wdfmgr.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ Not to be mistaken with wdfmgr.exe which is part of Microsoft Windows Media Player and located in, C:\WINDOWS\System32\. |
| Microsoft Windows Spool Service (Windows Spool Service) | X | services.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. |
Microsoft Windows Spooler Service (Windows Spooler Service) | X | winlogon.exe | Added by the W32/Tilebot-FR WORM!Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link. |
Microsoft Windows Spooler Service (Windows Spooler Service) | X | services.exe | Added by the W32/Tilebot-FW WORM! Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link. |
| Microsoft Windows SQL Service | X | winesql.exe | Win32/IRCBot.UG |
| Microsoft Windows System32 | X | winservs.exe | Added by the W32/Tilebot-GU WORM! Note: This worm\trojan is located in C:\%WINDIR% Also been identified with the filename: winsysdir.exe |
| Microsoft Windows System32 | X | windll32.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft Windows Update | X | wuautcl.exe | Troj/Spybot-NQ Read the link, allows remote access |
| Microsoft Windows Update (Microsoft Update) | X | scvvhost.exe | Added by the W32/Forbot-FH WORM! |
| Microsoft Windows Update (Microsoft Windows Update) | X | msconfig32.exe | Added by the W32/Tilebot-P WORM! Read the link, rootkit type stealth involved. |
| Microsoft Windows Update (msupdate) | X | csrss.exe | Added by an unknown TROJAN!, Note: This has nothing to do with Microsoft Windows Update and this is not the legitimate Windows Process csrss.exe. (Which is found in the System32 folder.) This trojan file (csrss.exe) is found in the Windows or Winnt folder. |
Microsoft Windows Validation Service (Windows Validation Service) | X | devldr32.exe | Added by a variant of the WIN32.RBOT WORM! - Note - do NOT confuse with the legitimate Creative Labs devldr32.exe file. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| MicroSoft Windowz Update (MsFtUpd) | X | MsFtUpdateXP.exe | Added by the W32/Tilebot-BL WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) | X | wmiapsrv.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ NOT TO BE confused with C:\WINDOWS\System32\wbem\wmiapsrv.exe which is a Microsoft application |
| Microsoft(R) Windows(R) Operat (Microsoft Corporation) | X | iexplorer.exe | Added by the Troj/Feutel-W TROJAN! Note: This is not the legitimate Windows Process (iexplore.exe) which is found in the Program Files\Internet Explorer folder. (Notice the difference in the spelling.) This trojan file (iexplorer.exe) is found in the System32\Internet Explorer folder. |
| microsoftdvdhelp (MicrosoftDVD) | X | msdvd.exe | Added by the W32/Rbot-AWQ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Microsoftkeysd | X | systemwin32.exe | |
| MilShieldCleaner | L | ShieldService.exe | Related to Mil_Shield from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activities. Note: Located in C:\Program Files\Mil Incorporated\Mil Shield\ |
| MindRetrieve Engine (MindRetrieve) | L | MindRetrieve.exe | MindRetrieve Appears to be a personal desktop search engine. |
| MindStorm Agent | L | srvpxa.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| MindStorm AnalyzerPro Controller | L | srvctr.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| MindStorm AnalyzerPro Correlation Engine | L | srvcor.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| MindStorm Controller | L | srvctr.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| MindStorm Correlation Engine | L | srvcor.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| Mini USB Driver | X | svńhîst.exe | Troj/Proxy-CY Note: Located in %windir%\system32 Read the link, allows remote access |
| MINIServer (MiNiService) | X | MiniServer.exe | Added by the Troj/LittleW-E TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| Miscrosoft Updates Service 4 | X | msupd4.exe | Trojan-Downloader.Win32.Agent.gn |
| Miscrosoft Updates Service 5 | X | msupd5.exe | Trojan. TROJ_LODMEDUD.A |
| MkSUpdateInt | L | MkSUpdateInt.exe | ArcaVir an AntiVirus software from Poland. A procuct of ArcaBit Sp. z o.o |
| MkS_Scan | L | mks_scan.exe | ArcaVir an AntiVirus software from Poland. A product of ArcaBit Sp. z o.o |
| mks_vir antivirus monitor (MksVirMonSvc) | L | mksmonsv.exe | ArcaVir an AntiVirus software from Poland. A product of ArcaBit Sp. z o.o |
| MLKKBDNTDriver | O | MLKKBDNTService.exe | Unknown |
| MMX Virtualization Service | X | mmx464.sys | Added by the Goldun.J TROJAN! Read the link, rootkit type stealth involved. |
| MMX2 Virtualization Service | X | mmx464.sys | Added by the Goldun.J TROJAN! Read the link, rootkit type stealth involved. |
| MNSFramework | L | MNSFramework.exe | Mobile Net Switch enables you to use your computer on more than one network with the click of a button. Note: Located in C:\WINDOWS\system32 (XP NT) |
| Mobility Client (ArtourService) | L | artsvc.exe | Related to IBM_Mobility_Client Note: Located in C:\Program Files\IBM\Mobility Client\ |
| MOBSYNC | X | MOBSYNC.EXE | Added by the SDBOT.CNT WORM! Read the link, rootkit type stealth involved. |
| modlb (modlb) | X | modlb.exe | Added by the W32/Tilebot-BF WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| mondrv (mondrv) | X | mondrv.sys | Added by the TROJ_ROOTKIT.M TROJAN! Read the link, rootkit type stealth involved. |
| MONDV | X | MONDV.SYS | Added by the Troj/Rootkit-Z TROJAN! Read the link, rootkit type stealth involved. |
| Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) | ? | MrnTS_Sync5.exe | From Morrin Corporation? http://forums.spywareinfo.com/index.php?act=ST&f=18&t=43573 |
| Motorola Digital Audio Player Manager | L | MotorolaDAP.exe | Related to Motorola Inc. Motorola Digital Audio Player. |
| Mouse Button Monitor (mousebm) | X | mousebm.exe | Added by the W32.Esbot.A WORM! |
| Mouse Click Monitor (mousecm) | X | mousecm.exe | Added by the W32/Sdbot-ZQ Worm! |
| Mouse Cursor Monitor (mousecrm) | X | mousecrm.exe | Added by the W32/Sdbot-ABQ WORM! |
| Mouse Hardware Sync (mousehs) | X | mousehs.exe | Added by the Troj/Bdoor-HU WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Mouse Movement Monitor (mousemm) | X | mousemm.exe | Added by the W32/Cuebot-E WORM! |
| Mouse Synchronization (mousesync) | X | mousesync.exe | Added by the W32/Esbot-A WORM! |
| Mouseb | X | MOUSEB.EXE | Added by the SDBOT.CRQ WORM! Read the link, rootkit type stealth involved. |
| Movielink Core Service | L | MOVIEL~1.EXE | Associated with Movielink online movie download service with help from IBM. Has also been seen with the file name MOVIEL~2.EXE |
| MozyBackup | L | mozybackup.exe | Related to Mozy Free backup at a secure, remote location. Note: Located in C:\Program Files\Mozy\ |
| MpService | L | MPSERVIC.EXE | Related to Canon Inc. http://www.canon.com/ |
| mr2kserv | L | mr2kserv.exe | Dell Open Management software installs this service http://www.anti-spy.info/process/mr2kserv.exe.html |
| MrayPigeonServer | X | M_Server2006.exe | Troj/Hupigon-IV Note: Located in %windir% Read the link, allows remote access |
| MRFCKDLL | X | MRFCKDLL.SYS | Added by the Troj/NtRootK-F TROJAN! Read the link, rootkit type stealth involved. |
| MrobeService | L | MRobeService.exe | Related to Olympus_America_Inc Imaging products. |
| MrPostman | L | Wrapper.exe | Related to MrPostman: POP email access. |
| Ms Builders (Ms Builder) | X | Wupated.exe | Added by the W32/Agobot-SS WORM! |
| MS Common Service | X | mscomserv.exe | Added by the Troj/Zlob-RF TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| MS Dns Service | X | wincntrl.exe | Added by a variant of the Sdbot/Rbot worm |
| MS Dns Service (WinNet) | X | wincntrl.exe | Added by the W32/Rbot-AYH WORM! Note: This worm\trojan file is found in the System32 folder. |
| MS DTC console | X | msdtc.exe | Added by the W32/Sdbot-DTO WORM! Note: This worm\trojan is located in C:\%WINDIR% |
| MS Ineterner Explorer Update Services (msieupservice) | X | msupsrv.exe | Listed as "Adware.SponsorBox.Process". by SuperAdBlocker |
| MS Internet Countermeasures Framework (ICF) | X | \System32:svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note DO NOT delete the svchost.exe file. |
| MS Internet Countermeasures Framework (ICF) | X | icf.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| MS Office Updater Service | X | msrvs32.exe | Added by the W32/Tilebot-HM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| MS Shadow Copy Software (ScSoft) | X | scsoft.exe | W32/Tilebot-JP Read the link, allows remote access |
| MS Software Shadow Download Provider (dnlsvc) | X | dnlsvc.exe | Added by DnlSvc.Process TROJAN! |
| Ms Valud Loader (Ms Valud Load) | X | Svhots.exe | Added by the W32/Agobot-SP WORM! |
| MSCom | X | mscom.exe | Added by the W32.Woredbot TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| MSCommmand | X | mswincom32.exe | Added by the W32/Rbot-FMM WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K) Disables the automatic startup of other software, deactivates the Microsoft Internet Connection Firewall (ICF). |
| MSCoolServ | X | mscolsrv.exe | Rahack virus |
| MSCSPTISRV | L | MSCSPTISRV.exe | Related to Sony Corporation. |
| Msdebugsrv | X | dbg32hlp.exe | Added by the SDBOT.CNG WORM! Read the link, rootkit type stealth involved. |
| msdelv (msdevl) | X | msdevl.exe | Added by the W32/IRCBot-VJ WORM! Note: This worm\trojan is located in C:\Program Files\Common Files\System\ |
| msdirectx | X | MSDIRECTX.SYS | Added by the Troj/NtRootK-F TROJAN! Note: This trojan file is dropped by various other worms and trojans to hide their processes. Read the link, rootkit type stealth involved. |
| msdll | X | msdll.exe | Added by a variant of the IRCbot family of worms and IRC backdoors. Note: located in C:\%WINDIR%\system\ |
| MSDN Driver (msdndr) | X | msdndr.pif | Added by the Troj/HacDef-EQ TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Msdn Update 32 (msdnupdate32) | X | msdnupdate32 | Added by the W32/Tilebot-M WORM! Read the link, rootkit type stealth involved. |
| Msdn Update 32 (msdnupdate32) | X | msdnupdate32.exe | Added by the SPYBOT.AHT WORM! Read the link, rootkit type stealth involved. |
| Msdtc Manager | X | winlogin.exe | Added by the W32/Rbot-FKU WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| msecure (mcsecure) | X | mcsecure.exe | Added by the SDBOT.BZJ WORM! Read the link, rootkit type stealth involved. |
| mserv.exe | X | mserv.exe | Related to Trojan.Win32.Killav.br |
| msfsr | X | msfsr.sys | W32/Piggi-B Note: Located in %windir%\system32 Read the link, changes security settings and may disable antivirus programs |
| msftesql | L | msftesql.exe | Related to Microsoft_SQL_server suite. |
| MsGrd32 | X | MSYRD32.EXE | Added by the SDBOT.BYR WORM! Read the link, rootkit type stealth involved. |
| MsHS64 or cvcworking setting (cvcWork or MsHS64) | X | syscvhost.exe or MsHS64.exe | Added by the W32/Tilebot-BU WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| msie7 | X | msie701.exe | Identified as Trojan_Downloader by PREVX, Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| msieupdater (Microsoft IE Updater) | X | update44105609.exe | Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: filename is random in the format of update(Random Number).exe |
| MSIEUpdater_1 (Microsoft IE Updater_1) | X | ie_updater1.exe | Identified as Downloader.Small.eop or Downloader.Murlo.fa Note: This worm is located in %userprofile%\ |
| MSIEUpdater_2 (Microsoft IE Updater_2) | X | ie_updater.exe | Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\ |
| MsInfo Service (MsInfo) | X | MsInfo.exe | Small.H Note: Located in C:\RECYCLER\MsInfo\ Read the link, allows remote access |
| msinit (Microsoft Scheduling Agent) | X | msinit.exe | Added by the W32/Tilebot-BJ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| MSI_WLAN_Service | L | WLAN_Service.exe | Part of Microstar's WLan card. File found in the C:\Program Files\MicroStar\WLANUtility folder. |
| mslogon (Microsoft System Logon Manager) | X | mslogon.exe | Reported as Trojan-Dropper.Win32.Delf.ng by Kaspersky Anti-Virus. Note: This file is found in the Windows or Winnt folder. |
| MsLS32 (MsLS32) | X | MsLS32.exe | Added by the W32/Tilebot-BS WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| MsLX32 (MsLX32) | X | MsLX32.exe | Added by the W32/Sdbot-AFS WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| MSMAPDEVICE | X | MSMAPDEVICE.SYS | Added by the TROJ_ROOTKIT.AK TROJAN! Read the link, rootkit type stealth involved. |
| msmbios (Microsoft System Management BIOS Driver) | X | mssmbios.exe | Added by the W32/Tilebot-AI TROJAN! Note: This trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| MSMPSVC | L | MSMPSVC.exe | Related to Windows_OneCare_Live from Microsoft |
| MSN Clean Messenger | X | msnmsgr.exe | W32/Rbot-GJZ Read the link, allows remote access |
| Msn Service (MSNSVC) | X | msnsrv.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| msnntlp | X | msnntlp.exe | W32/Tilebot-JI Read the link, allows remote access |
| MSQMX | X | msqmx.sys | Troj/StartP-BEH |
| MSR Collector | L | msrCollector.exe | Related to Black White Box, Inc. Now owned by Vericept Corp. A Risk Management Platform |
| msriv1 (msriv1) | X | msriv1.sys | Added by the Troj/Rootkit-W TROJAN! Read the link, rootkit type stealth involved. |
| msscmc43 | X | msscmc43.exe | Added by the W32/Spybot-NB WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| MSSQL (MSSQL2K6) | X | sqlsrv.exe | Added by the SDBOT.CNY or MYTOB.NC WORM! Read the link, rootkit type stealth involved. |
| MSSQLServerADHelper | L | sqladhlp.exe | Related to Microsoft SQL Server 2000 desktop engine. |
| MSSvc CRSS (CRSS) | X | MSSvc.EXE | Reported by Ewido security suite as Backdoor.SdBot.nj |
| mst Defrag Service | L | mstDfrgS.exe | Related to mst_Defrag |
| MSTCS | X | MSTCS.EXE | Reported as Backdoor.Iroffer TROJAN! by What-process.com |
| mstdel32 (mstdel32) | X | mstdel32.exe | Added by the W32/Tilebot-BE WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. |
| MsUpd | X | msupd4.exe | Added by the Lodmedud TROJAN! |
| MsUpd | X | msupd5.exe | Added by the Lodmedud TROJAN! |
| MsUpd | X | msupd6.exe | Added by the Lodmedud TROJAN! |
| MSUpdate (Microsoft Update Service for 2005) | X | msupdate24.exe | Added by the W32/Tilebot-H WORM! |
| msupdatefs (Microsoft Updater FileSystem) | X | update13428241.exe | Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: filename is random in the format of update(Random Number).exe |
| msupdatefss (Microsoft Updater FileSystems) | X | update62523833.exe | Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: filename is random in the format of update(Random Number).exe |
| msvbn | X | msvbn.exe | Added by the Backdoor.Win32.SdBot.auv TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| msvnc (msvnc) | X | msvnc.sys | Added by the TROJ_ROOTKIT.M TROJAN! Read the link, rootkit type stealth involved. |
| msvrcs(msvrcs) (msvrcs) | X | msvrcs.exe | Added by the W32/Sdbot-CRX WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| muamgrd.exe | X | muamgrd.exe | Added by a variant of the AGOBOT.GEN WORM! Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Multi-user Cleanup Service | L | ntmulti.exe | Related to IBM Lotus Note software. |
| MWAgent | L | MWASER.EXE | Related to MicroWorld Technologies Inc. - Antivirus & Content Security suite. Note: Located in C:\Program Files\Common Files\MicroWorld\Agent\ |
| MWSarcpkt | L | MWSEtherpkt.exe | Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/ |
| MWSejcap | L | MWSejcap.exe | Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/ |
| MWSpollserver | L | PollServer.exe | Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/ |
| MWSsched | L | sutmsced.exe | Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/ |
| MWSTick | L | MWSTick.exe | Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/ |
| MXS(mxs) (MXS) | X | mxs.exe | Added by the W32/Sdbot-CTT WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| My Firewall Plus | L | Smc.exe | Related to Webroot Firewall |
| MyMedia Server | L | MyMediaServer.exe | Related to FUJITSU LIMITED |
| MySql | L | mysqld-nt.exe | belongs to MySQL Daemon. It is a service that handles the access to MySQL databases |
| MySqlInventime | L | mysqld-max-nt.exe | Related to MySQL database a popular open source database. |
| MySrvShell Service (MySrvShell) | X | (Path to Trojan EXE) | Added by the Troj/WinterLv-C Trojan! |
| NAI ePolicy Orchestrator Agent (NAIMAGENT32) | L | naimas32.exe | Related to Network Associates anti-virus protection suite http://www.liutilities.com/products/wintaskspro/processlibrary/naimas32/ |
| National Instruments PSP Server Locator (lkClassAds) | L | lkads.exe | Related to National_Instruments Logos. Note: Located in C:\WINDOWS\system32\ |
| National Instruments Time Synchronization (lkTimeSync) | L | lktsrv.exe | Related to National_Instruments Logos. Note: Located in C:\WINDOWS\system32\ |
| NAV Alert | L | alertsvc.exe | Related to Symemtecn/Norton products |
| Navegador de red (ExpIorer) | X | ExpIorer.exe | Added by the Troj/Taladra-E TROJAN! |
| NBService | L | NBService.exe | Related to Nero Backup service. Note: Located in C:\Program Files\Nero\Nero 7\Nero BackItUp\ |
| NDAS Service (ndassvc) | L | ndassvc.exe | Related to XIMETA Inc. Smart Network Storage Solution. |
| NDIS Adapter (NDIS TCP Layer Transport Device) | X | ndis.exe | Added by the W32/Forbot-AX WORM! Note: This worm file is found in the System32 folder. |
| NdisFilter | X | ndisfilter.sys | Troj/NetAtk-F |
| ndserv | | ndserv.exe | Related to NetDeploy_Launcher from Open Software Associates Ldt. a division of Managesoft.com Note: Located in C:\Program Files\netDeploy\Launcher\ |
| neruo.exe (NeroFilterCheck) | X | Explore.exe | Added by the SDBOT.DIH WORM! Read the link, rootkit type stealth involved. |
| Net Agent | X | dls0523pmw.exe | Added by the Trojan.Downloader-Gen/BasicMath.Process TROJAN Note: This trojan is located in C:\%WINDIR%\ |
| Net Boot Service | X | big5_gb2312.exe | Detected as W32.Agobot-TU Note: Located in WINDOWS\system32 |
| Net Functions Library (Netlib) | X | Netlib.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C: folder. |
| Net Functions Monitoring (Netmon) | X | Netmon.exe | Added by the W32/Codbot-R WORM! |
| Net Logon (Netlogon) | L | lsass.exe | Related to the Net_Logon service. Uused to authenticate a user into a domain. Note: Located in C:\%WINDIR%\System32\ |
| Net message Service | X | netmsg.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Net Service Monitor | X | netsvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: Located in C:\WINDOWS\ Note] Netsvc.exe: This tool provides a way to remotely start, stop, and query the status of services from the command line. But is not run as a SERVICE. Here |
| NetBackup Client Service (NetBackup INET Daemon) | L | bpinetd.exe | Related to VERITAS NetBackup Enterprise Server. |
| NetBackup Volume Manager | L | bevmd.exe | Related to VERITAS NetBackup Enterprise Server. |
| NetBIOS Helper | X | nbthlp.exe | Added by the W32.Toxbot.AL WORM! Note: Symantec has developed a removal tool to clean the infections of W32.Toxbot.AL, to download it Click_Here |
| netbios helper service | X | altsvc.exe | adserver adtech.de redirects |
| NetBIOS Helper Service (NetBIOS Helper) | X | nbthlp.exe | Added by the W32/Codbot-AE WORM! Note: This worm\trojan file is found in the System32 folder. |
| NetBTD(ntbtd) (NetBTD) | X | netbtd.exe | Added by W32/Sdbot-BLW WORM! Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| NetCN | X | netcn.sys | Added by the Hacktool.Rootkit TROJAN! Read the link, rootkit type stealth involved. |
| NetconDDE Service (NetconDDE) | X | iisctrl.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| netconf32 (netconf32) | X | netconf32.exe | Added by the W32/Tilebot-BN WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| netctrl | X | sys.dll | Troj/Singu-AR Read the link, allows remote access |
| NetDDE Server (NetDDEsrv) | X | netddesrv.exe | Added by the W32/Codbot-Y WORM! Note: This worm\trojan file is found in the System32 folder. |
| NetDDEipx (NetDDEipx) | X | random | Added by the NetDDEipx TROJAN! **note 3ylv.exe may be one of the random file names used |
| NetGroup Packet Filter Driver (NPF) | X | npf.sys | Troj/Delf-EQE Note: Located in %windir%\system32\drivers |
| Neth | X | netid.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| NETINFO | X | netinfo.exe | Added by the W32/Tilebot-J WORM! Read the link, rootkit type stealth involved. |
| NetLimiter (nlsvc) | L | nlsvc.exe | NetLimiter_2 shows list of all applications communicating over network. |
| NetLogon | X | svchost.exe -k NetLogon | Added by the Fuwudoor TROJAN! |
| NetM (Ne) | X | win32udt.exe | Added by a variant of the SDBOT.CZD family of trojan. Note: This trojan is located in C:\%WINDIR%\ |
| Netman | X | Netserv.dll | Troj/Protux-E |
NetOp Helper ver. 7.50 (2002343) (NetOp Host for NT Service) | L | NHOSTSVC.EXE | Related to Danware NetOp products Note: Located in C:\Program Files\Danware Data\NetOp Remote Control\HOST\ |
NetOp Helper ver. 7.65 (2004242) (NetOp Host for NT Service) | L | NHOSTSWC.EXE | Related to Danware NetOp products |
| Netropa NHK Server | L | nhksrv.exe | Netropa Hotkey Server task seen only on DELL and Compaq PCs running Windows NT4/2000/XP |
| Netropa NHK Server | L | Nhksrv.exe | nhksrv.exe is a process that belongs to DELL and Compaq systems. It is used to halt any configured hotkeys while the screensaver is running. |
| Netscape Update Service | L | ncupdatesvc.exe | Netscape Communications Corporation updater |
| NetSendServer (NetSendServer) | X | NetSend.exe | Added by the Troj/Hupigon-DQ TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| NetSign AutoUpdate Service (NsAUSvc) | L | NsAUSvc.exe | Related to SecurityFocus - http://www.securityfocus.com/ |
| NetVeda Safety.Net (ipcSvc) | L | ipcsvc.exe | Related to Safety_net from Netveda. Security and advanced Internet firewall protection for all your LAN computers. |
| Network | ? | nettcp.exe | Unknown owner: Location C:\WINDOWS\system32\nettcp.exe |
| Network ADSL Server (Network ADSL Server) | X | woaisaomm.exe | Added by the Troj/GrayBrd-AQ TROJAN! Note: This trojan file is found in the System32 folder. |
| Network Associates Task Manager | L | VsTskMgr.exe | VirusScan Task Manager |
| Network Client (nwclntg) | X | winlogon.exe | Added by the Boxed.E TROJAN! |
| Network Configuration Service (NetCfgSvr) | L | NetCfgSv.EXE | Related to AT&T http://www.anti-spy.info/process/netcfgsv.exe.html |
| Network Connections Sharing (RpcTftpd) | X | svchost.exe | Added by the W32.Welchia WORM! **Note - This service will be set to start manually |
| Network DDE Client (NetDDEclnt) | X | netddeclnt.exe | Added by the W32/Codbot-M WORM! |
| Network dde connections | X | service.exe | adtech.de redirections |
| Network DDE Connections (NETDDEC) | X | winmgnt.exe | Added by unknown malware, the file winmgnt.exe may be a Serv-U FTP server used to download other malicious files to your computer. File location is in the System32 folder. |
| Network DDE DSMA (NetDDEdsma) | X | svchost.exe | Added by the W32/Sdbot-BMG WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm file is found in the Windows or Winnt folder. |
| Network DDS (NetDDS) | X | NetDDS.exe | Reported as Troj/ServU-Gen See Sophos Unknown owner :Location: C:\WINDOWS\system32\NetDDS.exe |
| Network Devices Controller (ndcsvc) | X | random.$$$ | Added by the Alnica TROJAN! |
| Network Devices Controller (ndcsvc) | X | random file name | Added by the Alnica TROJAN! |
Network Distributed Transaction Coordinator for Workstation (MSDCSRV32) | X | mssrv.exe | Added by the PWSteal.Drorar TROJAN! Note: This trojan file is found in the Program Files\Common Files\system\ado folder. |
| Network DRV (NTDRV) | X | netdrvr.exe | Added by the W32/Sdbot-AZK WORM! Note: This worm file is found in the System or System32 folder. |
| Network Gateway Manager (npx) | X | csrsc.exe | Added by the W32/Sdbot-CPE WORM! Note: This worm\trojan is located in C:\%WINDIR% |
| Network helper Service (MSDisk) | X | irdvxc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Network Location Manager | X | lssc.exe | Added by the Trojan.Backdoor.Gen TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Network Management Center Time (W32Times) | X | TIMEMAN32.EXE | Added by the Troj/GrayBrd-AA TROJAN! Note: This worm\trojan file is found in the Program Files\Internet Explorer\plugins folder. |
| Network Messenger (MStdc ) | L | mstdc.exe | Related to Microsoft Personal Web Server and Microsoft SQL Sever software http://www.2-files.com/process/microsoft-distributed-transaction-coordinator |
| Network Monitor | X | netmon.exe | Reported by Panda as the Trj/Cicos.H TROJAN! This trojan if found in the \Program Files\Network Monitor\ folder. Note: This is not the legitimate Microsoft Network Monitor (Netmon.exe) process which is legitimate to capture network traffic. Article_Q812953 |
| Network Provision Managing Service (xmlprovman) | X | provsvc.exe | Added by the W32/Sdbot-CRS WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Network Security Service | X | random | CoolWebSearch res:// variant |
| Network Security Service (NSS) | X | random | CoolWebSearch res:// variant |
| Network Security Service (__NS_Service_3) | X | sdkbj32.exe | Detected as Trojan.Agent.bi by ewido(now known as AVG-antispyware) |
| Network Station Task Manager (TASKSQ) | X | tasksch.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Network Station Task Manager (TSKIB) | X | taskib.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Network Switching Alerter | X | windlls.exe | Probable variant of W32/Rbot-AZQ |
| Network System (NetSystem) | X | NetSystem.exe | Troj/QQRob-ADE Read the link, steals information |
| NetWorkLogon | X | KB8964225.log | Troj/Lmir-FF Note: Located in %windir%\system32 Read the link, steals information |
| NI Service Locator (niSvcLoc) | L | niSvcLoc.exe | Related to National_Instruments corp. |
| NICCONFIGSVC | L | NICCONFIGSVC.exe | NICCONFIGSVC.exe is a process associated with the power management settings for network adapters on Dell systems. For more information Click_Here |
| NICSer_WMP11 | L | NICServ.exe | Related to Linksys config utility. |
| ninsvc | X | ninsvc.exe | Added by the W32/Akbot-AL WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Modifies the HOSTS file |
| nipxirmu | L | nipalsm.exe | Related to National_Instrument Corp. |
| NMap | L | nmapserv.exe | NMapWin Port Scanner utility service. |
| NMIndexingService | L | NMIndexingService.exe | Part of a Nero product |
| NMSAccess | L | NMSAccess.exe | Related to Cheetah_DVD_Burner Note Must only be used on NT4/2000/XP |
| NNServ | X | nnrun.exe | Added by NewDotNet AdWare! Note: Located in C:\Program Files\NewDotNet\ |
| NNSvc | L | nnsvc.exe | NetNanny Internet Filter |
| NobleNet Portmapper for TCP | L | portserv.exe | Actuate_Enterprise Reporting Applications for business intelligence analytic services |
| NOD AV service (nodantivir) | X | nodantivir.sys | Added by the Troj/Haxdoor-AK TROJAN! Note: This trojan file is found in the System32 folder. The file nodantivir.sys provides stealthing functionality. |
| NOD32 Kernel Service (NOD32krn) | L | nod32krn.exe | NOD32 Antivirus |
| Nofeel FTP Server Service | L | nftpdsvc.exe | Related to Nofeel_FTP_Server |
| NoIPDUCService | L | DUC20.exe | Related to Vitalwerks Internet Solutions |
| Norman API-hooking helper | L | nipsvc.exe | Norman Anti-Virus |
| Norman NJeeves | L | NJEEVES.EXE | Norman Anti Virus |
| Norman Type-R | L | NPFSVICE.EXE | Norman Virus Control Service. Made by Norman Data Defense Systems, Inc. For more information Click_Here File is located in the Norman\Nvc\BIN folder. |
| Norman Virus Control on-access component | L | nvcoas.exe | Norman Virus Control on-access component |
| Norman Virus Control Scheduler | L | NVCSCHED.EXE | Norman Virus Control Scheduler |
| Norman ZANDA | L | Zanda.exe | Norman Anti Virus |
| Nortel Networks TunnelGuard (tunnelguardservice) | L | CueAgent_srv.exe | Related to Nortel_Networks_TunnelGuard designed to ease the deployment of very large site-to-site and remote access Virtual Private Networks (VPNs). Note: Located in C:\Program Files\Nortel Networks\TunnelGuard\ |
| Norton antivirus and Firewall (it) | X | fime.exe | Bogus Norton Antivirus and Firewall service. Unknown owner. |
| Norton AntiVirus Auto Protect Service (navapsvc) | L | navapsvc.exe | Related to Norton/Symantec AntiVirus. |
| Norton AntiVirus Auto-Protect Service (navapsvc) | L | navapsvc.exe | Related to Norton/Symantec AntiVirus. |
| Norton AntiVirus Client | L | rtvscan.exe | Norton Anti-virus related |
| Norton AntiVirus Firewall Monitor Service (NPFMntor) | L | NPFMntor.exe | Norton Internet Worm Protection |
| Norton Ghost | L | PQV2iSvc.exe | symantec Norton Ghost Image related |
| Norton Internet Security Accounts Manager | L | NISUM.EXE | Related to Norton Internet Security |
| Norton Internet Security Proxy Service | L | SymProxySvc.exe | Related to Symantec Corporation |
| Norton Internet Security Service | L | NISSERV.EXE | Related Symantec Corporation |
| Norton Online Anti Virus | X | avll32.exe | Added by the Backdoor.Win32.SdBot.aad reported by Kaspersky TROJAN! Note: This worm\trojan is located in C:\%WINDIR% |
| Norton Personal Firewall Proxy Service | L | SymProxySvc.exe | Related to Norton Firewall Proxy service |
| Norton Personal Firewall Service | L | NISSERV.EXE | Related to Norton Personal Firewall service |
| Norton Program Scheduler | L | npssvc.exe | Related to Norton Scheculer |
| Norton Protection Center Service (NSCService) | L | NSCSRVCE.EXE | Related to Norton Internet Security 2006 and Norton AntiVirus 2006. Made by Symantec_Corporation |
| Norton Unerase Protection | L | NPROTECT.EXE | Norton Protected Recycle Bin |
| Notebook Manager Service (anbmService) | L | anbmServ.exe | Related to Acer Notebooks Hardware Monitoring program. Made by OSA_Technologies Inc. |
| Novell Application Launcher (NALNTSERVICE) | L | NALNTSRV.EXE | Novell NAL NT service |
| Novell Workstation Manager (WM) | L | wm.exe | Novell Workstation Manager |
| Novell XTier Agent Services | L | XTAgent.exe | |
| Novell ZfD Remote Management | L | ZenRem32.exe | |
Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) | L | WolSerNT.exe | Novell ZfD Wake on LAN Status Agent |
| Now.WAP Proxy Gateway Service (WAP3GX) | L | WAP3GXNT.EXE | Related to Now.WAP_Proxy a WAP Gateway that is designed to meet the needs of WAP 2.0 and multimedia applications. Note: Located in C:\PROGRAM Files\NowWAP\ |
| NPDOR File Monitor Service (NFMService) | L | NPDORNT.exe | Related to NPD Online Research. |
| NPF | X | npf.sys | Added by the Troj/NtRootK-I TROJAN! Note: This trojan file is found in the System32 folder. |
| npkcsvc | L | npkcsvc.exe | INCA Internet |
| NS (MSLLR) | X | ns.exe | W32/Agobot-HS |
| NsEngine | L | NSENGINE.exe | Scheduling engine of NovaSTOR Backup Service |
| nservice | X | nservice.exe | Added by the W32/Agobot-AHR WORM! Note: This worm is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) Read the link, allows remote access |
| NT LM Security Support Provider (NtLmSsp) | L | lsass.exe | Related to the NT_LM_Security_Support_Provider Windows NT 4.0 is responsible for handling NTLM authentication requests. Note: Located in C:\%WINDIR%\System32\ |
| NT login service (ntlogin32) | X | libsys32.exe | Added by the W32/Sdbot-ACK WORM! |
| NT login service - Unknown | X | libsysmgr.exe | Added by the W32/SDBOT-CAF WORM! (Castle Cops) |
| NT Online Protection | L | ONLNSVC.EXE | Related to AntiVirus_Quick Heal Virus protection. Note: located in C:\Program Files\QUICKH~1\ |
| Nt System Kernel | X | ntsyskrnl.exe | related to WORM_AGOBOT.IK |
| NTBOOTMGR | X | ntuser.exe | Flagged as Backdoor.Iroffer / Backdoor.Noer |
| NTCHARGE | L | winlogon.exe | Related to Microsoft Internet Information Services (IIS). |
| NTFS Crypto Technology (NTFSCrypt) | X | ntfscrypt.exe | Added by the W32/Spybot-NC WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| NTFS File Location Service (NTFSFLS) | X | ntfsloc.exe | Added by the W32/Sdbot-CSG WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| NTFSprotect (ntfsdiscman) | X | ntfsprotect.exe | Added by the SDBOT.CCF WORM! Read the link, rootkit type stealth involved. |
| Ntlm_Drive_Connect (Ntlm_Drive_Connect) | X | TimerU.sys | Added by the Tuimer TROJAN! |
| NTLOAD | X | ntsrv.exe | Flagged as Backdoor.Iroffer / Backdoor.Noer |
| NTLOAD | X | winlogon.exe | Other files in the same directory identified as Win32.Iroffer.b by Kaspersky |
| ntmssvc | X | svchost.exe -k ntmssvc | Added by the Fuwudoor TROJAN! |
| NTP (Network Time Protocol) | X | winlogon.exe | Added by the Troj/Jtram-D TROJAN! Note: This trojan file is found in the System32\Client folder. |
| NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) | L | tcsd_win32.exe | Related to NTRU_Cryptosystems Inc. Provider a public key cryptography system (PKCS) |
| NTSec(ntsec) (NTSec) | X | ntsec.exe | Identified as Trojan-Dropper.VB.22 by VBA32 Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) This should not be confused with Keylog_Ardamax A program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. Located in %Documents and Settings% \Start Menu\Programs\Ardamax Keylogger. If you did not install this program remove it. |
| NTSecure | O | srvany1234.exe | Unknown owner: Location C:\WINDOWS\system32\srvany1234.exe |
| NTSVCMGR | O | winlogon.exe | Creates a file win32.dll C:\windows\system32\ and the old one is renamed win32.dll.bkup |
| NTSVCMGR | X | winlogon.exe | Other files in the same directory identified as Win32.Iroffer.b by Kasperksy |
| NTSVCMGR | X | ntsrv.exe | Flagged as Backdoor.Iroffer / Backdoor.Noer |
| NTsyslog | L | ntsyslog.exe | Related to Open_Source_Technology Group. An application logging functionality. |
| nTune Service (nTuneService) | L | nTuneService.exe | Related to NVIDIA Access Manager. Note: Located in C:\Program Files\NVIDIA Corporation\nTune\ |
| NuTCRACKER Kernel | L | nutkserv.exe | Related to openUTM from Fujitsu Siemens Computers |
| NuTCRACKER Service | L | nutsrv4.exe | Related to Rational Rose, MKS Toolkit for Enterprise Developers |
| NvCplScan | X | msc32.exe | Related to the W32/FORBOT-DD |
| NvCplScan | X | nvsc32.exe | another example, added by Forbot_ET. |
| Nvedavt | L | ousbehci.sys | Related to OrangeWare Corp. |
| nvidGUIv (nvidGUIv2) | X | NVIDGUIV.EXE | Added by the SDBOT.CTQ WORM! Read the link, rootkit type stealth involved. |
| NVIDIA Display Driver Service | L | nvsvc32.exe | NVidia |
| NVIDIA Display Service (NVIDIA Display Driver Service) | X | Nvds.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| NVIDIA Driver Helper Service | L | nvsvc32.exe | Related to NVIDIA drivers. |
| NVIDIA Driver Serviceˇˇ (NVSv ) | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Nvidia Graphic Displacement (nvideoGUI) | X | nvideogui.exe | Added by the SDBOT.CQD WORM! Read the link, rootkit type stealth involved. |
| NVIDIA PVR Schedule Monitor (nvpvrmon) | L | nvpvrmon.exe | Related to NVIDIA ForceWare driver. Note: Located in C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\ |
| nvsec(nvsec) (NvSec) | X | nvsec.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| nvsvc32.exe | X | wmisp.exe | Added by the Backdoor_Win32_SdBot_aad WORM! - Reported by KASPERSKY ON-LINE SCANNER |
| O&O CleverCache Agent (OOCleverCacheAgent) | L | ooccag.exe | Related to O&O_Software Products. Located in folder: \OO Software\CleverCache\ |
| O&O ComponentInstaller Agent | L | oocinst.exe | Related to O&O software Protection Software |
| O&O Defrag | L | oodag.exe | www.oo-software.com |
| O&O Defrag 2000 (OOD2000) | L | OOD2000.exe | Part of O&O Defrag |
| O2Micro Flash Memory (O2Flash) | L | o2flash.exe | Related to O2Micro_Flash Memory Card. Note: Located in C:\WINDOWS\system32\ |
Odyssey Client for Fujitsu Siemens Computers (odClientService) | L | odClientService.exe | Related to Odyssey_Client for Fujitsu Siemens Computers. Note: Located in C:\Program\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\ |
| OESH (Office Source Engine Help) | X | Program.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C: folder. |
Office Server Extensions Notification Service (OWSTimer) | L | OWSTIMER.EXE | Related to Microsoft_SharePoint Note: Located in C:\Program Files\icrosoft Office\Office\ Files\ |
| Office Source Engine (ose) | L | OSE.EXE | Microsoft Office Source Engine |
| OfficeScanNT Listener | L | tmlisten.exe | part of the Trend Micro Anti Virus application (WinTasks Process Library) |
| OfficeScanNT Personal Firewall (OfcPfwSvc) | L | OfcPfwSvc.exe | Related to Trend Micro, Inc. - http://www.trendmicro.com/ |
| OfficeScanNT RealTime Scan | L | ntrtscan.exe | a process associated with the Trend Micro Antivirus application (WinTasks Process Library) |
| OlCamSrv | L | OlCamSrv.exe | Related to: Olympus_America Inc. Imaging services |
| OM Common Services (omsad) | L | omsad32.exe | Related to Dell Open Management system. |
| OmniForm Printer | L | ofps.exe | Related to Nuance_Communications Inc., (Peviously Scansoft Inc.) A leading supplier of imaging, speech and language solutions |
| Omniquad MyPrivacy | L | mpsvc.exe | Related to Omniquad Security's MyPrivacy Internet tracks cleaning tool. |
| ONC/RPC Portmapper | L | PORTMAP.EXE | Related to Bell_and_Howell |
| Online Backup Service | L | nts.exe | Related to Online_Backup_Service From Acpana Business Systems. Note: Located in C:\Program Files\Acpana Business Systems\Data Deposit Box\ |
| OpcEnum | L | OpcEnum.exe | OPC_Foundation Sets Industry standards in Interoperability of Automation. |
| Open GL Drivers | X | openGLD.exe | Added by the SDBOT.CLW WORM! Read the link, rootkit type stealth involved. |
| OpenAFS Client Service (TransarcAFSDaemon) | L | afsd_service.exe | OpenAFS is a distributed filesystem product, pioneered at Carnegie Mellon University |
| openSSL | X | openSSL32.exe | Added by the W32/Spybot-MY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| OpenVPN Service (OpenVPNService) | L | openvpnserv.exe | Belongs to Open VPN that seems to be a Linux VPM program that runs under Windows. File found in the C:\Program Files\OpenVPN\bin\openvpnserv.exe folder. |
Oracle Forms Server [Forms60Server-OraForm] (OracleFormsServer-Forms60Server-OraForm) | L | ifsrv60.exe | Related to Oracle Corp. Forms server. |
| Oracle OLAP 9.0.1.0.1 (OLAPServer) | L | xsolap.exe | Related to Oracle_OLAP an option to Oracle Database 10g Enterprise Edition. Note: located in C:\oracle\ora90\bin\ |
| Oracle OLAP Agent | L | xsaagent.exe | Related to Oracle_OLAP an option to Oracle Database 10g Enterprise Edition. Note: located in C:\oracle\ora90\bin\ |
| Oracle Reports Server [Rep60_PDB-LAPTOP-OraDevHome] | L | rwmts60.exe | Related to Oracle products |
| Oracle WebDb Listener | L | wdblsnr.exe | Related to Oracle products |
| Oracle%ORACLE_HOME_SERVICE%ClientCache80 | L | ONRSD80.EXE | Related to Oracle Networking (Net8 Server Executable) |
| OracleDBConsoleorcl | L | nmesrvc.exe | Related to Oracle_DB_10g Database. Note: Located in C:\...\oracle\10g\bin\ User can install in own folder. |
| OracleMTSRecoveryService | L | omtsreco.exe | Related to Oracle SQL database application |
| OracleOraDb10g_home1iSQL*Plus | L | isqlplussvc.exe | Related to Oracle_DB_10g Database. Note: Located in C:\...\oracle\10g\bin\ User can install in a folder of his choice. |
| OracleOraHome90Agent | L | agntsrvc.exe | Related to Oracle Intelligent Agent, used to run on a remote node in the network to make the node OEM manageable. For more information Click_Here |
| OracleOraHome92PagingServer | L | pagntsrv.exe | Related to Oracle products |
| OracleOraHome92TNSListener | L | TNSLSNR.exe | Related to Oracle products |
| OracleOraHomeAgent | L | dbsnmp.exe | Related to Oracle products |
| OracleOraHomeClientCache | L | ONRSD.EXE | Related to Oracle products |
| OracleOraHomeDataGatherer | L | vppdc.exe | Related to Oracle products |
| OracleOraHomeHTTPServer | L | Apache.exe | Related to Oracle products |
| OracleOraHomeManagementServer | L | OMSNTsrv.exe | Related to Oracle products |
| OracleOraHomePagingServer | L | pagntsrv.exe | Related to Oracle products |
| OracleOraHomeTNSListener | L | TNSLSNR.exe | Related to Oracle products |
| OracleServiceLOCALORA | L | ORACLE.EXE | Related to Oracle products |
| OracleServiceSECINST | L | ORACLE.EXE | Related to Oracle products |
| OracleWebAssistant | L | OWASTsvr.exe | Related to Oracle products |
| OracleXEClrAgent | L | OraClrAgnt.exe | Related to Related to Oracle products Note: Located in C:\oraclexe\app\oracle\product\10.2.0\server\bin\ |
| Oracle_Load_Balancer_60_Client-Forms6i | L | d2lc60.exe | Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\ |
| Oracle_Load_Balancer_60_Client-Forms6ip14 | L | d2lc60.exe | Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\ |
| Oracle_Load_Balancer_60_Client-Forms6ip9 | L | d2lc60.exe | Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\ |
| Oracle_Load_Balancer_60_Server-Forms6i | L | d2ls60.exe | Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\ |
| Oracle_Load_Balancer_60_Server-Forms6ip14 | L | d2ls60.exe | Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\ |
| Oracle_Load_Balancer_60_Server-Forms6ip9 | L | d2ls60.exe | Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\ |
| ORAN | X | ORAN.SYS | Added by the TROJ_ROOTKIT.N TROJAN! Read the link, rootkit type stealth involved. |
| orans (orans) | X | orans.sys | Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved. |
| OrbMediaService | L | OrbMediaService.exe | Owner:Orb Networks |
| ORBPVR | L | OrbPVR.exe | Owner: Unkown , http://www.orb.com/ |
| oreans32 | X | oreans32.sys | W32/Bifrose-PN Read the link, allows remote access |
| OSCM Utility Service | L | OSCMUtilityService.exe | Related to Novatel Wireless Service from Sprint phones and connectivity cards. Note: Located in C: \Program Files\Novatel Wireless\Sprint\ |
| OTi Card Reader Service | L | OTiReader.exe | OTI_Globals contact/contactless smart card reader. Location: Program Files\CardReader2.0 folder. |
| Outpost Firewall Services | L | outpost.exe | Agnitum Outpost firewall service |
| OvEpStatusEngine | L | OvEpStatusEngine.exe | HP OpenView Status Engine |
| OvMsmAccessManager | L | OvMsmAccessManager.exe | HP OpenView Access Manager |
| OvSecurityServer | L | OvSecurityServer.exe | HP OpenView Security Server |
| OwnershipProtocol | L | OProtSvc.exe | Related to PROSet Wireless Software from Intel |
| P correction service (msrdr2) | X | msrdr2.sys | Added by the Troj/Haxdoor-AJ TROJAN! Note: This trojan file is found in the System32 folder. |
| P-SYS (P-SYS Service) | X | TERMSVRS.EXE | Added by the SDBOT.DEO WORM! Read the link, rootkit type stealth involved. |
| Pacific Image Comm. Fax Server | L | PICPMON.EXE | Related to SuperVoice Specialists in Voice Mail and Fax systems |
| Packet Scheduler | L | Service.exe | Related to Packet_Scheduler from Microsoft. The packet scheduler decides the order in which packets. are sent on the output link. Note: located in C:\WINDOWS\system32\microsoft\Groups\ |
| PACSPTISVR | L | PACSPT~1.EXE, PACSPTISVR.exe | Sony computers |
| PaintReport (PRSvc) | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. |
| Panasonic Trap Monitor Service | L | Trapmnnt.exe | Related to Panasocic_Trap_Monitor for printer service. Note: Located in C:\PROGRAM FILES\PANASONIC\TRAPMONITOR\ |
| Panda AdminSecure Administration Server (AdminServer) | L | AdminServer.exe | Related to Panda Security programs. |
| Panda AdminSecure Communications Agent (PAVAGENTE) | L | Pagent.exe | Related to Panda Security programs. |
| Panda AdminSecure Distribution Server (PadFSvr) | L | PadFSvr.exe | Related to Panda Security programs. |
| Panda AdminSecure Scheduler (PavAtScheduler) | L | pavsched.exe | Related to Panda Security programs. |
| Panda anti-virus service | L | pavsrv51.exe | Panda Anti-virus Service |
| Panda anti-virus service (PAVSRV) | L | pavsrv50.exe | Related to Panda Security programs. |
| Panda Antispam Engine (pmshellsrv) | L | pskmssvc.exe | Related to Panda Platinum 2006 Internet Security. |
| Panda Antispam Server Service | L | PaSSrv.exe | Related to Panda Protection Software. |
| Panda Antivirus Report Service (PavReport) | L | PavReport.exe | Related to Panda Security programs. |
| Panda Firewall | L | PavFires.exe | Panda Firewall Service |
| Panda Firewall Service | L | PavFires.exe | Related to Panda Firewall |
| Panda Function Service | L | PavFnSvr.exe | RElated to Panda Antovirus software |
| Panda Function Service (PAVFNSVR) | L | PavFnSvr.exe | Related to Panda Security programs. |
| Panda Host Service (PSHost) | L | PSHOST.EXE | Related to Panda_Host_service Antivirus and Firewall. Note: Located in c:\program files\panda software\panda antivirus firewall 2007\firewall\ |
| Panda IManager Service | L | PsImSvc.exe | Related to Panda Titanium Antivirus |
| Panda Network Manager (PNMSRV) | L | PNMSRV.EXE | Related to Panda Firewall. |
| Panda NetworkSecure Service (CPntSrv) | L | CPntSrv.exe | Related to Panda Security programs. |
| Panda Pavkre | L | Pavkre.exe | Related to Panda Titanium Antivirus |
| Panda PavProt | L | PavProt.exe | Related to Panda Titanium Antivirus |
| Panda Preventium+ Service | L | prevsrv.exe | Related to Panda Titanium Antivirus |
| Panda Process Protection Service | L | pavprsrv.exe | Related to Panda Software |
| Panda Software Controller | L | PSCTRLS.EXE | Related to Panda Security programs. |
| Panda TPSrv (TPSrv) | L | TPSrv.exe | Related to Panda Platinum 2006 Internet Security and Panda Titanium 2006 Antivirus Antispyware. |
| Pantech Utility Service | L | PWIUtilityService.exe | Related to Pantech_Utility_Service Note: Located in C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\ |
| Pantech&Curitel Utility Service | L | PnCUtilityService.exe | Related to Sprint Internet Service Provider. |
| PatchLink Update | L | GRAVITIXSERVICE.exe | Patchlink_Update by Patchlink Corporation |
| PATROL for Windows Operating System Monitor (PWKNTMon) | L | pwkntmon.exe | Related BMC Software, Inc. - http://www.bmc.com/ |
| PatrolAgent | L | PatrolAgent.exe | Related BMC Software, Inc. - http://www.bmc.com/ |
| Patrol_Scheduler | L | Patrol_Scheduler.exe | Related BMC Software, Inc. - http://www.bmc.com/ |
| PC Angel (PCA) | L | PCAngel.exe | Related to PC_Angel PC Angel recovery program from SoftThinks. Note: Located in C:\WINDOWS\SMINST\ |
| PC Tools AntiVirus Engine (PCTAVSvc) | L | PCTAVSvc.exe | Part of PC Tools antivirus |
| PC Tools Spyware Doctor | L | sdhelp.exe | Related to PC Tools' Spyware_Doctor |
| PC-cillin PersonalFirewall | L | PCCPFW.exe | Related to Trend Micro Inc. Firewall |
| pcAnywhere Host Service | L | awhost32.exe | Part of Symantec's pcAnywhere remote PC management software. |
| PCHost | L | pchost.exe | Related to PCHost |
| PCI Adapter (PCIDown) | X | alg.exe | Troj/Maran-AF Note: Located in %windir% |
| pcryptv3X | X | pcryptv3.exe | Added by the W32/Tilebot-AS TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| PCS Business Connection Personal Edition Service | L | ConnectionService.exe | Related to sprint.com ISP |
| PDAgent | L | PDAgent.exe | Part of PerfectDisk |
| PDEngine | L | PDEngine.exe | Raxco PerfectDisk |
| PDFCreatorMessages | L | PDFCreatorMessages.exe | Related to Global_Graphics_Software Ltd. Document and Print Solutions. |
| PDScheduler | L | PDSched.exe | Raxco PerfectDisk |
| PE Sytray Manager | X | ssmc.exe | Added by the Backdoor.SdBot.avk as detected by ewido. More here |
| PER Antivirus (pav_service) | L | PERVAC.EXE | Antivirus software from PER Systems. http://www.perantivirus.com/antivir.htm |
| PER Antivirus Security Service (pav_security) | L | PAVSS.EXE | Antivirus software from PER Systems. http://www.perantivirus.com/antivir.htm |
| Performance Logs (Perfhmon) | X | Perfhmon.exe | Added by the W32/Codbot-W WORM! |
Performance Monitor Command Line Shell (Performance Monitor) | X | perfmon.exe | Detected as IRC/BackDoor.SdBot3.BFO by AVG |
| Performance True Type Fonts (PerfFont) | X | perfont.exe | Identified as Trojan-Downloader.Win32.Agent.acv by ewido security suite. |
| Persits Software EmailAgent | L | EmailAgent.exe | Related to AspEmail from Persits Software, Inc. A free active server component that enables your ASP application to send email messages via any external SMTP server. |
Personal Secure Drive Service (PersonalSecureDriveService) | L | PSDsrvc.EXE | Related to Personal_Secure_Drive_Service, http://www.infineon.com/ Service from Infineon Technologies. Note: Located in C:\Program Files\Infineon\Security Platform Software\ |
| Pervasive.SQL 2000 (relational) | L | W3SQLMGR.EXE | Pervasive SQL Server |
| Pervasive.SQL 2000 (transactional) | L | NTBTRV.EXE | Pervasive SQL Server |
| PestPatrol Remote | L | ppRemoteService.exe | Related to PestPatrol products from Computer Associates International, Inc. |
| PEX | X | pex.sys | Added by the Troj/RKFu-A TROJAN! Read the link, rootkit type stealth involved. |
| PGPsdkService | L | PGPsdkServ.exe | PGP Software |
| PGPserv | L | PGPserv.exe | Related PGP Corp. http://www.pgp.com/ |
| PHAROS Distribution Agent (PSDistributionAgent) | L | DistAgnt.exe | Related to Pharos_Science_ & Applications, Inc. Pharos develops advanced GPS navigation and mobile location-based services. Note: located in C:\PROGRAM FILE\PHAROS\bin\ |
| Pharos Systems ComTaskMaster | L | CTskMstr.exe | Related to Pharos_Systems print asset management. Note: Located in C:\PROGRAM FILES\Pharos\bin\ |
| Phoenix VCD Service (PhnxVCDService) | L | PhnxCDSvr.exe | Related to Phoenix_Technologies |
| Photoshop Elements Device Connect | L | PhotoshopElementsDeviceConnect.exe | Related to Adobe photoshop. |
| PI Message Subsystem (pimsgss) | L | pimsgss.exe | Related to OSI_Software Real-time Performance Management (RtPM) Platform. Note: located in C:\Program Files\PIPC\BIN\ |
| PI Network Manager (pinetmgr) | L | pinetmgr.exe | Related to OSI_Software Real-time Performance Management (RtPM) Platform. Note: located in C:\Program Files\PIPC\BIN\ |
| PI-Buffer Server (bufserv) | L | bufserv.exe | Related to OSI_Software Real-time Performance Management (RtPM) Platform. Note: located in C:\Program Files\PIPC\BIN\ |
| PictureTaker | L | PCTKRNT.SYS | LANovation's PictureTaker Enterprise Edition 3.1 lets administrators create software update packages and deploy them to network PCs through a third-party network management suite |
| Pigeon (PigeonServer) | X | GServer2.exe | Added by the Troj/GrayBrd-AK TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. |
| Pigeon_Server (PigeonServer) | X | Server.exe | Added by the Backdoor.Graybird.R TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
Pinnacle Systems Media Service (PinnacleSys.MediaServer) | L | pmshost.exe | Related to Pinnacle_Systems Inc. |
| Pinnacle Systems tvtv Spooler (EpgSpooler) | L | epgspo~2.exe | Related to Pinnacle Studio Plus. |
| PIPC Log Server (pilogsrv) | L | pilogsrv.exe | Related to OSI_Software Real-time Performance Management (RtPM) Platform. Note: located in C:\Program Files\PIPC\BIN\ |
| Pixar Alfred Server 11.5.3 | L | alfserver.exe | Related to Pixar_Alfred_Server Server includes all the tools required for rendering images for film and video productions. Note: Located in C:\Program Files\Pixar\RenderManProServer-11.5.3\bin\ |
| PixelModule (pxlmdl) | X | nvidcgui.exe | Added by the W32/Tilebot-GS WORM! Read the link, rootkit type stealth involved. |
| PLFlash DeviceIoControl Service | L | IoctlSvc.exe | Related to PLFlash_DeviceIoControl Service from Prolific Technology Inc. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| PLSRemote Service (PLSRemoteSvc) | O | PLSRemote.exe | RISKWARE! or potentially unwanted application. This application may have been installed by your system administrator for providing support for your machine. However this application has been used by several trojan authors and included in other trojans for malicious purposes. For more information CLICK_HERE |
| Plug and Play | L | services.exe | Spanish Windows 2000 Plug and Play |
| Plug and Play Device Host (Universal Plug and Play) | X | WeRecl.exe | Added by Worm_Ircbot_Gen WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Plug and Play Device Manager ($sys$DRMServer) | X | $sys$DRMServer.exe | This is the Sony-BMG ROOTKIT! Do not try to manually remove this! For more information check Mark Russinovich's Blog_Here or Google Sony Rootkit. |
| plugin | X | PLUGIN.EXE | Added by the SDBOT.BUH WORM! Read the link, rootkit type stealth involved. |
| PMJ151 AutoLaunch Service (PMJ151LA) | L | PMJ151LA.BIN | Related to Panasonic_DVC_Web_Camera Note: Located in C:\%WINDIR%\ |
| pml | L | | |
| pml | L | | |
| Pml Driver | L | HPHipm09.exe | Related to HP printers |
| Pml Driver HPH11 | L | HPHipm11.exe | HP PML Driver for HP.s Photosmart printers. |
| Pml Driver HPZ12 | L | HPZipm12.exe | Related to HP printers. |
| pmldriver hpz12 | L | | |
| PMounter | L | PMounter.exe | Partition Mounter task installed with the Paragon Hard Disk Manager software. (answers that work) |
| PMSveH | L | PMSveH.exe | Related to Lenovo part or IBM ThinkVantage, Note: Located in C:\WINDOWS\system32\ |
| PnkBstrA | L | PnkBstrA.exe | Related to PunkBuster from Even Balance, Inc. Service that look for cheats while users are playing on PunkBuster enabled servers. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| PnkBstrB | L | PnkBstrB.exe | Related to PunkBuster from Even Balance, Inc. Service that look for cheats while users are playing on PunkBuster enabled servers. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| pnpext | X | wmc.exe | Added by the Troj/LeechPie-D TROJAN! Note: The file wmc.exe is a legitimate remote administration tool, but in this case is being used by the trojan. |
| Policy Agent | X | svchost.exe -k Policy Agent | Added by the Fuwudoor TROJAN! |
| Pop-Up Stopper Anti-Spyware Service (PWISVC) | L | PWISVC.EXE | Related to Pop-Up_Stopper_Anti-Spyware from Panicware. Note: Located in C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\ |
| Portrait Displays Display Tune Service (DTSRVC) | L | dtsrvc.exe | Related to MagicTune by SAMSUNG. |
| PostgreSQL Database Server 8.0 (pgsql-8.0) | L | pg_ctl.exe | Related to PostgreSQL open source database. |
| Power Adapter (ADIDown) | X | svchost.exe | Troj/Maran-AB Read the link, steals information |
| Power Manager (PowerManager) | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| PowerAlert UPS Engine | L | paserver.exe | Related to IBM Power Management utililty. |
| PowerPanel Personal Edition Service (ppped) | L | ppped.exe | Related to CyberPower dependable line of uninterruptible power supplies. Note: Located in C:\Program Files\CyberPower PowerPanel Personal Edition\ |
| PowerUtility TV Recording Reservation (PUSCSRVC) | L | PUSCSRVCBas.exe | Related to FUJITSU LIMITED |
| PPPoE Service | L | pppoeservice.exe | Related to the Internet Provider High Speed Services (ISP) |
| prairieFyre Application Updater Service | L | UpdaterService.exe | Related to Application_ Updater Service from prairieFyre Software Inc, Note: Located in C:\Program Files\prairieFyre Software Inc\6100CCS\6110\Application Updater Service\ |
| PreEmpt (qfcoresvc) | L | loadsvc.exe | Related to preEmpt Active System Hardening. Made by PivX Solutions, Inc. This file should be found in the Program Files\PivX\PreEmpt folder. |
| Prevx Agent (PREVXAgent) | L | PXAgent.exe | Related to Prevx Ltd. Antivirus and software protection. |
| Prime95 Service | L | PRIME95.EXE | Help Universities to find Prime_Numbers The user should decide it's participation. |
| Print Client Share (PrntCSh) | X | psmcsh.exe | Listed as w32 IRC-Bot gen by PrevX here |
| Print Spool Handler (Print Spooler) | X | spooler.exe | Added by the W32/Codbot-X WORM! Note: This worm file is found in the System32 folder. |
| Print Spooler (Spooler) | L | spoolsv.exe | Used for Fax and Printing. Unknown owner :Location: C:\WINDOWS\system32\spoolsv.exe |
| Print Spooler Manager (prntspman) | X | spoolsvr.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Print Spooler Service (SpoolSvc201) | X | sklrr7yvxzac.exe | Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx |
| Print Spooler Service (SpoolSvc203) | X | cjnr4r4ngyrk.exe | Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx |
| Print Spooler Service (SpoolSvc204) | X | nlkfev7exne.exe | Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx |
| Print Spooler Service (SpoolSvc205) | X | mlsdf8h8183934.exe | Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx |
| Print Spooler Service (SpoolSvc206) | X | mlsdf8hiloswaejo.exe | Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx |
| Print Spooler Service (SpoolSvc207) | X | sklrr7y7497903.exe | Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx |
| Print Spooler Service (uuiy84eiye0iuo) | X | rsbmsc.exe | Listed as Win32.Malware.gen by Prevx here |
| Printer Spooler (printspool) | X | spooler32.exe | Added by the W32/Sharp-L WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| PrismXL | L | PRISMXL.SYS | Lanovation Prism Deploy package http://www.lanovation.com/ |
| PrismXL | L | PRISMXL.SYS | The PrismXL service lets the Client deploy Tasks on a target computer regardless of the current user.s permissions. |
| PrivacyView Service (PVService) | L | PVService.exe | Related to Privacy_View software, encrypts files, folders and Internet files. File is normally located in the Program Files\File System Information\SystemFolder folder. |
| Private Folder Service (prfldsvc) | L | PrfldSvc.exe | Private Folder 1.0 was released by Microsoft on the 6th July but Microsoft officially withdrew its support of Private Folder and removed it from their website 10 days later due to negative feedback. More The program can still be downloade from third party sites. Note: Located in C:\Program Files\Microsoft Private Folder 1.0\ |
| Privilege Win32 Server | L | PLServ.exe | Related to Aladdin Knowledge Systems. Located in the Windows or Winnt\System32 folder. |
| Procedure Distribution Service | X | prsvr.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Process Activity Monitor (paamsrv) | L | paamsrv.exe | Activity Monitor belonging to the Privacy Expert Suite Software from Acronis. |
| Process Manager | L | process_manager_nt.exe | Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Note: Located in C:\Program Files\Common Files\Earthworks |
| Process Task Manager | X | svhost.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| ProcessEnumerator32 (pe32) | X | fi49.exe | Added by the W32/Sdbot-ACN WORM! Read the link, rootkit type stealth involved. |
| ProductivIT Service | L | TEKS_Service.exe | Related to DynTeck Inc. |
| Proficy HMI/SCADA iFIX server (FIX) | L | fixsrv.exe | Related to Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\Program Files\GE Fanuc\Proficy iFIX\ |
| Proficy Licensing (CCFLIC0) | L | CCFLIC0.exe | Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\ |
| Programador de tareas | L | MSTask.exe | Spanish Windows 2000 task scheduler |
| ProgramCheckerPro (sassvc) | L | sassvc.exe | Related to ProgramChecker Tool to analyze, validate, authenticate and research the programs that run on their PCs. |
| Prolific HotFix Q0306270 | L | HotFixQ0306270.exe | HotFix Q0306270 Prolific Technology Inc. USB Flash Disk |
| Promise Array Message Server (RAIDmSvr) | L | MsgSvr.exe | Related Promise Technology, Inc. RAID Message Server |
| Promise FastTrak Log Service (FastTrakSvc) | L | FtrakSvc.exe | Reported as a RAID driver program by Promise_Technology_Inc |
| Promise RAID message agent (RAIDmAgt) | L | MsgAgt.exe | Promise RAID Message Agent for Promise RAID Disk Controllers |
| Protected Exchange (MainService) | X | loadsvc.exe | Added by the Troj/Urbin-C TROJAN! |
| ProtectedStorage | X | svchost.exe -k ProtectedStorage | Added by the Fuwudoor TROJAN! |
| ProtectionService | L | ProtectionService.exe | Related to EarthLink's protection centre |
| Protector Plus Anti-virus Monitor Service | L | PPAVMon.exe | Related to Proland Software. - http://www.pspl.com/ |
| Protector Plus Service | L | PPServ.exe | Related to Proland Software. - http://www.pspl.com/ |
| Protector Suite Virtual Token | L | vtserver.exe | Related to UPEK biometric protector suite |
| ProtexisLicensing | L | PSIService.exe | Added by the Protexis Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Protocol_Catalog9 | X | rsvp32_2.dll | Win32/Zhelatin.worm.96845 |
| Proveedor de asistencia de seguridad LM de Windows NT | L | lsass.exe | Spanish Windows 2000 NT LM security support provider |
| Provides three management service (FreeBSD) | L | dev32.exe | FreeBSD is an advanced operating system for x86 compatible. It is derived from BSD, the version of UNIX® developed at the University of California, Berkeley. - http://www.freebsd.org/ |
| ProxyServer Service (ProxyServerService) | L | rtpxsr.exe | Related to IBM Rational Software Development Platform |
PRTG 4 Service - Paessler Router Traffic Grapher (PRTG4Service) | L | prtg4.exe | Related to Paessler Router Traffic Grapher - http://www.paessler.com/ |
| PTBSync | L | PTBSync.exe | Program features a atom time adjusted clock, shows day and date in the taskbar and has a calendar function Note: Located in C:\Program Files\PTBSync |
| ptssvc - KODAK | L | ptssvc.exe | installed alongside the drivers for Kodak's range of digital cameras |
| Pure Networks Net2Go Service (nmraapache) | L | nmraapache.exe | Related to Pure_Networks_Net2Go Service from Pure Networks, Inc. Note: Located in C:\Program Files\Pure Networks\Network Magic\WebServer\bin\ |
| Pure Networks Network Magic Service (nmservice) | L | nmsrvc.exe | Related to Network_Magic home network managing program. Made by Pure Networks, Inc. |
| Pure Networks Router Manager (pnrouter) | L | pnroutsv.exe | Related to Network_Magic home network managing program. Made by Pure Networks, Inc. |
| PurgeIE XP Service (PurgeIEservice) | L | PurgeIE_Service.exe | Related to Assistance_&_Resources for Computing, Inc. PurgeFox is a utility program specifically designed for users of the popular FireFox browser for removing the surfing tracks retained by FireFox. |
| PurgPro XP Service | L | PurgPro_Service.exe | PurgeIE service |
| Qbik WinGate Engine | L | WinGate.exe | WinGate is a proxy/firewall solution |
| QBPOS Database Extended Manager (QBPOSDBExtServices) | L | QBPOSDBServiceEx.exe | Related to QBPOS_Database_Extended_Manager Installed with Intuit QuickBooks Point Of Sale software. Note: Located in C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\ |
| QBPOS Database Manager (QBPOSDBServices) | L | QBPOSDBService.exe | Related to QuickBook_Point_Of_Sale from Intuit. Note: Located in C: Program Files\Common Files\ |
| QBReminderFlash | L | QBReminder.exe | Related to Intuit_QuickBooks application. |
| QCONSVC | L | QCONSVC.exe | " IBM Access Connection Manager. Runs as a service. If you don't use the program, change the service to manual, or disable if you desire. You can also uninstall the program completely." |
| QCU | ? | QCU.exe | Unidentified malware. Resides in a temp folder |
| QoS RSVP accdes service (Qor) | X | ftplanServer.exe | Added by the Troj/Feutel-U TROJAN! |
| QoS Service (BRGNS) | X | smtpconfs.dll | Troj/QQHelp-DY |
| qq | X | qq.exe | Troj/Hupigon-CI Note: Located in %windir% Read the link, allows remote access |
| qtask (qtask.exe) | X | qtask.exe | Added by the SDBOT.CQX WORM! Read the link, rootkit type stealth involved. |
| Quick Heal Firewall Service (QuickHealFirewall) | L | qhfw.exe | Related to Quick_Heal_Firewall Firewall Service. Note: Located in %\Program Files%\Cat Computer\\Quick Heal Firewall Pro\ |
| Quick Heal Helper Service WSC (qhwscsvc) | L | qhwscsvc.exe | Quick_Heal Next Generation anti-virus protection for your PC. |
| Quick Heal Helper Service WSC (ScanWscS) | L | scanwscs.exe | Related to AntiVirus_Quick Heal Virus protection. Note: located in C:\Program Files\QUICKH~1\ |
| Quick Heal Mail Protection | L | EMLPROXY.EXE | Related to AntiVirus_Quick_Heal Email Protection. Note: Located in %\Program Files%\Cat Computer\Quick Heal\ |
| Quick Heal Online Protection | L | QHONSVC.EXE | Quick_Heal Next Generation anti-virus protection for your PC. |
QuickBooks Database Manager Service (QBCFMonitorService) | L | QBCFMonitorService.exe | Part of Intuit QuickBooks software |
QuickBooks Online Backup Launcher (QuickBooks Online BackupLauncher) | L | OLlaunch.exe | Related to Intuit Inc. QuickBook - http://www.intuit.com/ |
| QuickBooks Online Backup RegCap (OLRegCap) | L | OLRegCap.EXE | Related to Intuit Inc. QuickBook - http://www.intuit.com/ |
| QuickBooksDB | L | QBDBMgrN.exe | Related to QuickBooks_Database from Intuit, Inc. Note: Located in C:\Program Files\Intuit\QUICKB~1\ |
| Qwik-Fix (qfcoresvc) | L | qfloadsvc.exe | Related to preEmpt Active System Hardening. Made by PivX Solutions, Inc. This file should be found in the Program Files\PivX\PreEmpt folder. |
| R2d2 Kernel Authority | L | KAuthS.exe | Related to R2D2 Software, a Windows service that manages desktops and programs. Without it, no desktops, no virtual screen, no remote access, no user impersonation, ... If you stop this service, all desktops (except the default one) are destroyed. Virtual Desktop Toolbox is no more than a client application of R2d2 Kernel Authority |
| RA Server | X | Slave.exe | Backdoor.RA virus http://www.avp.ch/avpve/trojan/backdoor/ra.stm Better alternatives are PC Anywhere or VNC |
| RA Server (Slave) | L | Slave.exe | Related to RA_Server from TWD Industries. allows remote desktop administration over a TCP/IP network. Note: Located in C:\%WINDIR%\ |
| Rabo Comm Server | L | RaboCommSrv.exe | Related to the Rabobank, telebanking (Netherlands) |
| Radan Licence Server | L | radlicence2.exe | Radan Sheet Metal CADCAM Software |
| RadClock | L | RadClock.exe | ATI/Radeon Video Card Setting Tweaking Utility |
| Radialpoint Service | L | fws.exe | Related to RadialPoint |
| RadioSvr | L | RadioSvr.exe | HP support for managing wireless devices |
| raid (raid) | X | raid.sys | Added by the Troj/NtRootK-O TROJAN! Read the link, rootkit type stealth involved. |
| RapApp | L | rapapp.exe | Black Ice Firewall related |
| RasAt (Remote Connection) | X | svchost.exe | Added by the Troj/Singu-AF TROJAN! |
| Rational ClearQuest Mail Service | L | mailservice.exe | Related to IBM_Rational_ClearQuest |
| Rational Cred Manager (cccredmgr) | L | cccredmgr.exe | Related to IBM_Rational_ClearCase |
| Rational Lock Manager (LockMgr) | L | lockmgr.exe | Related to IBM_Rational_ClearCase |
| Rational Test Agent Service | L | rtpsvc.exe | Related to IBM_Rational_Software Development Platform |
| RaySat_3dsmax8 Server (mi-raysat_3dsmax8) | L | raysat_3dsmax8server.exe | Related to Autodesk® _3ds_Max |
| RdnaoFlSvc | L | naofsvc.exe | Related to Naomi an advanced internet filtering program. |
| rdriv (rdriv) | X | rdriv.sys | Added by the Troj/Rootkit-W TROJAN! Read the link, rootkit type stealth involved. |
| Realplus (Realplus) | X | sserver.exe | Added by the Troj/Paltus-A TROJAN! Note: This trojan file is found in the System32 folder. |
| Reflection Line Printer Daemon | L | lpdserv.exe | Related to http://www.wrq.com/ |
| Reflection Servers | L | rninetd.exe | Related to http://www.wrq.com/ |
| Reflection TimeSync | L | rtsserv.exe | Related to WRQ, Inc. http://www.wrq.com/products/reflection/ |
| regdefend | L | regdefend.sys | See Ghostsecurity Location: C:\Program Files\RegDefend\regdefend.sys |
| Regedits Helpers (Windows Regedits Help) | X | iesetup.exe | Troj/Hupigon-KX Note: Located in %windir%\help |
| Regedits Helps (Windows Regedit Helps) | X | iesetup.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\iis] (Win9x/Me), C:\%WINDIR%\System32\iis\ (XP/WinNT/2K) More here |
| Register DLL Driver | X | regdll.exe | Added by the W32/Sdbot-CXB WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Registration Host (reghost) | X | reghost.exe | Added by the W32/Rbot-GKS WORM! Note: This worm is located in C:\Program Files\Common Files\System\ |
| Registro de sucesos | L | services.exe | Spanish Windows 2000 event logger |
| Registros y alertas de rendimiento | L | smlogsvc.exe | Spanish Windows 2000 performance logs and alerts |
| Registry Editor (Regedit) | X | regedit.exe | Added by the W32/Codbot-U TROJAN! Note: This is not the regedit application that comes with Windows. (Which is located in the Windows folder) This trojan file is located in the System or System32 folder. |
| Registry Management Service (RegManServ) | L | RegManServ.exe | Related to Complete_PC_Care from WinCleaner. Note: Located in C:\Program Files\Advanced Registry Doctor\ |
| Registry Manager Service (MS Registry Service) | X | MSRMS32.exe | Added by the W32/Rbot-AKP WORM! |
| RegService | L | RegService.exe | Related to Intel Corp. http://www.intel.com/network/connectivity/trans/xircom.htm |
| RegSrvc | L | RegSrvc.exe | Intel PROset |
| regstrmon | X | regstrmon.exe | AddeD by the WORM_RBOT.ADA WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| remon (remon) | X | remon.sys | Added by the Troj/RKFu-A TROJAN! Read the link, rootkit type stealth involved. |
| Remote Acces (WindowsDown) | X | servet.exe | Troj/Dloadr-AYT |
| Remote Access Controller 4 (RAC) (racsvc) | L | racsvc.exe | Related to Dell Open Manage NT Utilities program that allows remote access and control of a computer. This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed. |
| Remote Administrator Service | L | r_server.exe | part of a remote administrator application that allows a user to work on one or more remote computers.. Famatech |
| Remote Administrator Service (r_server) | X | systemram.exe | Added by the Troj/Radnag-B Trojan! |
| Remote Administrator Service (r_server) | X | r_server.exe | Added by the Troj/Remadm-J TROJAN! Note: This trojan file is found in Program Files\real\RealOne Player\lang folder. |
| Remote Desktop Help Session Manager (RDSessMgr) | L | sessmgr.exe | This service manages and controls Remote Assistance |
| Remote HID Service | O | lvhidsvc.exe | Remote access service by Philips Inc. Legitimate, but remote access could be considered dangerous unless monitored carefully. |
| Remote management (Novell WUser Agent) | L | wuser32.exe | Related to Novel, Inc. |
| Remote Map Manager | X | lssc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Media Player | X | lsscs.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Packet Capture Protocol v.0 (experimental) | L | rpcapd.exe | Related to Winpcap (Windows Packet Capture Library) |
| Remote Print Spooler (RPSGV) | X | gcsvc.exe | Added by a variant of the Win32.SdBot.aad a TROJAN! identified by F-Secure. Note: This trojan is located in C:\%WINDIR%\ |
| Remote Procadure Call (RPC) (RpeSs) | X | svchost.exe | Troj/Hupigo-UN Read the link, steals information Note: Located in %windir% |
| Remote Procedure Call (RPC) Client (RpcClient) | X | rpcclient.exe | Added by the W32/Codbot-L WORM! |
| Remote Procedure Call (RPC) Helper | X | random | CoolWebSearch malware |
| Remote Procedure Call (RPC) Locator (Locator) | X | rpclocator.exe | Added by the W32/Codbot-Q WORM! |
| Remote Procedure Call (RPC) Monitoring (Rpcmon) | X | Rpcmon.exe | Added by the W32/Codbot-T WORM! |
| Remote Procedure Call (RPC) Net (Rpcnet) | L | Rpcnet.exe | Related to Laptop_Retriever |
| Remote Procedure Call (RPC) Relocator (RpcRelocator) | X | relocater.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Remote Procedure Call (RPC) Remote (RpcRemotes) | X | remote.exe | Added by the W32/Mytob-EW WORM! or Troj/Agent-FB TROJAN! Note: This worm\trojan file is found in the System32 folder. |
| Remote Procedure Call (RPC) Service (RpcSssvc) | X | RpcSs.exe | Added by the W32/Cuebot-J WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: The file RpcSs.exe is also a good Microsoft file. Before deleting check the propriatiry of the file. |
| Remote Procedure Call (RPC) Subsystem (RPCS) | X | rpcss.exe | W32/Tilebot-JF Read the link, allows remote access |
| Remote Procedure Call System(RPCS) (RpcS) | X | Rpcs.exe | Added by the Troj/QQRob-ABS TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Remote Procedure Call System(RPCS) (RpcSe) | X | Rpcse.exe | Added by the Troj/Mdrop-BMK TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Procedure Call System(RPCSss) (RpcSss) | X | RpcSss.exe | Added by the Troj/QQRob-ACI TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Procedure Call System(RPCSU) (RpcSu) | X | Rpcsu.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Remote Procedure Call System(RPCSx) (RpcSx) | X | Rpcsx.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Remote Reader Machine | X | ssmc.exe | Added by the Backdoor.SdBot.avk as detected by ewido. More here |
| Remote Record Service (RemoteRecord) | L | remoterecordclient.exe | Related to MSN_TV Note: Located in c:\program files\microsoft corporation\msn remote record service\ |
| Remote Services Manager (RSMSS) | X | (Trojan file name) | Added by the Troj/Bckdr-BBK TROJAN! |
| Remote Solver for COSMOSFloWorks 2006 | L | StandAloneSlv.exe | Related to COSMOS_FloWorks From COSMOS. CAD program. Note: Located in C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\ |
| Remote Storage (Rmtstrg) | X | taskmgr.exe | Added by the Troj/Spy-UN TOJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K) Read the link, monitors websites visited and report them to a remote site |
| Remote Storage (RS) (Rmtstrg2) | X | taskmgr.exe | Added by a varian the Troj/Spy-UN TOJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K) Read the link, monitors websites visited and report them to a remote site |
| Remote Task Manager service (RTM) | L | RTMService.exe | Related to Remote_Task_Manager remote control suite. Note: Located in C:\Program Files\Remote Task Manager\ |
| Remote TCP Services | X | vcmon.exe | Added by the W32/Tilebot-HX WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) disabling the automatic startup of other software. |
| Remote Terminal (RemoteTerminal) | X | mscp.exe | Added by the Backdoor.Win32.SdBot.aad TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Transfer Manager | X | svshost.exe | W32/Rbot-GQR Read the link, allows remote access |
| Remote Windows Services | X | vcmon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remotely Possible/32 (RP32Service) | L | rp32serv.exe | Related to Avalan now owned by Computer Associates International, Inc. http://ca.com/products/ |
| RemotelyAnywhere | L | RemotelyAnywhere.exe | Related to RemotelyAnywhere Made by 3am Labs Inc. This file should be found in the Program Files\RemotelyAnywhere folder. |
| RemotelyAnywhere Maintenance Service (RAMaint) | L | RaMaint.exe | Related to RemotelyAnywhere Made by 3am Labs Inc. This file should be found in the Program Files\RemotelyAnywhere folder. |
| RemoteRegBck | X | regsvc.exe | Added by Backdoor.Win32.SdBot.aad as identified by Kaspersky. TROJAN! Note: located in C:\WINDOWS\. Not to be confused with the Original Microsoft file in C:\WINDOWS\system32\ |
| Removale Sorage (RemovaleSorage) | X | G_Server.exe | Added by the Troj/Feutel-AT TROJAN! Note: This trojan file is found in the System32 folder. |
| Required Service Drivers | X | micront.exe | Added by the W32/Rbot-ABD WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) terminate threads and processes read the information |
| Reset 5 | O | srvany.exe | Unknown owner: Location C:\Windows\System32\srvany.exe In this case srvany.exe is loading resetservice.exe as a service. May be found in the company of O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll Windows XP Product Activation Bypass So as to avoid the registration process on boot-up. Typically used on a pirated Operating System. |
| Resource Manager Mail (ResourceManagerMail) | L | MailService.exe | Related to Citrix Systems, Inc. |
| restore (restore) | X | restore.exe | Added by the SDBOT.CFD WORM! Read the link, rootkit type stealth involved. |
| Retrospect Helper | L | rthlpsvc.exe | Related to Dantz Development Corporation |
| Retrospect Launcher | L | retrorun.exe | Related to Dantz Development Corporation |
| Retrospect WD Service | L | wdsvc.exe | Related to Dantz Development Corporation |
| Reuters XMS Sync (RXMSSync) | L | rxmssync.exe | Related to Reuters_XMS_Sync routers. Note: Located in http://www.routers.com/ |
| RevUDFService | L | RevUDF.exe | Related to Iomega_Corp provider of a number of backup data solutions |
| Rio MSC Manager | L | RioMSC.exe | Related to Digital Networks North America. |
| Rll enhanced drive (mfm) | X | msrll.exe | Added by the Troj/Jtram-E TROJAN! Note: This trojan file is found in the System32\mfm folder. |
| RoamMgr | L | RoamMgr.exe | Intel PROset |
| Rockwell Application Services (RsvcHost) | L | RsvcHost.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell Directory Multiplexer (RNADirMultiplexor) | L | RNADirMultiplexor.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell Directory Server (RNADirectory) | L | RnaDirServer.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell Event Multiplexer (EventClientMultiplexer) | L | EventClientMultiplexer.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell HMI Activity Logger | L | RsActivityLogServ.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell HMI Diagnostics | L | HMIDIAGNOSTICSLSTADAPT.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell Tag Server | L | TagSrv.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| rofl (rofl) | X | rofl.sys | Added by the Troj/RKPort-Fam TROJAN! This is a rootkit! |
| Roger Wilco Base Station | L | rwbs.exe | Related to IGN_Entertainment Inc. Required to operate the Wilco Base Station. |
| RollbackClientService | L | RollbackClnt.exe | Horizon DataSys Rollback Rx |
| Roxio Hard Drive Watcher | L | RoxWatch.exe | Related to Roxio_Inc |
| Roxio Hard Drive Watcher 9 (RoxWatch9) | L | RoxWatch9.exe | Related to Roxio_Inc |
| Roxio UPnP Renderer 9 | L | RoxioUPnPRenderer9.exe | Related to Roxio_Inc |
| Roxio Upnp Server 9 | L | RoxioUpnpService9.exe | Related to Roxio_Inc |
| RoxMediaDB | L | RoxMediaDB.exe | Related to Roxio_Inc |
| RoxMediaDB9 | L | RoxMediaDB9.exe | Related to Roxio_Inc |
| RoxUpnpRenderer | L | RoxUpnpRenderer.exe | Related to Roxio_Inc |
| RoxUpnpServer | L | RoxUpnpServer.exe | Related to Roxio_Inc |
| RPC Debug Control (RPCDB) | X | csts.exe | Added by the Backdoor.Win32.SdBot.aad as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| RPC+ Service Provider (RPCSS+) | X | rpcss_pl.exe | Trojan. - http://www.what-process.com/process-info.aspx?p=rpcss_pl.exe |
| RpcRemotes | X | remote.exe | Added by the W32/Fanbot-J WORM! Note: This worm file is found in the System32 folder. Be sure to check the link on this one. Copies it's self to various folders and file names. |
| RSLinx | L | RSLINX.EXE | Related to Rockwell_Automation Inc. FactoryTalk suite |
| RSLinx Enterprise (RSLinxNG) | L | RSLinxNG.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rtkit | X | Rtkit.exe | Added by the Backdoor.Rtkit TROJAN! Read the link, rootkit type stealth involved. |
| rudll | X | rudll.exe | Troj/Hupigon-CF Note: Located in %windir% Read the link, allows remote access |
| Run RunOnce | L | ShipUPS.EXE, RunOnce.exe | Related to UPS WorldShip shipping software |
| rundll.exe | X | msn93.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| rundll.exe | X | msngrsm.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| rundll.exe | X | rundll.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| rundll32 (rundll32) | X | rundll32.exe | Added by the Troj/Feutel-Q TROJAN! |
| rundll32.exe | X | lsass.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Runtime | X | runtime.sys | Troj/Agent-ECZ Note: Located in %windir%\system32 |
| Rupsd | L | Rupsd.exe | Related to Mega_System Technologies Inc. |
| Rupsmon | L | RupsMon.exe | Related to Mega System Technologies, Inc. |
| RVS CommCenter (RvsCC) | L | RVSCC.EXE | Legit Fax/Digital Answering Machine/Telephony service. Owner Unknown . Located in C:\Program Files\Teledat\WCOM\SYSTEM\ |
| RVS Installer (RVSINST) | L | RVSINST.EXE | Legit Fax/Digital Answering Machine/Telephony service. Owner: RVS Datentechnik GmbH, München. Located in: C:\Program Files\Teledat\WCOM\SYSTEM\ |
| Rwx (Rwx2005) | X | svhosts.exe | Added by the Troj/Subzero-B Trojan! |
| r_server | X | service.exe | Added by the Troj/Remadm-G TROJAN! Note: This is not the legitimate Windows process services.exe (Notice the difference in the spelling.) This trojan file (service.exe) is also found in the System32 folder. |
| SafeGuard Easy Client (SgeClient) | L | SgeClient.exe | Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\ |
| SafeGuard Easy Workstation Server (WksCfgSrv) | L | WksCfgSrv.exe | Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\ |
| SafeGuard SGLOG Player (SgLogPlayer) | L | SgLogPlayer.exe | Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\WINDOWS\system32\ |
| SafeNet IKE Service (IREIKE) | L | IreIKE.exe | Related to Microsoft Virtual Private Network Client. |
| SafeNet Monitor Service (IPSECMON) | L | IPSecMon.exe | Related to Microsoft Corp. Feature of the Layer Two Tunneling Protocol (L2TP). |
| Samsung Update Plus | L | SLUBackgroundService.exe | Related to Samsung_AV_Station instant Playback of music photos, videos. |
| SAMSvc (Security Account Manager) | X | SAMSvc.exe | Added by the W32/Tilebot-DL, WORM! |
| Sandboxie Service (SandboxU) | L | SandboxieServer.exe | Related to SandBoxie Sand box application. Data may flow from the hard disk into the sandbox. But data never flows back from the sandbox into the hard disk. Note: Located in C:\Program Files\Sandboxie\ |
| Sandra Data Service | L | RpcDataSrv.exe | SiSoftware Sandra Lite 2005 |
| Sandra Service | L | RpcSandraSrv.exe | SiSoftware Sandra Lite 2005 |
| Sansa Updater Service (SansaService) | L | SansaSvr.exe | Related to Sansa_Updater Service from Sandisk. Note: Located in C:\Program Files\SanDisk\Sansa Updater\ |
| SAVRoam | L | SavRoam.exe | Related to Norton/Symantec AntiVirus |
| SAVScan | L | SAVScan.exe | Related to Norton/Symantec AntiVirus. |
| sbchosy.bat | X | sbchosy.bat | Added by the Troj/GrayBir-AA TROJAN! Note: This trojan file is found in the Windows\Program Files or Winnt\Program Files folder. |
| SBHookSvc | L | SBHookSvc.exe | Related to Motive_Communications Broadband service. Note: Located in C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\ |
| SCA (Service Control Application) | X | SYSTEM.EXE | Unknown virus |
| scheduler (schedul3.exe) | X | schedul3.exe | Added by the W32/Rbot-AVX TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| Scheduling Agent (Mstinit) | X | mstinit.exe | Added by the W32/Tilebot-IO WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| schscnt | L | schscnt.exe | Related to Command AntiVirus for Windows Component, made by Command Software Systems, Inc. Which merged with Authentium in 2002. |
| SCNDmem (winlow) | X | winlow.sys | Added by the Troj/Haxdoor-AF TROJAN! |
| ScriptBlocking Service (SBService) | L | SBServ.exe | Related to Norton/Symantec AntiVirus. |
| ScsiAccess | L | ScsiAccess.EXE | Alcohol Software's CD/DVD writing application |
| SCSMS32 (SCSMS) | X | scmsm32.exe | Added by the SDBOT.CCN or SDBOT.CEZ WORM! Read the link, rootkit type stealth involved. |
| SCWatch 4.0 | L | scwatch4.exe | Related to White Canyon - protect against identity theft software. - http://www.whitecanyon.com/index.php |
| SDJB Manager | L | sdjbmgr.exe | Panasonic\SD-JukeboxV3 |
| sdk | X | lsass.exe | W32/Sdbot-DEF Read the link, allows remote access |
| sdktemp | X | Microsoft.exe | Added by the SDBOT.CGM WORM! Read the link, rootkit type stealth involved. |
| sdktemp (sdktemp) | X | SDKTEMP.EXE | Added by the W32/Tilebot-A WORM! Read the link, rootkit type stealth involved. |
| sdktemp (sdktemp) | X | axdcfasb.exe | Added by the W32/Sdbot-AGI WORM! Read the link, rootkit type stealth involved. |
| SDPAUMS server service | L | sdpasvc.exe | Matsushita Electric Industrial Co.,Ltd. |
| SDService | L | SDService.exe | Related to Spyware_Detector from Max Secure. Note: Located in C:\Program Files\SpywareDetector\ |
| Seagate Communication | X | seagatecom.exe | Added by the W32/Spybot-NF WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Seagate Page Server (pageserver) | L | pageserver.exe | Related to Seagate Page Server. Now owned by Business_Objects Note: Located in C:\Program Files\Seagate Software\WCS\ |
| Seagate Web Component Server (WebCompServer) | L | WebCompServer.exe | Related to Seagate Web Component Server. Now owned by Business_Objects Note: Located in C:\Program Files\Seagate Software\WCS\ |
| Search Engine Commando Schedule Service | L | ScheduleService.exe | Related to Search Engine Commando |
| Secondary .NET Framework (SVSNET) | X | svsnet.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Secure Port Server (Server Administrator) | L | omaws32.exe | Related to Dell Open Management system. http://www.what-process.com/process-info.aspx?p=omaws32.exe |
| Secure Socket Layer | X | ssls.exe | Added by the W32/Spybot-NE WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Secure SSL System (Secure) | X | securessl.exe | Added by the Haxdoor.Fam HAXDOOR! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Security Accounts Center (Security Accounts Center) | X | windowo.exe | Added by the Troj/Bckdr-AWQ TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| Security Accounts Manages | X | TIMPlatform.exe | Troj/Delf-EWW |
| Security Agent (scagent) | X | scagent.exe | Added by the Troj/Dload-LV TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Security Logs Service (SLSVS) | X | SM1OGSVC.EXE | Added by the Troj/Tenant-A TROJAN! Note: This trojan file is found in the System32 folder. |
| Security System Manager | X | spoolvc.exe | W32/Sdbot-DCW Read the link, allows remote access |
| Security Task Manager | X | spoolvc.exe | Added by the W32/Tilebot-IX WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) | L | useraccess.exe | Related to Sony DADC Blu-ray Disc is the next generation optical disc format. |
| SecuROM User Access Service | L | UAService7.exe | Used by virtual CD programs like Alcohol to access CD images protected by SecureROM. |
| SentinelProtectionServer | L | spnsrvnt.exe | Related to one of the SafeNet_Inc programs or services. |
| Sentry 2020 | L | SentryService.exe | www.softwinter.com |
| SerDgeonServer (SerDry_igeon_Server) | X | IExplore.exe | Added by the Troj/Feutel-AC TROJAN! Note: This is not the legitimate Windows process IExplore.exe (Which should be found in the Program Files\Internet Explorer folder.) This worm\trojan file (IExplore.exe) is found in the Windows or Winnt folder. |
| Serv-U FTP Server | O | ServUDaemon.exe | Related to Serv-U an FTP Server note Reference: |
| Server 2.0 (Server 2.0) | X | Server.exe | Added by the Troj/GrayBrd-AN TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| Server Advance (ServerAC) | X | Security.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Server Management Service | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| Server Network Debug (SerND) | X | NetDebug.exe | W32/VB-DOS Note: Located in %windir%\system32 |
| Server VSS System | X | sysvrs32.exe | W32/Sdbot-DES Read the link, allows remote access |
| Service | X | Service.exe | Added by the Troj/SrchSpy-A TROJAN! Note: This is not the legitimate Windows process services.exe (Notice the difference in the spelling.) This trojan file (Service.exe) is also found in the System32 folder. Do not confuse the two! |
| Service | X | Service.exe | Added by the Haxdoor.Fam HAXDOOR! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| SERVICE (WINDOWS) | X | spoolsvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Service 8 (Service Filter) | X | smncs.exe | Added by the W32/Tilebot-CK WORM! which attempts to spread to remote network shares and messaging applications |
| Service Cache Terminal (SVCTERM) | X | svscache.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Service Controller (Services) | X | services.exe | W32/Sdbot-DDT Read the link, allows remote access |
| Service Cvasvr (Service Cvas) | X | csvas.exe | Spyware Worm reported as Backdoor.Win32.SdBot.aad by Kaspersky Anti-Virus |
| Service de lancement de WlanCfg (Wlancfg) | L | wlancfg.exe | Driver for wireless router. Owner: Inventel-Found in C:\Program Files\Inventel\Gateway\ |
| Service Hosts (ServiceHost) | X | shost.exe | Added by the W32/Rbot-AXG WORM! Note: This worm file is found in the Windows or Winnt folder. |
| Service Logon Protocol (SVSLOG) | X | svslogon.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Service name: Messenger | X | system32.exe | See Symantec Trojan.Esteems.B Location: C\Windows\system\system32.exe (9X\ME) or C\Windows or Winnt\system32\system32.exe (NT\2000\XP) |
| Service name: Messenger | X | zone-h.ddo.jp.exe -k netsvcs | Trojan.Esteems.C See Symantec Location: C:\Winnt\System32 ( NT/2000), or C:\Windows\System32 (XP). |
| Service name: Messenger | X | 514.exe | Trojan.Esteems.D See Symantec Location C:\Windows\System32 (XP) C:\Winnt\System32 (NT\2000) |
| Service Scheduler | X | scheduler.exe | W32/Agobot-PH See Sophos Unknown owner: Location: C:\WINDOWS\System32\scheduler.exe -service |
| Service Security Manager (scekrnl) | X | scekrnl.exe | Added by the Backdoor.Win32.Agent.alx TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Service1 | L | windowsserviceexample.exe | Related to Microsoft .Net Application. VB.NET_Forums |
| Service32 (Service Sequence) | X | services32.exe | Added by the W32/Tilebot-C WORM! Read the link, rootkit type stealth involved. |
| Service: LicenseManagerReminder | L | LicenseManagerReminder.exe | Related to UIC License Manager a propriatiry Sofstware. Used to activate a software on customer computers for a specified length of time. Note: Located in C:\Program Files\Universal Instruments\License Manager\ |
| Service: Microsoft Net API (NETAPI) | X | ntps.exe | Added by the Backdoor.Win32.SdBot.aad as identified by Kaspersky. TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Service: Network Client (nwclnta) | X | netclna.exe | Troj/Boxed-I. Owner:Unknown. Location: C:\WINDOWS\system32\netclna.exe |
| ServiceLayer | L | ServiceLayer.exe | Related to Nokia Connectivity Library software. Note: located in C:\Program Files\Common Files\PCSuite\Services\ |
| serviceMangr (tcphost.exe) | X | TCPHOST.EXE | Added by the SDBOT.CSG WORM! Read the link, rootkit type stealth involved. |
| services | X | services.exe | W32/Sdbot-CXP Note: Located in %windir% Read the link, allows remote access |
| Services (Ini Service Ku) | X | services.com | Troj/Winlock-C |
| Services an controller-settings | X | services.exe | Added by the W32/Tilebot-HY WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Services Manager (svcmngr) | X | config.exe | Troj/DllLoad-C Read the link, steals information |
| services32 (Content List Management Sub System) | X | services32.exe | Added by the W32/Esbot-B WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. |
| Servicess_Server | X | Servicess.exe | A variant of the Feutel/Hupigon infection. Note: rootkit type stealth involved. |
| Servicio COM de grabaciĂłe CD de IMAPI | L | imapi.exe | Related to recording of CDs. |
| Servicio de alerta | L | services.exe | Spanish Windows 2000 alert service. |
| Servicio de ayuda TCP/IP NetBIOS | L | services.exe | Spanish Windows 2000 Help service TPC/IP NetBIOS |
| Servicio de fax | L | faxsvc.exe | Spanish Windows 2000 fax service |
| Servicio del administrador de discos lĂłos | L | dmadmin.exe | Spanish Windows 2000 logical disk manager administrative service |
| Servicio RunAs | L | services.exe | Spanish Windows 2000 RunAs service |
| Servidor | L | services.exe | Spanish Windows 2000 "server" |
| Servies Unknow Srv | X | 001.exe | Win-Trojan/Downloader.6656.DW |
| Servizio Norton AntiVirus Auto-Protect | L | navapsvc.exe | Related to Norton Antivirus |
| settings | X | SETTINGS.EXE | Added by the SDBOT.CHY WORM! Read the link, rootkit type stealth involved. |
| SF FrontLine Drivers Auto Removal (v1) (sfrem01) | L | sfrem01.exe | Related to SF_FrontLine Drivers Auto Removal from Star-Force. Note: Located in C:\WINDOWS\system32\ |
| SFTRANSFER (SFTRANSFER) | X | (Unknown at this time.) | Added by the Backdoor.Brakkeshell TROJAN! Note: In the Description field under Services it wil show as: Secure file transfer protocol |
| SFUSVC | L | SFUSVC.exe | KYOCERA_MITA Scanner File Utility used with Kyocera Mita scanners/faxes. Note: located in C:\Program Files\Kyocera Mita\FileUtility\ |
| SgeCtl | L | SGECTL.EXE | Utimaco Safewares SAFEGUARD |
| Sharing Messenger Folders Windows XP (SMFWX) | X | bhagent.exe | W32/Sdbot-CZS Note: Located in %windir% Read the link, allows remote access |
| Shavlik HFNetChkPro Service | L | HFNetChkProService.exe | HFNetChkPro distributes Microsoft patches to client machines |
| SHDSERV | L | shdserv.exe | Horizon DataSys Rollback Rx |
| Shiva VPN Client | L | icsrv.exe | Related to Eicon Networks Corporation |
| SHOVE | X | SHOVE.exe | Troj/Agent-EOM |
| SigmaTel Audio Service (STacSV) | L | stacsv.exe | Related to SigmaTel_Audio_Service Part of the C-Major Audio driver. Note: Located in C:\Program Files\SigmaTel\C-Major Audio\WDM\ |
| Sigmatel PassThru (PassThru) | L | passthru.exe | Related to Sigmatel |
| SiS WirelessLan Service (SiSWLSvc) | L | SiSWLSvc.exe | Related to Sis_Wireless_Lan LAN controller |
| Sistema de ayuda de tarjeta inteligente | L | SCardSvr.exe | Spanish Windows 2000 smart card helper |
| SiteAdvisor Service | L | SAService.exe | Related to SiteAdvisor Service from McAfee. Note: Located in C:\Program Files\SiteAdvisor\[4 digits number\ |
| SiteMinder Authentication Service (SmServAuth) | L | Service_AuthSrvr.exe | Related to Cold_Fusion from Macromedia, inc. |
| SiteMinder Authorization Service (SmServAz) | L | Service_AzSrvr.exe | Related to Cold_Fusion from Macromedia, inc. |
| Skype Messenger (Skype) | X | skype32.exe | Added by the W32.Mytob.ML WORM! Note: This worm file is found in the System32 folder. Read the link, rootkit type stealth involved. |
| Sleepy | L | service.exe | Related to Sashazur LLC A utililty to prevents computer use at night. For schools, libraries, businesses etc. |
| SlimServer (slimsvc) | L | slim.exe | Related to SlimServer Note: Located in C:\Program Files\SlimServer\server\ |
| SLMDriver (SLMDriver) | X | slm32.sys | Added by the Troj/Rootkit-AA TROJAN! Note: This trojan file is found in the System32 folder. Read the link, rootkit type stealth involved. |
| SLPMONX | L | slpservice.exe | Related to Seiko Printers. Provides additional configuration options for these devices. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| SMART Board Service | L | SMARTBoardService.exe | Related to SMART Technologies inc. |
| Smart Card Client (SCardClnt) | X | SCardClnt.exe | Added by the W32/Codbot-K WORM! Note: located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (XP/WinNT/2K) |
| Smart Card Helper | X | scardsvr32.exe | Added by the W32.Femot_worm! . NOTE: do not confuse this with the legitimate Smart Card Helper service, which uses the filename SCardSvr.exe! |
| Smart Card Supervisor (mmc) | X | mmc.exe | W32/Dzan-A Read the link, allows remote access |
| SmartGenie (LxrSGe10s) | L | LxrSge10s.exe | Related to SmartGenie_toolbar customizable toolbar, offers many helpful research tools making it possible for you to navigate the Web as well as carry out powerful research. |
| SmartLinkService | L | slmdmsr.exe | slmdmsr.exe installed alongside Smartlink communication products and offers additional support to the modem service. This program is a non-essential process, but should not be terminated unless suspected to be causing problems. |
| SmartLinkService (SLService) | L | slserv.exe | slserv.exe is installed alongside Smartlink communication products and offers additional support to the modem service. This program is a non-essential process, but should not be terminated unless suspected to be causing problems. |
| SmartTrust Smart Card Server (Smartscaps) | L | Smartscaps.exe | Platform for integrating security functions with mobile services. For more information Click_Here |
| SmartWiService | L | SmartWiService.exe | Related to Sony_SmartWi SmartWi technology is the seamless integration of three wireless technologies: Wide Area Network (WAN)132, 802.11bg wireless LAN1, and Bluetooth®4 technologies. |
SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) | L | ibmsmbus.exe | Related to SMBus on IBM computers. SMBus is the System Management Bus defined by Intel® Corporation in 1995. It is used in personal computers and servers for low-speed system management communications. Note: located in C:\WINDOWS\System32\ibmsmbus.exe |
| SMONITOR | X | SMONITOR.SYS | Added by the TROJ_ROOTKIT.V TROJAN! Read the link, rootkit type stealth involved. |
| SMS Help Center (SMS32) | X | smss32.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| smsc | X | smsc.exe | Added by the W32/Tilebot-GW WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| smscc | X | smscc.exe | Added by the W32/Sdbot-CPG WORM! Note: This worm\trojan is located in C:\%WINDIR% |
| smsmanger | X | smsmanger.exe | Added by the Backdoor.SdBot.xd as identified by ewido. Note: This worm\trojan is located in C:\%WINDIR%\ More: here |
| SMSS (SMSS) | X | smss.exe | Added by the W32/Tilebot-V WORM! Note: This worm file is found in the Windows or Winnt folder. |
| SMTP Capture | L | smtpcap.exe | Related to NSi's AutoStore from Notable Solutions, Inc. Capture documents and securely saving the content in your business applications. |
| Snake SockProxy Service (SkServer) | X | wuauserv.exe | Variant of Troj/VB-ZD See Sophos |
| SNARE | L | SnareCore.EXE | Related to InterSect_Alliance Open Source agents to provide a log collection, analysis, reporting and archival resource. |
| SnareIIS | L | SnareIIS.EXE | Related to InterSect_Alliance Open Source agents to provide a log collection, analysis, reporting and archival resource. |
| SndDRV (MS Sound Driver) (SndDRV) | X | snddrv.exe | Added by the W32/Rbot-BSC WORM! Note: This worm file is found in the System32 folder. |
| SNMPTrapd Service | L | snmptrapd.exe | Related to MKS_Toolkit |
| Snoop Free Service (SnoopFreeSvc) | L | SnoopFreeSvc.exe | Anti-keylogging software made by SnoopFree_Software._ |
| Socks-Cap (Sc32Inch) | X | Sc32Inch.exe | Added by WORM_SDBOT.DIN WORM! Rookit infection Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Softex OmniPass Service | L | Omniserv.exe | Related to Softex OmniPass security solution which handles passwords on your computer. |
| Softex OmniPass Service | L | Omniserv.exe | secure password management software |
| Software Jukebox v2.0 Service | L | Software Jukebox v2.0 Service File.exe | Related to BlueLabelle Jukebox v2.0 from MPEGX.com |
| Software Secure Service (SSISvr32) | L | ssisvr32.exe | Related to Software_Secure service. Enables students to take an exam in a secure environment using Microsoft® Word and Excel. Note: Located in C:\WINDOWS\system32\ |
| SolidPDFConverterReadSpool (ScReadSpool) | L | SolidPdfService.exe | Related to Solid_Converter_PDF from VoyagerSoft - Turn your PDFs into documents you can edit. |
Sonica Theater Installer (SonicaTheaterInstallerService) | L | STinst.exe | Related to Sonica_Theater from M-Audio. Turn your computer into a fully functional multiformat surround-sound monitoring environment. Note: Located in C:\Program Files\C:\Program Files\M-Audio Sonica Theater\Install\ |
| SonicStage SCSI Service (SSScsiSV) | L | SSScsiSV.exe | Related to Sony Corp. |
| SonicStageMonitoring | L | SonicStageMonitoring.exe | Related to Sony GigaPocket multimedia entertainment center. |
| SonicWALL Agent Service | L | swAgent.exe | Related to Network Associates, Inc. |
| SonicWall VPN Client Service | L | RampartSvc.exe | SonicWall client for VPN access. |
| Sony Network Analysis Tool | X | winsony.exe | W32/Spybot-NS Read the link, allows remote access |
| Sony SCSI Helper Service | L | SonySCSIHelperService.exe | Related to Related to Sony Corporation. |
| Sony SPTI Service (SPTISRV) | L | Sptisrv.exe | Related to Sony Corporation |
| Sony SPTI Service for DVE (ICDSPTSV) | L | IcdSptSv.exe | Related to Sony SPTI Service Note: Sony Inc. Located in C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Sony TV Tuner Controller | L | halsv.exe | Sony computers |
| Sony TV Tuner Controller | L | halsv.exe | Sony computers |
| Sony TV Tuner Manager | L | RM_SV.exe | Sony computers |
| Sony TVTA Manager | L | SMceMan.exe | Related to Sony Corporation. |
| Sophos Agent | L | ManagementAgentNT.exe | Related to Sophos AntiVirus protection software. |
| Sophos Anti-Virus | L | SWEEPSRV.SYS | By Sophos Plc |
| Sophos Anti-Virus (SAVService) | L | SavService.exe | Related to Sophos AntiVirus protection software. |
| Sophos Anti-Virus (SWEEPSRV.SYS) | L | SWEEPSRV.SYS | Sophos Virus protection program. http://www.sophos.com/support/knowledgebase/article/378.html |
| Sophos Anti-Virus Network | L | SWNETSUP.EXE | By Sophos Plc |
| Sophos Anti-Virus status reporter (SAVAdminService) | L | SAVAdminService.exe | Related to Sophos AntiVirus protection software. |
| Sophos Anti-Virus Update | L | SWUPDATE.EXE | By Sophos Plc |
| Sophos AutoUpdate Agent | L | AutoUpdateAgentNT.exe | Related to Sophos AntiVirus protection software. |
| Sophos AutoUpdate Service | L | ALsvc.exe | Related to Sophos AntiVirus protection software. Auto Update service. |
| Sophos Cache Manager (CacheMgr) | L | cachemgr.exe | Related to Sophos AntiVirus protection software. Remove Update service. |
| Sophos Database Notification Service (sdbnsrvc) | L | Sdbnsrvc.exe | Related to Sophos_Control_Center a central console that permits administration of Sophos Anti-Virus SBE over the entire network from one location. Note: Located in C:\Program Files\Sophos\Control Center\ |
| Sophos Message Router | L | RouterNT.exe | Related to Sophos AntiVirus protection software. |
| Sophos SBE Certification Manager | L | CertificationManagerServiceNT.exe | Related to Sophos_Control_Center a central console that permits administration of Sophos Anti-Virus SBE over the entire network from one location. Note: Located in C:\Program Files\Sophos\Control Center\ |
| Sophos SBE ManagementService | L | SbeMss.exe | Related to Sophos_Control_Center a central console that permits administration of Sophos Anti-Virus SBE over the entire network from one location. Note: Located in C:\Program Files\Sophos\Control Center\ |
| Sound Sservice Driver (Sound Service) | X | cfmon.exe | See Here |
SoundMAX Agent Service (SoundMAX Agent Service (default)) | L | SMAgent.exe | SoundMAX Sound Device |
| SP Software Installer | L | sp_SWIns.exe | SmartPipes SecureSite is a scalable, reliable, and secure software platform for the creation and management of advanced IP services. - http://www.smartpipes.com/SecureSite.htm |
| SPBBCSvc | L | SPBBCSvc.exe | Related to Symantec Internet security suite and assists in keeping your computer up to date from Internet bound viruses. |
| SPCSUtilityService | L | SPCSUtilityService.exe | Related to Sprint_Sierra_Wireless service. Note: Located in C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\ |
| spdcheck | X | SPDCHECK.EXE | Added by the SDBOT.BZE WORM! Read the link, rootkit type stealth involved. |
| Spectrum24 Event Monitor | L | S24EvMon.exe | Intel Corporation |
| Speed Disk service | L | nopdb.exe | Norton Speed Disk |
| spkrmon | L | spkrmon.exe | SoundMAX SpeakerMonitor service |
| SPM License Server (spmd) | L | spmd.exe | Related to SPM_License from mental images GmbH. RealityServer® is the unique server-based, scalable infrastructure software platform for creating and deploying 3D Web Services and other applications and application Note: Located in C:\WINDOWS\System32\spm\ |
| SPM License Server (spmd) | L | spmdib.exe | Related to Software_Protection_Manager from SoftImage. Note: Located in C:\WINDOWS\system32\spm\ |
| spmgr | L | spmgr.exe | Related to Sony VAIO/ASUS laptops and provides additional configuration options for these devices. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. |
| spool | X | spoollv.exe | Added by the W32/Sdbot-AES WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| spool | X | SPOOLLV.EXE | Added by the SDBOT.CTI WORM! Note: This worm file is found in the System32 folder. (NT/2000/XP) Read the link, rootkit type stealth involved. |
| Spool SubSystem App | X | lsass.exe | Added by the W32/Tilebot-HD WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| SpoolService | X | spolsv.exe -service | Possibly added by a W32/Agobot variant. |
| Spoolsv | X | spoolsv.exe | Added by the Troj/IRCBot-VA TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| spoolv | X | spoolv.sys | Added by the TROJ_ROOTKIT.S TROJAN! Read the link, rootkit type stealth involved. |
| Spss License Manager (SpssLM) | L | spss_lmd.exe | http://www.spss.com/spss/licensing.htm |
| Spy Emergency Shield Service (SpyEmrgSrv) | L | SpyEmergencySrv.exe | Related to Spy_Emergency from NETGATE Technologies. Security software. Note: Located in C:\Program Files\NETGATE\Spy Emergency 2006\ |
| Spy-Keylogger (SpyKeyloggerService) | X | skls.exe | Identified as Spyware.SpyKeylogger SPYWARE! Spyware.SpyKeylogger is a security risk that records keystrokes. Must be manually uninstalled via Start\settings\control panel\Add_Remove programs. |
| SpyDetectSVC | L | SpywareDetectorSVC.exe | Spyware Detector, Adware/Spyware remover - initially considerered a "rogue" program. The latest version has since apparently mended its ways: see note |
| Spyware Doctor Auxiliary Service (sdAuxService) | L | svcntaux.exe | Related to Spyware_Doctor from PC Tools Auxiliary Service. Note: Located in C:\Program Files\Spyware Doctor\ |
| Spyware Doctor Service (sdCoreService) | L | swdsvc.exe | Related to Spyware_Doctor from PC Tools service. Note: Located in C:\Program Files\Spyware Doctor\ |
| Spyware Terminator Clam Service (sp_clamsrv) | L | sp_clamsrv.exe | Part of Spyware Terminator, located in %program files%\WinClamAVShield |
| Spyware Terminator Realtime Shield Service (sp_rssrv) | L | sp_rsser.exe | Related to SpywareTerminator Spyware Remover. Note: Located in C:\Program Files\Spyware Terminator\ |
| SpywareCleanerService | O | SCService.exe | Owner:Secure Computer, LLC. May show as Unknown owner. Related to Spyware Cleaner Note: Not recommended. |
| SQL Server (MSSQLSERVER) | L | sqlservr.exe | Related to Microsoft_SQL_server suite. |
| SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) | L | SQLAGENT90.EXE | Related to Microsoft_SQL_Server_Agent |
| sql-smss | X | sql-smss.exe | Added by the W32/Tilebot-GI WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| sqldps | X | sqldps.exe | Added by the W32/Tilebot-GV WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| sqlmanagement | X | sqlmanagement.exe | Added by the W32/Tilebot-GB WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| sqlserver (sqlserver) | X | sqlserv.exe | Added by the SDBOT.BZO WORM! Read the link, rootkit type stealth involved. |
| SQLSERVERAGENT | L | sqlagent.EXE | Related to Microsoft SQL Server |
| sqlsrvd (sqlsrvdaemon) | X | _sqlexec.exe | Possible new variant of W32.Spybot.NLX. Location: C:\Windows (9X\XP) or C:\Winnt (NT\2000). See Symatec |
| SRS Labs License Service | L | srslabslicenseservice.exe | Related to SRS_Labs Audio Service. Note: Located in C:\Program Files\Common Files\SRS Labs Shared\ |
| ssdfghjkl | X | NETDDF.EXE | Added by the SDBOT.BXN WORM! Read the link, rootkit type stealth involved. |
| SSH Client for Windows | X | winshp.exe | Win32/Duiskbot.BE Note: Located in %System%\dllcache\ |
| ssms | X | SMSS.EXE | Added by the SPYBOT.ADJ WORM! Note: This is not the legitimate Windows process SMSS.EXE (Which is always found in the System32 folder.) This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved. |
| SSO Plus | L | pgpwdmon.exe | http://www.passgo.com/products/sso/index.shtml |
| SSODL: eplrr | X | eplrr3.dll | hijacker/trojan |
| SSODL: Sysctl Desktop Handler | X | ntosv.dll | seems to replace the users desktop with an error message regarding spyware |
| SSODL: SystemCheck2 | X | vbsys2 | can also be vbsys/vbsys2 with or without .exe extension. trojan related |
| ssrvc | L | ssrvc.exe | Program from Advanced Systems International SAC regarding usb removable storage devices, For more info See_Here |
| Standalone.exe (Standalone) | X | standalone.exe | Added by the W32/AGOBOT-ADS WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Read the Topic here |
| starter (Protector) | X | scvhostingg.exe | Added by the W32/Forbot-FB WORM! |
| StarWind iSCSI Service (StarWindService) | L | StarWindService.exe | StarWindService.exe is a process which belongs to Alcohol 120% DVD/CD emulation and burning software and provides network drive sharing capabilities to this product. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. |
| Stateless Packet Filtering (PktFilter) | L | pktfltsrv.exe | Part of PktFilter |
| stchost.exe (moto) | X | stchost.exe | Added by the Troj/Vixup-L TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) | L | SLEE503.exe | Related to Steganos live Encryption Engine. |
Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) | L | SLEE81.exe | Part of Steganos security suite |
| STI Simulator | L | PAStiSvc.exe | Related to STI_Simulator From SystemsTech. Note: Located in C:\WINDOWS\System32\ |
| stllssvr | L | stllssvr.exe | Related to SureThing_CD_Labeler from MicroVision Development, Inc. designed for MP3 and DVD buffs Note: Located in C:\Program Files\Common Files\SureThing Shared\ |
| STOPzilla Local Service | L | szntsvc.exe | Stopzilla Popup Blocker |
| STOPzilla Service | L | SZServer.exe | Related to STOPzilla service. |
| Streamload Service (StreamloadService) | L | StreamloadService.exe | Related to Streamload_Service from Streamload, Inc. Backs up your files and syncs files between computers. Note: Located in C:\Program Files\Streamload\MediaMax XL\ |
| stunnel | L | aa-stunnel.exe | Related to Stunnel encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) |
| StyleXPService | L | StyleXPService.exe | Related to StyleXP, a skinning program for Windows XP |
| Sun One Administration Server 5.2 (admin52-serv) | L | ns-httpd.exe | Related to Sun_One Administration server |
Sun ONE Directory Server 5.2 (config52) (slapd-config52) | L | ns-slapd.exe | Related to Sun_One directory server |
| Sun ONE Directory Server 5.2 (data52) (slapd-data52) | L | ns-slapd.exe | Related to Sun_One directory server |
| Sun ONE Web Server 6.1 (https-NASSRY) (https-NASSRY) | L | webservd-wdog.exe | Related to Sun_ONE_Web_Server from Sun Microsystems, inc. Note: located in C:\Sun\WebServer6.1\bin\https\ |
Sun ONE Web Server 6.1 Administration Server (https-admserv61) | L | webservd-wdog.exe | Related to Sun_ONE_Web_Server from Sun Microsystems, inc. Note: located in C:\Sun\WebServer6.1\bin\https\ |
| Sunbelt CounterSpy Antispyware (SBCSSvc) | L | SBCSSvc.exe | Related to Scan_Service from Sunbelt Software belonging to CounterSpy. Note: Located in C:\Program Files\Sunbelt Software\CounterSpy\ |
| Super Ad Blocker Service | L | SABSVC.EXE | Related to SuperAdBlocker.com |
| Surveyor | L | Surveyor.EXE | Related to compaq products |
| svahost | X | svahost.exe | Added by the Backdoor.Win32.SdBot.aad as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| SVC Module (SVC Module) | X | svchost.exe | Added by the W32/Sdbot-ADG WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm file is found in the Windows or Winnt folder. |
| svchoct.exe (yuto) | X | svchoct.exe | Added by the Troj/Sdbot-LI TROJAN! Note: located in C:\Windows\ (Win9x/Me,XP), C:\Winnt\ (WinNT/2K) |
| svchost | L | inetdll.exe | Unknown to me... |
| svchost | X | svchost.exe | Troj/Hupigon-CK Note: Located in %windir% Read the link, allows remote access |
| svchost.exe (moto) | X | (Random 18-character filename) | Added by the Troj/Agent-MD TROJAN! |
| svchost.exe (moto) | X | svchost.exe | Added by the Troj/Agent-MD TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| svchost.exe (svchost.exe) | X | svchost.exe | Added by the Troj/GrayBird-X TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| svice | X | txkernel.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\iis] (Win9x/Me), C:\%WINDIR%\System32\iis\ (XP/WinNT/2K) More similar_to |
| SVKP (SVKP) | X | SVKP.sys | Added by the W32/Rbot-AGP or W32/Spybot-FB or W32/Rbot-AJR WORM! |
| Sweep for Windows NT Network | L | SWNETSUP.EXE | Sophos AntiVirus Sweep Service |
| Sweep for Windows NT Update | L | SWUPDATE.EXE | Sophos AntiVirus Update Service |
| SwiftPublish Authorization Service | L | spauthserv.exe | Related to SwiftView, Inc. |
| Swupdtmr | L | swupdtmr.exe | Related to Toshiba Software Update Manager. Handles the updating of software. |
| SX Service (SXServ) | X | sxserv101.exe | Added by the Windir_SXS TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| SX Service (SXServ) | X | servmswin.exe | Added by the W32/Delf.THK.dropper. Drops the file servmswin.exe in the WINDOWS\System32 folder. |
| Sybase EP Management Agent | L | sybjsvc.exe | Related to EP_Management_Agent from Sybase. Note: Located in C:\Program Files\Sybase\shared-1_0\bin\ |
| Sygate Personal Firewall | L | smc.exe | Related to Sygate Firewall. |
| SyGateService (SaService) | L | sgserv.exe | Related to Sygate Technologies now owned by Symantec. |
| Symantec AntiVirus | L | Rtvscan.exe | Related to Symantec AntiVirus |
| Symantec AntiVirus Client | L | Rtvscan.exe | Symantec Internet Security Suite |
| Symantec AntiVirus Definition Watcher | L | DefWatch.exe | Related to Symantec AntiVirus Software. |
| Symantec AppCore Service (SymAppCore) | L | AppSvc32.exe | Related to Symantec_AppCore Service. Note: Located in C:\Program Files\Common Files\Symantec Shared\ |
| Symantec Central Quarantine (qserver) | L | qserver.exe | Related to Norton/Symantec AntiVirus. |
| Symantec Client Firewall Configuration (CfgWzSvc) | L | CfgWzSvc.exe | Related to Symantec_Client_Firewall Configuration Wizard Service Note: Located in C:\Program Files\Symantec Client Security\Symantec Client Firewall\ |
| Symantec Client Firewall Proxy Service (SymPxSvc) | L | SymPxSvc.exe | Related to Symantec_Client_Firewall Note: Located in C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ |
| Symantec Core LC | L | symlcsvc.exe | Related to Norton/Symantec Anti-Virus. |
| Symantec Event Manager (ccEvtMgr) | L | ccEvtMgr.exe | Related to Norton/Symantec AntiVirus |
| Symantec Ghost Client Agent | L | ngctw32.exe | Related to Norton/Symantec AntiVirus. |
| Symantec Ghost Database Service (ngdbserv) | L | dbserv.exe | http://castlecops.com/s855-dbserv_exe.html |
| Symantec Ghost Win32 Configuration Server (NGServer) | L | ngserver.exe | Symantec/Norton Ghost Console service http://castlecops.com/s2476-ngserver_exe.html |
| Symantec IS Password Validation (ISPwdSvc) | L | isPwdSvc.exe | Related to Symantec_IS_Password Validation service. Note: Located in C:\Program Files\Norton AntiVirus\ |
| Symantec Lic NetConnect service (CLTNetCnService) | L | ccSvcHst.exe | Related to Symantec_Lic_NetConnect service. Note: Located in C:\Program Files\Common Files\Symantec Shared\ |
Symantec Licensing Detect Internet Connection (DJSNETCN) | L | DJSNETCN.exe | Related to Norton/Symantec AntiVirus. |
| Symantec LiveState Agent for Windows | L | ccmagent.exe | Related to Symantec Incorporated |
| Symantec LiveState Recovery | L | VProSvc.exe | Related to Symantec Norton Ghost Note: Located in C:\Program Files\Symantec\LiveState Recovery\Advanced Server 3.0\ |
| Symantec Network Drivers Service (SNDSrvc) | L | SNDSrvc.exe | Symantecd related |
| Symantec Network Proxy | L | ccProxy.exe | Symantec Network Proxy |
| Symantec Password Validation (ccPwdSvc) | L | ccPwdSvc.exe | Related to Norton/Symantec AntiVirus. |
| Symantec Proxy Service | L | ccPxySvc.exe | Related to Norton proxy service |
| Symantec Quarantine Agent (IcePack) | L | IcePack.exe | Related to Norton/Symantec AntiVirus. |
| Symantec Quarantine Scanner (ScanExplicit) | L | ScanExplicit.exe | Related to Norton/Symantec AntiVirus. |
| Symantec SecurePort (SymSecurePort) | L | SymSPort.exe | Related to Norton/Symantec AntiVirus. |
| Symantec Settings Manager (ccSetMgr) | L | ccSetMgr.exe | Related to Norton/Symantec AntiVirus. |
| Symantec SPBBCSvc (SPBBCSvc) | L | SPBBCSvc.exe | Symantec Internet Security Service |
| Symantec System Center Discovery Service (NSCTOP) | L | NSCTOP.EXE | Related to Symantec Corp. |
| SymWMI Service | L | SymWSC.exe | Related to Norton/Symantec AntiVirus. |
| SysAid Agent (SysAidAgent) | L | IliAS.exe | Related to SysAid from Ilient Ltd. A suite of web-based IT management to automates your processes for help desk. Note: Located in C:\Program Files\SysAid\ |
| Syscheck (Syscheck) | X | csrss.exe | Added by the Troj/LdPinch-AL TROJAN! Note: This is not the legitimate Windows process csrss.exe (Which is always found in the System32 folder.) This trojan file (csrss.exe) is found in the Windows or Winnt folder. |
| sysmgr64 | X | sysmgr64.exe | Added by the Backdoor.SdBot.xd WORM! as detected by ewido. More here |
| sysServer2.0 (sysServer2.0) | X | G_Server2.0.exe | Added by the Troj/Feutel-AK TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| systeerm (systeerm) | X | systeerm.exe | Added by the Troj/Singu-V TROJAN! Note: This trojan file is found in the Windows or Winnt folder. |
| system | X | system.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| System | X | sys.exe | Troj/Hupigon-QH Note: Located in %windir%\addins Read the link, steals information and allows remote access |
| system | X | Hacker.com.cn.exe | Troj/GrayBrd-CJ Note: Located in %windir% Read the link, allows remote access |
| System Account Center (SysAccCtr) | X | svcpost.exe | W32/Oscabot-Q Read the link, allows remote access |
| System Commander MBR check | ? | WINMBR.EXE | |
|