Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

Key:

  • L = Legit, O = Open to Debate, X = Malware/Bad
Startup Name Process Name Details
X $sys$aries aries.sysAdded by the SonyBMG_First4DRM ROOTKIT! Read the link rootkit type stealth involved. Thanks Sony.
L %NVSVC.name% nvsvc32.exeNVidia driver
L (AeXNSClientTransport) AeXNSClientTransport.exeRelated to Altiris_eXpress NS Database and SVS (Software Virtualization Services).
O (Any service name) srvany.exeThis utility allows running Windows NT2000XP applications as services. Can also be used to load Malw
X (ASCService) ascserv.exeAluria Spyware Eliminator Spyware remover a rogue program of dubious repute - for more information s
L (AuthSysSvc) SysSvcNt.exeRelated to Cox High Speed Internet Security Suite System Service. Note: Located in C:Program FilesCo
L (BackupExecAgentAccelerator) beremote.exeprocess that belongs to Backup Exec from Veritas http://www.liutilities.com/products/wintaskspro/pro
L (BackupExecDeviceMediaService) pvlsvr.exeRelated to Veritas Backup Exec and offers essential functionality for Backup Exec. http://www.proces
L (BackupExecNotificationServer) nsvr.exeRelated to Veritas Software backup tool.
L (BeatJamMusicStreamingServer) BeatJamHttpService.exeSee_BeatJam BeatJam Music Server Edition.
L (brmfbags) BrmfBAgS.exeRelated to Brother_BidiAgent Service products from Brother Industries. Note: Located in C:WINDOWSSys
L (clr_optimization_v2.0.50215_32) mscorsvw.exeRelated to Microsoft_NET_Framework NET Runtime Optimization Service.
L (CTXCPUUsync) ctxcpuusync.exeRelated to Citrix MetaFrame
L (default)) SMAgent.exeSoundMAX Sound Device
L (DJSNETCN) DJSNETCN.exeRelated to Norton/Symantec AntiVirus.
L (ElnkFWPPService) EFWPPS~1.EXERelated to EarthLink_Firewall Process. Note: Located in C:Program FilesEarthLinkProtection Control C
L (ELNKService) ELNKServ.exeRelated to EarthLink_Protection_Control Center Service. Note: Located in C:Program FilesEarthLinkPro
L (FAH@C:+FAH+fah-service+FAH502-Console.exe) FAH502-Console.exeRelated to Stanford University - Folding@home is a distributed client computing effort by Stanford U
L (GenericHidService) HIDSERVICE.exeEnhanced Driver for Keyboards and Windows http://www.microsoft.com/whdc/device/input/w2kbd.mspx
L (https-admserv61) webservd-wdog.exeRelated to Sun_ONE_Web_Server from Sun Microsystems inc. Note: located in C:SunWebServer6.1inhttps
L (IBMCICSTransactionGateway) CTGSERVICE.EXERelated to IBM Corp.
L (ibmsmbus) ibmsmbus.exeRelated to SMBus on IBM computers. SMBus is the System Management Bus defined by Intel« Corporation
L (IBMWAS5Service - server1) wasservice.exeRelated to IBM WebSpere server.
L (LightScribeService) LSSrvc.exeLightScribe related to Hewlett Packard
L (McAfeeAntiSpyware) Msssrv.exeRelated to Network Associates Inc.
L (mi-raysat_3dsmax9_32) raysat_3dsmax9_32server.exeRelated to Autodesk_3ds_Max_9_3D_animation Create rich and complex design visualization. Note: Locat
X (non-roman characters) sServer.exeAdded by the Troj/Feutel-AB TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
L (odClientService) odClientService.exeRelated to Odyssey_Client for Fujitsu Siemens Computers. Note: Located in C:ProgramFujitsu Siemens C
L (OracleFormsServer-Forms60Server-OraForm) ifsrv60.exeRelated to Oracle Corp. Forms server.
L (OWSTimer) OWSTIMER.EXERelated to Microsoft_SharePoint Note: Located in C:Program Filesicrosoft OfficeOffice Files
L (PersonalSecureDriveService) PSDsrvc.EXERelated to Personal_Secure_Drive_Service http://www.infineon.com/ Service from Infineon Technologies
L (PinnacleSys.MediaServer) pmshost.exeRelated to Pinnacle_Systems Inc.
X (ProtectedContentSvc) services.exeAdded by Oscarbot.IV TROJAN! (backdoor ranky) Note: This worm rojan is located in C:%WINDIR%ETC comp
L (PRTG4Service) prtg4.exeRelated to Paessler Router Traffic Grapher - http://www.paessler.com/
X (random file name without extension) (random file name).sysAdded by the TROJ_ROOTKIT.AI TROJAN! Read the link rootkit type stealth involved.
X (Random) *See description* irjit.dllAdded by the Backdoor.CVM TROJAN! Note: This trojan file is found in the System or System32 folder.
L (RNADiagnosticsService) RNADiagnosticsSrv.exeRelated to Rockwell_Automation Inc. FactoryTalk suite
X (rpcsvc) rpcsvc.exeAdded by the W32/Cuebot-I WORM! Note: This worm rojan is located in C:WindowsSystem (Win9x/Me) C:%WI
L (slapd-config52) ns-slapd.exeRelated to Sun_One directory server
L (SLEE_503_SERVICE) SLEE503.exeRelated to Steganos live Encryption Engine.
X (special characters) (myserver) myserver.exeAdded by the Troj/Dropper-BR TROJAN!
L (trlokom_rmhsvc) RMHSvc.exeRelated to Trlokom_Central_Management provides security management capabilities to help meet applica
X (wgavn) wgavn.exeAdded by the W32/Cuebot-K WORM! Located in the Windows or WinntSystem32 folder.
X (WMIDriverInc) wmiprvse.exeAdded by an unidentified TROJAN! of the Sdbot family. Note: This worm rojan is located in C:%WINDIR%
L (__AC_PROCESS_MGMT_DAEMON8) pmd8.exeActuate_Enterprise Reporting Applications for business intelligence analytic services
X *Microsoft Update wuytc.exeunknown virus
X *Microsoft Update wstcl.exeNo from Microsoft.
X *windows update wuaucrlt.exeAdded by the W32.Spybot.HUR WORM!
X *windows update wsctl.exemalware virus. possibly Win32.Rbot.gen
X *wuauclt.exe randomRelated to WORM_RBOT.AKU or variant.
X .NET Framework Service svchost.exeTrojan-PSW.Win32.Sagic.15 Virus
X .NET Framework Service (.NET Connection Service) svchost.exeAdded by an unidentified TROJAN! of the Sdbot family. Note: This worm rojan is located in C:%WINDIR%
.NET Runtime Optimization Service v2.0.50215_X86
L 3Com DMI Agent 3CDMINIC.EXE3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
O 3dkeybd 3dkeybd.exeUnknown... No answers on the net.
X 64Bit architecture emulation (wrmsrvice) WRMSRVICE.SYSAdded by the TROJ_ROOTKIT.AG TROJAN! Read the link rootkit type stealth involved.
X 80xFire daemon (80xFire) 80xFire.exeAdded by the W32/Tilebot-BK WORM! Note: This worm rojan file is found in the Windows or Winnt folder
L aaksrv aaksrv.exeSpydex Advanced Anti keylogger
L AAMQDispatcher AAMQDispatcherService.exeCompuware Serversoftware
L ABCSpell Helper Service ABCSpellService.exeSpell checker (Ect ect) for Outlook Express. For more information Click_Here
X Abel Abel.exeSource: http://www.pestpatrol.com/PestInfo/C/Cain.asp
X abhcop abhcop.sysAdded by the PigSearch Adware. Read the link rootkit type stealth involved.
X AC acoustic.exeAdded by the SDBOT.CRN WORM! Read the link rootkit type stealth involved.
L Ac Profile Manager Service (AcPrfMgrSvc) AcPrfMgrSvc.exeRelated to the Ac_Profile_Manager_Service installed as a part of ThinkPad Access Connections suite o
X AC-DNAME (AC-DNAME) acoustic.exeAdded by the SDBOT.CFN WORM! Read the link rootkit type stealth involved.
L Accenture Media Viewer (MediaViewer) streamviewerservice.exeRelated to Accenture_Media_Viewer
O Access Remote PC Service 4.3 rpcsetup.exeAccess_Remote_PC www.access-remote-pc.com remote access software. Legitimate but remote access could
L ACMService (ACMService) Added by the ACM SPYWARE! **Note this is a commercial computer monitoring software
L ACNUSvc acnupdatersvc.exeRelated to Accenture global management consulting technology services and outsourcing company Note:
L Acronis Scheduler2 Service schedul2.exehttp://www.acronis.com/homecomputing/products/trueimage/
L ActiveXperts Network Monitor (AxsNmSvc) AxsNmSvc.exeAdded by ActiveXperts_Network_Monitor allows administrators to monitor the network for failures and
Actuate Process Management Daemon 8
L Ad-Axis Client aaclient.exeRelated to Lavasof's Ad-Aware SE Enterprise Edition 2005
L Adaptador de rendimiento de WMI wmiapsrv.exeWindows Management Instrumentation Performance Adapter Service Windows XP and 2003. Note: Located in
L Adaptec I/O Manager Server iomgr.exeRelated to Adaptec product
L Adaptec RAID Remote Services Agent afaagent.exeRelated to Adaptec Inc.
L Adaptec Storage Manager Notifier notify.exeRelated to Adaptec procuct
L Adaptec Web Server arcpd.exeRelated to Adaptec procuct.
L AdaptecStorageManagerAgent StorServ.exeRelated to Adaptec Incorporated
L Adapter Switching RoamSvc.exeIntel Adapter Switching
L ADF Installer Service (ADF Installer) AgentSVC.exeRelated to Citrix Installation Manager Service
L Administraci├│e aplicaciones services.exeSpanish Windows 2000 applications managing
L Administrador de cuentas de seguridad lsass.exeSpanish Windows 2000 security accounts manager
L Administrador de discos services.exeSpanish Windows 2000 disks manager
L Administrador de sesi├│e Ayuda de escritorio remoto sessmgr.exeThis service manages and controls Remote Assistance
L Administrador de utilidades UtilMan.exeSpanish Windows 2000 utility manager
L Adobe Active File Monitor PhotoshopElementsFileAgent.exeRelated to Adobe photoshop.
L Adobe LM Service Adobelmsvc.exeRequired for PhotoshopCS
X Adobe Update Manager (Adobe3M) mshss.exeAdded by the Troj/Wollf-B TROJAN! Note: This worm rojan file is found in the System32 folder.
L Adobe Version Cue CS2 VersionCueCS2.exeRelated to Adobe Products
L AdobeVersionCue VersionCue.exeAdobe related
L ADSService ADSSER~1.EXERelated to Aluria_Active_Defense_Shield Service. An EarthLink Co. Note: Located in C:Program FilesEa
L Advantage Database Server ADS.EXERelated to Extended Systems' Advantage_Database_Server
L AEClientHostService AEClientHostService.exeRelated to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase
X Age of Empires III: The WarChiefs ageofempires.exeAdded by an unidentified TROJAN! of the Sdbot family. Note: This worm rojan is located in C:Windowsd
L Agente de directivas IPSEC lsass.exeSpanish Windows 2000 IPSEC policy agent
L Agere Service (AgrSrvce) AgrSrvce.exeRelated to Proxim_Corp Client manager software associated with the ORiNOCO wireless LAN card.
X AIM (AIM) aim.exeAdded by the W32/Rbot-AGC or W32/Sdbot-BFX WORM! Read the link rootkit type stealth involved.
X aim.ex IEXPLORER.EXEAdded by the SDBOT.COW WORM! Read the link rootkit type stealth involved.
L Alerter svchost.exeNotifies selected users and computers of administrative alerts. If the service is stopped programs t
X AlfaCleanerService ACServer.exeAlfaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware
L Almacenamiento protegido services.exeSpanish Windows 2000 protected storage
L Altera JTAG Server (JTAGServer) JTAGServer.exeRelated to Altera Quartus II Software. Note: Located in C:alteraquartus50in
L Altiris Agent (AeXNSClient) AeXNSAgent.exeRelated to Alteris services. http://www.altiris.com
L Altiris Carbon Copy (CarbonCopy32) ccsrvc.exeRelated to Alteris services. http://www.altiris.com
L Altiris Client Service ACLIENT.exeRelated to Altiris Inc.
L Altiris eXpress NS Client (AeXNSClient) AeXNSClient.exeRelated to Altiris_eXpress NS Database and SVS (Software Virtualization Services).
Altiris eXpress NS Client Transport
Aluria Security Center Spyware Eliminator Service
O Aluria Spyware Eliminator Service ASEServ.exeAluria Spyware Eliminator
X AL_ADSService AL_ADSService.exeAluria Spyware Eliminator Spyware remover a rogue program of dubious repute - for more information s
L Amadeus Automatic Update AutoUpdate.exeRelated to Amadeus powerful front office travel management tool. Note: Located in C:Program FilesAut
L AMD PowerNow! . Technology Service (GemServ) GemServ.exeRelated to Advanced Micro Devices Inc. - http://www.amd.com/
X Ampi32 (wdfmgr) msvcrt.exeAdded by the W32/Tilebot-Q WORM! Note: This worm file is found in the Windows or Winnt folder. Read
L Analysis Server (MSSQLSERVER) (MSSQLServerOLAPService) msmdsrv.exeRelated to Microsoft_SQL_server suite.
L ANIWZCSd Service ANIWZCSdS.exeRelated to Alpha_Networks
X AntiSpyUltra (Zonelaps) vsmom.exeAdded by the W32/Tilebot-E WORM! Read the link rootkit type stealth involved.
L AntiVir Scheduler (AntiVirScheduler) sched.exeRelated to AntiVir antivirus program.
L AntiVir Service AVGUARD.EXEAntiVir antivirus
L AntiVir Update AVWUPSRV.EXEAntiVir Antivirus
X antivirus32 antivirus32.exeAdded by an unidentified TROJAN! Note: of the Win32/Rbot family. Note: This worm rojan is located in
L ANTS Profiler service RedGate.Profiler.Service.exeRelated to Red Gate Software Ltd
L AnyPoint Service - Intel Corporation APSERVER.EXEBelongs to Intel_Anypoint home networking system
L AOL Antivirus Update Service (aolavupd) aolavupd.exeRelated to AOL Antivirus Update Service.
L AOL Connectivity Service AOLAcsd.exeOwner: America Online. Description: AOL Connectivity Service - starts an automatic function that res
L AOL Connectivity Service acsd.exeAOL related
X aol software (Aol Software) smss.exeAdded by the W32/Tilebot-FM WORM! Note: This is not the legitimate Windows process (Which is always
L AOL Spyware Protection Service aolserv.exeRelated to AOL
L AOL TopSpeed Monitor aoltsmon.exeAOL Topspeed
L Apache Apache.exeApache Web Server Software
L Apache2 Apache.exeApache Web Server
L APACS+ NIM32 (NIM32) Nim32.exeRelated to Siemens Energy & Automation Platform. Note: located in C:Program FilesProcessSuiteNIM
L APC PBE Server pbeserver.exeAPC PowerChute Business Edition Server (For UPS)
L APC UPS Service mainserv.exeRelated to American Power Conversion Corporation
L AppExpress Client ece.exeRelated to Endeavros Technology Inc and Microsoft_Encarta
X Application Layer Gateway Manager (AppLayerGatewayMgr) alg.exeAdded by W32/Tilebot-EU WORM! Note: not to be confused with see_Here located in C:WindowsSystem32 th
L Application Layer Gateway Service alg.exeProvides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Co
X Application Layer Gateway Services alg.exeAdded by an unidentified TROJAN! of the Sdbot family. Note: This worm rojan is located in C:%WINDIR%
X Application Layer Gateway System (ALGS) algsys.exeAdded by the W32/Rbot-DDF WORM! Note: This worm rojan is located in C:WindowsSystem (Win9x/Me) C:%WI
X Application State Service (AppSvc) apsvc.exeAdded by the W32/Rbot-FWW WORM! Note: This worm rojan is located in C:WindowsSystem (Win9x/Me) C:%WI
X AppMgmt svchost.exe -k AppMgmtAdded by the Fuwudoor TROJAN!
L AppnNode appnnode.exeRelated to IBM_Server Note: Located in C:WINDOWSsystem32Drivers
X ARC Plugin (ARCPLUG) arci.exeAdded by the W32/Tilebot-HB WORM! Note: This worm rojan is located in C:WindowsSystem (Win9x/Me) C:%
L ArcaBit NetMonitor (ABNetMon) NetMonSV.exeArcaVir an AntiVirus software from Poland. A procuct of ArcaBit Sp. z o.o
L ArchestrA Logger (aaLogger) aaLogger.exeRelated to ArchestrA Software architecture for the integration of your automation systems.
L Argos Billing Dialog WorkstationMonitor.exeRelated to Argos_Billing_Dialog from Sepialine inc. Print Monitor. Note: Located in c:Program FilesS
L ArGoSoft Mail Server Plus mailservernt.exeRelated to ArGo Software Design Mail Server
L Ascent Capture Service acsvc.exeRelated to Kofax Image Products.
L ASF Agent ASFAgent.exeIntel Alert Standard Format Console - asfagent.exe is a part of a systems management suite bundled w
L AshampooDefragService aDefragService.exeRelated to Ashampoo Magic Defrag Utility
L ASMAgent ASMAgent.exeRelated to ASAP_eSMART Smart Asset Management tool.
X ASNFTP daemon (ASNFTPD) AsnFtpd.exeAdded by the W32/Tilebot-BD WORM! Note: This worm rojan file is found in the Windows or Winnt folder
L ASP.NET State Service (aspnet_state) aspnet_state.exeRelated to Microsoft Windows Operating System and is the ASP State Service.
L Asset Insight Client (AICLIENT) Aiclient.EXEAsset Insight from Tangram - http://castlecops.com/s1883-AICLIENT_EXE.html
L Asset Management Agent UMCSTUB.EXERelated to Unicenter Asset Management by Computer_Associates
L Asset Management Daemon dtsslsrv.exeDisplay configuration software used by several manufacturers under differing names such as Image Tun
X Asus Motherboard Utility (Asus) asus.exeAdded by the WORM_SPYBOT.IY WORM! Note: This worm rojan is located in C:%WINDIR% folder.
L ASWLSVC ASWLSVC.exeRelate to the ASUS_Wireless_LAN_Card_Services
X Asynchronous Load Balance (ySvcHst) srvnst.exeAdded by ServiceThreadHandler.Process TROJAN! Note: located in C:WINDOWSSystem32
L AT Host Service atnthost.exeRelated to WebEx
L Atheros Configuration Service acs.exerelated to Atheros Wireless LAN
L Ati HotKey Poller Ati2evxx.exeATI Video Card Control Panel
L ATI Smart ati2sgag.exeATI Video Card Control Panel
X ATIintergrated (ATIintergrated) atigraphics.exeAdded by the SDBOT.CRX WORM! Read the link rootkit type stealth involved.
L ATK Keyboard Service (ATKKeyboardService) ATKKBService.exeRelated to ASUSTeK_Computer Inc. ASUS Keyboards and provides additional configuration options for th
L AutoComplete Service autocomp.exeTracks Eraser Pro
L Autodata Limited License Service ADCDLicSvc.exeRelated to Autodata Limited
L Autodesk Data Management Job Dispatch Connectivity.WindowsService.JobDispatch.exeRelated to Autodesk_Data_Management Web Server. Note: Located in C:Program FilesAutodeskData Managem
L Autodesk EDM Server Connectivity.EDMWS.Server.exeRelated to Autodesk_Data_Management Web Server. Note: Located in C:Program FilesAutodeskData Managem
L Autodesk Licensing Service AdskScSrv.exeRelated to Autodesk Inc.
L Autodesk MapGuide« Server 6.3 (MapServer6.3) MapServer.exeRelated to Autodesk Inc.
L AutoMate 5 (AutoMate5) AutoMate5Svc.exeRelated to Automate from Network Automation Inc. A Task Service. Note: Located in C:Program Filesaut
L AutoMate 6 (AutoMate6) AMTS.exeRelated to AutoMate from Network Automation. Tools necessary to completely automate business process
L Automatic LiveUpdate Scheduler ALUSchedulerSvc.exeRelated to to the Symantec LiveUpdate service which updates your Symantec products periodically.
X Automatic Update Service (Automatic Update) wuapi.exeAdded by the W32/Codbot-AC WORM! Note: This worm rojan file is found in the System32 folder.
L AutoStore (autostore) batch.exeRelated to NSi's AutoStore from Notable Solutions Inc. Capture documents and securely saving the con
L Av Update Monitor (AvSvcMonitor) AvMonitor.exeAvast
L avast! Antivirus ashServ.exeRelated to Avast AntiVirus
L avast! iAVS4 Control Service aswUpdSv.exeRelated to Avast AntiVirus
L avast! Mail Scanner ashMaiSv.exeRelated to Avast AntiVirus
L avast! Web Scanner ashWebSv.exeRelated to AWIL Software http://www.avast.com/
? Avast32 Start as Service avserver.exeseems to belong to Avast anti-virus software
X AVCore (SrvMain) avservice.exeAs of yet Unknown Worm Trojan or Malware. The file (avservice.exe) is found in the Documents and Set
L Aventail Connect (As32Svc) as32svc.exeRelated to Aventail_Corp
L AVG E-mail Scanner avgemc.exeRelated to AVG anti-virus
L AVG Firewall (AVGFwSrv) avgfwsrv.exeRelated to AVG_Firewall Note: located in C:PROGRA~1GrisoftAVG7
L AVG6 Service avgserv.exeAVG 6 Anti virus
L AVG7 Alert Manager Server avgamsvr.exeRelated to AVG Anti-Virus.
L AVG7 Update Service avgupsvc.exeUsed by the AVG 7 Antivirus program to keep your definitions up to do date. Note : For more informat
L Avid SDM Service (AvidSDMService) AvidSDMService.exeRelated to Avid_SDM_Service from Avid Technology Note: Located in C:WINDOWSsystem32
L Avid Startup AvidStartup.exeAssociated with Avid_Digital_Media Products
L avinitnt avinitnt.exeRelated to Command AntiVirus for Windows Component made by Command Software Systems Inc. Which merge
X AVKernel AVKernel.exeRouge Anti-Virus Program. Made by WinSoftware Ltd. For more information on WinAntiVirus 2005 Click_H
L AVM FRITZ!web Routing Service (de_serv) de_serv.exeInstalled alongside DSL drivers from AVM Fritz's range of modem products. http://www.liutilities.com
L AVP Control Centre Service avpcc.exeKaspersky AntiVirus
X AVP UPDATE IONTERFACE A6 (avA6) AVA6.SYSAdded by the DLOADER.AJQ TROJAN! Note: This has also been seen using the Display name AVP update int
X AVPX TCP (avpx32) avpx32.sysAdded by the Troj/Haxdoor-AH TROJAN! Read the link rootkit type stealth involved.
X AVPX64 TCP (avpx64) avpx64.sysAdded by the Troj/Haxdoor-AH TROJAN! Read the link rootkit type stealth involved.