| Name | Status | Filename | Description |
@%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101
(WMPNetworkSvc) | L | wmpnetwk.exe | Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\ |
| a-squared Anti-Dialer Service (a2AntiDialer) | L | a2service.exe | Related to Related to a-squared Virus protection software. Note: Located in \%Program Files%\a-squared Anti-Dialer\ |
Belgium Identity Card Service
(BELGIUM_ID_CARD_SERVICE) | L | Belpic PCSC Service.exe | Belgium Identity Card Middleware from Zetes/CSC |
| Dell Printer Status Database (DLSDB) | ? | DLSDBNT.EXE | Related to Dell_Printers Note: Located in C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\ |
| license | L | lic_srv.exe | license |
| LXCCCustomerConnect | L | LXCCserv.exe | Related to Lexmark printers Note: Located in %windir%\System32\spool\DRIVERS\W32X86\3\\LXCCserv.exe |
| Network Windows Service (MSWindows) | X | urdvxc.exe | Added by the W32/Allaple-B WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| pcAnywhere Install Service - Symantec Corporation | L | pca_run.exe | Part of Symantec PCAnywhere |
| Remote Debug Services | X | smsc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Shell Software Detection (ShellSWDetection) | X | shellsw.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| SolidWorks Licensing Service | L | SolidWorksLicensing.exe | Part of a SolidWorks product |
| Windows Zero Connection (WinZConn) | ? | mswnt.exe | Probable backdoor trojan |
| Wireless Adapter Configurator | L | WirelessDaemon.exe | Related to BT's home hub products |
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##
(Bonjour Service) | L | mDNSResponder.exe | mdnsresponder.exe is a process associated with "Bonjour for Windows" software. It is used by ITunes for music sharing. Note: Located in \%Program Files%\Bonjour\ |
| $sys$aries | X | aries.sys | Added by the SonyBMG_First4DRM
ROOTKIT!
Read the link, rootkit type stealth involved. Thanks Sony. |
| (4 random characters).sys | X | windev(4 random characters).sys | Troj/Dorf-K |
| (Any service name) | O | srvany.exe | This utility allows running Windows NT\2000\XP applications as services.
Can also be used to load Malware. See Explanation
...
Example of how to find the file being loaded with Service name iOpusService
|
| (non-roman characters) | X | sServer.exe | Added by the Troj/Feutel-AB
TROJAN!
Note: This trojan file is found in the Windows or Winnt folder.
|
| (random file name without extension) | X | (random file name).sys | Added by the TROJ_ROOTKIT.AI
TROJAN!
Read the link, rootkit type stealth involved.
|
| (Random Letters) | X | (Random FileName).dll | Troj/Conhook-AG
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Installs multiple services. Read link |
| (random name) | X | window.exe | Troj/Hupigon-BS Note: Located in %windir% Read the link, steals information and allows remote access |
| (Random) *See description* | X | irjit.dll | Added by the Backdoor.CVM
TROJAN! Note: This trojan file is found in the System or System32 folder. *Check the link for the list of random service names.* |
| (special characters) (myserver) | X | myserver.exe | Added by the Troj/Dropper-BR
TROJAN!
|
| *Microsoft Update | X | wstcl.exe | No from Microsoft. |
| *Microsoft Update | X | wuytc.exe | unknown virus |
| *windows update | X | wsctl.exe | malware virus. possibly "Win32.Rbot.gen" |
| *windows update | X | wuaucrlt.exe | Added by the W32.Spybot.HUR WORM! |
| *wuauclt.exe | X | random | Related to WORM_RBOT.AKU or variant. |
| .NET Framework Service | X | svchost.exe | "Trojan-PSW.Win32.Sagic.15" Virus |
| .NET Framework Service (.NET Connection Service) | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ Note The proper location for that operating file is in C:\%WINDIR%\System32 |
.NET Runtime Optimization Service v2.0.50215_X86
(clr_optimization_v2.0.50215_32) | L | mscorsvw.exe | Related to Microsoft_NET_Framework NET Runtime Optimization Service. |
| 1784-PCIDS DeviceNet | ? | PcidsService.exe | Appears to be from Rockwell software |
| 1789-SIM Simulator Module (SimModuleService) | ? | SimModuleService.exe | Appears to be from Rockwell software |
| 19E7E238 | X | 19E7E238.EXE | Troj/Agent-ELX |
| 2D98923D | X | E69C6CEE.exe | Troj/Agent-FYY
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Allows others to access the computer |
| 32-bit Installation Host (inst32) | X | inst32.exe | Added by the W32/Chinegan-A WORM! Note: This worm is located in C:\Program Files\Common Files\inst32\ |
| 32-bit Registration Host (reghost32) | X | reghost32.exe | Added by the W32/Rbot-GKR WORM! Note: This worm is located in C:\Program Files\Common Files\System\ |
| 39672EA4 | X | 39672EA4.EXE | Troj/GrayBir-EW |
| 3Com DMI Agent | L | 3CDMINIC.EXE | 3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards |
| 3ComBOOTP | L | 3CBOOTPS.EXE | A 3Com Product
Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment.
Note: Located in Drive:\Program Files\3Com\Boot Services |
| 3ComPXE | L | 3CPXES.EXE | A 3Com Product
Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment.
Note: Located in Drive:\Program Files\3Com\Boot Services
|
| 3ComTFTP | L | 3CTFTPS.EXE | A 3Com Product
Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment.
Note: Located in Drive:\Program Files\3Com\Boot Services
|
| 3dkeybd | O | 3dkeybd.exe | Unknown... No answers on the net. |
| 55euf6 | X | 55euf6.sys | Troj/DwnLdr-GWX
Note:Located in C:\Windows\System\Drivers (Win9x/Me), C:\%WINDIR%\System32\Drivers (XP/WinNT/2K)
May install another service a6fyts35 |
| 64Bit architecture emulation (wrmsrvice) | X | WRMSRVICE.SYS | Added by the TROJ_ROOTKIT.AG
TROJAN!
Read the link, rootkit type stealth involved.
|
| 79F5137E | X | DBB6ED81.EXE | W32/SlliyFD-G
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Allows others to access the computer |
| 80xFire daemon (80xFire) | X | 80xFire.exe | Added by the W32/Tilebot-BK
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| 9F9DF57C | X | (random name) | Troj/DwnLdr-GUT |
| @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) | L | snmptrap.exe | Related to MKS_Toolkit In Windows Vista. Note:Located in C:\%WINDIR%\System32 |
| @%SystemRoot%ehomeehstart.dll,-101 (ehstart) | L | svchost.exe | Windows Media Center Service Launcher in the Windows Vista edition |
