Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| AAMSFree702 | sys.exe | Added by the BackDoor-CPC backdoor TROJAN! | X |
| Advanced Protection System | advpsys.exe | Added by a variant of the WIN32.RBOT WORM! | X |
| Agent | alsys.exe | Added by the W32/Dref-V VIRUS! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF). | X |
| ATI Video Driver Controls | sys.exe | W32/Sdbot-DDS | X |
| AutoSys | autosys.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: More: here | X |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| Application Layer Gateway System (ALGS) | algsys.exe | Added by the W32/Rbot-DDF WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) | X |
| Control Task Manager | cvsys.exe | Added by an unidentified TROJAN! Note: of the IRC/bot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) | X |
| Debug Config System | lrsys.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: More here | X |
| fsbwsys | fsbwsys.exe | Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder. | L |
| hp service (Hpsys) | hpsys.exe | Added by the W32/Codbot-AF WORM! Note: This service has nothing to do with HP. This worm\trojan file is found in the System32 folder. | X |
Drivers List Results
Driver Entry
Driver Entry
| Name | Filename | Description | Status |
| AKAI_ACV1_MIDI | akaiacv1m.sys.exe | Related to Ploytec MIDI Driver from Ploytec GmbH | L |
| JabraDFU | JabraBcDfuX64.sys.exe | Related to Jabra Bluecore DFU driver from GN NETCOM A/S. | L |
| EvtSys | evtsys.exe | Related to evtsys.exe provides a method of sending Windows Eventlog events to a syslog server from Eventlog to Syslog Service for Windows Open source. | L |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {28ABC5C0-4FCB-11CF-AAX5-21CX3C643131} | (no name) | sys.exe | Infostealer trojan, detected as W32/AutoRun-ACW Win32 | X |
| {67KLN5J0-4OPM-33WE-AAX5-24KC2A323342} | (no name) | AmdSys.exe | Infostealer, detected as W32/SillyFDC-ER Win32 worm | X |
| {********-****-****-****-************} | (no name) | server.exe, update.exe, win.exe, win32.exe, dll.exe, sys.exe, systym.exe, Addpatch.exe, install.exe, microsoft.log, winrsv.exe, winsys.exe, msn.exe, Msn2.exe, other filenames | Variant of the Bifrost or Bifrose backdoor trojan | X |
| {F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999} | (no name) | mrsys.exe | Infostealer trojan, detected as Trojan.Win32.Swisyn.aegn | X |
| {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} | (no name) | mrsys.exe, msorcl32.exe, services.exe, Uninstall.exe, UNINSTALLC32.exe, update.exe | Infostealer trojan, detected as Worm:Win32/Mofksys.A or W32.Dranyam | X |