Pc-processes > W > ADSL Geek
PC process registry
Find if your processes are spyware or a virus:[A][B][C][D][E][F][G][H][I][J][K][L][M][N][O][P][Q][R][S][T][U][V][W][X][Y][Z]Results for W:
| Process Name | Status | Startup Item Name | Comments |
|---|---|---|---|
| winrecon.exe | N | !NoLoad | WinRecon keystroke logger/monitoring program - remove unless you installed it yourself! |
| wuauqmr.exe | X | NvCpTDaemon | Added by the CULT-B WORM! |
| winSOCKS.exe | X | (*)API Machine | Homepage hijacker, see here (* = any digit) |
| win32API.exe | X | (*)Run | Homepage hijacker, see here (* = any digit) |
| winhelp.exe | X | (Default) | Added by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank |
| winbas12.exe | X | (Default) | Adware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank |
| winlog.exe | X | (Default) | Unidentified adware. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank |
| winligom.exe | X | (Default) | Added by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank |
| wstcl.exe | X | *Microsoft Update | Added by the STMU TROJAN! |
| wucxt.exe | X | *Microsoft Update | Added by the STMU TROJAN! |
| wuytc.exe | X | *Microsoft Update | Added by the STMU TROJAN! |
| WerFault.exe | N | *WerKernelReporting | Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here |
| wrauclt.exe | X | *windows update | Added by the RBOT-QU WORM! |
| wuanclt.exe | X | *windows update | Added by the RBOT-PG WORM! |
| wuaucrlt.exe | X | *windows update | Added by the SPYBOT.HUR WORM! |
| wuraclt.exe | X | *windows update | Added by the RBOT-PO WORM! |
| wurauclt.exe | X | *windows update | Added by the RBOT-SY WORM! |
| wsctl.exe | X | *windows update | Added by the SPYBOT.PR WORM! |
| wkmst.exe | X | *windows update | Added by the SDBOT.AVD WORM! |
| wscxt.exe | X | *windows update | Added by the RBOT.AOS WORM! |
| waurclt.exe | X | *windows update | Added by a variant of the RBOT WORM! |
| winstats.exe | X | *winstats | Added by the GARGAFX TROJAN! |
| w****.exe [* = random char] | X | *wuauclt.exe | Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on... |
| wininfo.exe | X | ,main drive Loader | Suspected malware as it appears in 3 different registry locations - see here |
| winlogon.exe | X | .Prog | Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! |
| WARN0190.EXE | U | 0190 Warner | Anti-dialer program (Germany) |
| WARN0900.EXE | U | 0900 Warner | Anti-dialer program (Germany) |
| WebMailSpy.exe | X | 1WinCfg32 | WebMailSpy spyware |
| winmgr.exe | X | 252 | Added by the LEGMIR-AT TROJAN! |
| winlog0n.exe | X | 9m | Added by the LEGMIR-AQK TROJAN! |
| wincms.exe | X | @ | Added by the RBOT.CBR WORM! |
| w32NTupdt.exe | X | A New Windows Updater | Added by the MYTOB.BM WORM! |
| winpppoverethernet.exe | Y | a-winpoet-service | WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking |
| winsto.exe | X | Access Control App | Detected by Kaspersky as the AGENT.DGO TROJAN! See here |
| wcescom32.exe | X | ActiveSync | Added by the MANCSYN-E TROJAN! |
| wini.exe | X | AdAware | Added by the RBOT-XN WORM! |
| winlogon.exe | X | Administrator | Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! |
| windrv.exe | X | ADriver | Added by the DELF.WG TROJAN! |
| windefault.exe | U | AFAFilter | AFAFilter - internet filter software |
| WinServ.exe | X | AKEYNAME | Added by the EVILBOT.C TROJAN! |
Most of the data for these PC Process lists are kindly provided to the Internet community by the awesome guys from http://www.sysinfo.org/
"Y" - Normally leave to run at start-up"N" - Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown
Variables:
%System%
- refers to the System folder; by default this is C:\Windows\System (9x/Me), C:\Winnt\System32 (NT/2K), or C:\Windows\System32 (XP/Vista)
%Windir%
- refers to the Windows installation folder; by default this is C:\Windows (9x/Me/XP/Vista) or C:\Winnt (NT/2K)
%UserProfile%
- refers to the current user's profile folder; by default this is C:\Documents and Settings\ (NT/2K/XP) or C:\Users\ (Vista)
%ProgramFiles%
- refers to the Program Files folder; typically the path is C:\Program Files