A detailed description of Windows process

Source: Internet
Author: User
Tags snmp ftp client dreamweaver live chat microsoft frontpage microsoft outlook

1: System-necessary processes
System process
Process files: [System process] or [system process]
Process name: Windows Memory Processing System process
Description: Windows page memory management process with 0 levels of precedence.
Process file: ALG or Alg.exe
Process Name: Application Layer Gateway Service
Description: This is an application-tier Gateway service for network sharing
Process files: Csrss or Csrss.exe
Process name: Client/server Runtime Server Subsystem
Description: Client services Subsystem for controlling Windows graphics related subsystems.
Process files: DDhelp or Ddhelp.exe
Process Name: DirectDraw Helper
Description: DirectDraw Helper is a part of DirectX, which is used for graphics services.
Process files: Dllhost or Dllhost.exe
Process name: DCOM DLL Host Process
Description: DCOM DLL Host process supports COM-based object support DLLs to run Windows programs
Process files: Explorer or Explorer.exe
Process Name: Program Management
Description: Windows Program Manager or Windows Explorer is used to control the Windows graphics shell, including the Start menu,

taskbar, desktop, and file management. This process is primarily responsible for displaying the icons on the system desktop and the taskbar
Process files: Inetinfo or inetinfo.exe
Process name: IIS Admin Service Helper
Description: Inetinfo is part of Microsoft Internet infomation Services (IIS) for debug debug debugging.
Process files: Internat or Internat.exe
Process Name: Input Locales
Description: This input control icon is used to change similar country settings, keyboard types, and date formats
Process files: kernel32 or Kernel32.dll
Process name: Windows shell process
Description: Windows shell processes for managing multithreading, memory, and resources
Process files: Lsass or Lsass.exe
Process Name: Local security Rights Service
Description: This local security rights service controls Windows security.
Process detail: Manage IP Security Policies and boot Isakmp/oakley (IKE) and IP security drivers. (System service) generates a session key and grants

Service credentials for interactive client/server authentication (ticket), that is, the local security rights service, one of the core processes belonging to WINDOWSDE is also being exploited by hackers to find loopholes, the famous shock wave is one of the loopholes,
Process files: MDM or Mdm.exe
Process name: Machine Debug Manager
Description: Debug error management for debugging applications and Microsoft Script Editor in Microsoft Office
Process files: Mmtask or Mmtask.tsk
Process Name: Multimedia support Process
Description: This Windows Multimedia Daemon Program Multimedia Service
Process files: Mprexe or Mprexe.exe
Process Name: Windows routing Process
Description: The Windows routing process involves making a network request to the appropriate network part
Process files: msgsrv32 or Msgsrv32.exe
Process name: Windows Messenger Service
Description: Windows Messenger Service calls Windows Driver and program management at startup
Process files: Mstask or Mstask.exe
Process name: Windows scheduled Task
Description: A Windows Scheduled task is used to set the time or date at which the inheritance is backed up or run
Process files: regsvc or Regsvc.exe
Process Name: Remote Registry Service
Description: The remote Registry service is used to access the registry on the remote computer
Process files: RPCSS or Rpcss.exe
Process Name: RPC portmapper
Description: The RPC port mapping process for Windows handles RPC calls (remote module calls) and then maps them to the specified service provider
Process files: Services or Services.exe
Process name: Windows Service Controller
Description: Manage Windows Services
Process files: SMSs or Smss.exe
Process Name: Session Manager Subsystem
Description: The process is used by the session management subsystem to initialize system variables, MS-DOS driver names resemble LPT1, and COM calls the WIN32 Shell subsystem and runs in the Windows logon process
Process files: SNMP or Snmp.exe
Process name: Microsoft SNMP Agent
Description: Windows Simple Network protocol agent (SNMP) is used to listen for and send requests to the appropriate network section
Process files: spool32 or Spool32.exe
Process Name: Printer Spooler
Description: Windows Print task control program for printer ready
Process files: SPOOLSV or Spoolsv.exe
Process name: Printer Spooler Service
Description: Windows Print task control program for printer ready
Process files: stisvc or Stisvc.exe
Process name: Still Image Service
Description: Still Image service is used to control scanners and digital camera connections in Windows
Process files: Svchost or Svchost.exe
Process Name: Service Host Process
Description: Service host process is a standard dynamic connection Library host processing services.
Process Details: Svchost.exe is a core process of a system, not a virus process. But due to the particularity of the Svchost.exe process,

So the virus will do everything possible to invade Svchost.exe. By looking at the execution path of the Svchost.exe process, you can confirm whether poisoning
Svchost.exe is the generic host process name for a service running from a dynamic link library (DLL).
In fact, Svchost.exe is a core process of the Windows XP system. Svchost.exe not only appears in Windows XP,

There will be Svchost.exe in Windows systems that use the NT kernel. Typically, the number of Svchost.exe processes in Windows 2000 is 2,

The number of Svchost.exe processes in Windows XP has risen to 4 and more than 4. So I see a few Svchost.exe in the list of processes in the system

Don't worry so much.
If you suspect that the computer may be infected by a virus, the Svchost.exe service is abnormal, you can find the exception by searching for the Svchost.exe file. Typically, you will only find a Svchost.exe program in the "C:\Windows\System32" directory.

If you find the Svchost.exe program in a different directory, it is likely to be poisoned.
Process files: System or System
Process Name: Windows System Process
Description: Microsoft Windows system process.
Process files: taskmgr or Taskmgr.exe
Process name: The Windows Task Manager
Description: Windows Task Manager, a Windows task management performer
Process files: Taskmon or Taskmon.exe
Process name: Windows Task Optimizer
Description: Windows task Optimizer monitors how often you use a program, and organizes and optimizes hard drives by loading programs that you use frequently
Process files: Tcpsvcs or Tcpsvcs.exe
Process name: TCP/IP Services
Description: TCP/IP Services application supports LAN and Internet connections via TCP/IP
Process files: Winlogon or Winlogon.exe
Process Name: Windows Logon Process
Description: Windows NT User Login program.
Process files: WinMgmt or Winmgmt.exe
Process name: Windows Management Service
Description: Windows Management Service handles Windows Management instrumentation data (WMI) technology from applications

Request from client
Process files: WUAUCLT or Wuauclt.exe
Process name: AutoUpdate for Windows
Description: Windows auto-upgrade,
Process Details: Wuauclt.exe is the system process that is responsible for Windows auto-upgrade. Can detect recent Windows updates online

If you don't turn on auto-escalation, you won't have the process, and even if you open it, it's not always open at all.
Process files: Wuauc or Wuauc.exe
Process name: Automatic Updates auto-upgrade
Process Description: Wuauc.exe Automatic Updates for Windows management. This program automatically checks for recent Windows updates.
System Idle Process (this will be mentioned separately below)
General procedures and service processes in 2:windows
Process files: ABSR or Absr.exe
Process Name: Backdoor.autoupder Virus
Description: This process was created by the Backdoor.autoupder backdoor virus program.
Process files: Acrobat or Acrobat.exe
Process Name: Adobe Acrobat
Description: Acrobat writer is used to create PDF documents.
Process files: acrord32 or Acrord32.exe
Process Name: Acrobat Reader
Description: Acrobat reader is a software for reading PDF documents.
Process files: Agentsvr or Agentsvr.exe
Process Name: OLE Automation server
Description: OLE Automation Server is part of the Microsoft Agent.
Process files: Aim or Aim.exe
Process name: AOL Instant Messenger
Description: AOL Instant messenger is an IM software client for live chat and instant messaging.
Process files: Airsvcu or Airsvcu.exe
Process name: Microsoft Media Manager
Description: OLE This is a process that is used to set up index files and folders on a hard disk to run when Microsoft Media Manager Press Management is started.

It can be disabled in the Control Panel.
Process files: Alogserv or Alogserv.exe
Process Name: McAfee VirusScan
Description: McAfee VirusScan is an anti-virus software used to scan your documents and e-mails for viruses.
Process files: Avconsol or Avconsol.exe
Process Name: McAfee VirusScan
Description: McAfee VirusScan is an anti-virus software used to scan your documents and e-mails for viruses.
Process files: avsynmgr or Avsynmgr.exe
Process Name: McAfee VirusScan
Description: McAfee VirusScan is an anti-virus software used to scan your documents and e-mails for viruses.
Process files: BackWeb or BackWeb.exe
Process Name: BackWeb Adware
Description: BackWeb is a adware (advertising plugin, usually due to the installation of some freeware and accompanied by the installation of the program) from BackWeb Technologies.

Process files: BCB or Bcb.exe
Process Name: Borland C + + Builder
Description: Borland C + + Builder
Process files: Calc or calc.exe
Process Name: Calculator
Description: Microsoft Windows Calculator Program
Process files: Ccapp or CcApp.exe
Process name: Symantec Common Client
Description: The Symantec Common App client is included in Norton AntiVirus 2003 and Norton Personal Firewall 2003.
Process files: CDPlayer or Cdplayer.exe
Process Name: CD Player
Description: A CD player that is included in Microsoft windows
Process files: Charmap or Charmap.exe
Process name: Windows Character Map
Description: A Windows Character mapping table is used to help you look for uncommon characters.
Process files: Cidaemon or Cidaemon.exe
Process name: Microsoft indexing Service
Description: The Windows Indexing Service that runs in the background to help you search for files becomes faster the next time.
Process files: cisvc or Cisvc.exe
Process name: Microsoft Index Service Helper
Description: Microsoft Index Service Helper monitors the memory consumption of Microsoft Indexing Service (Cidaemon.exe), If the Cidaemon.exe memory usage exceeds 40M, the process is automatically restarted.
Process file: cmd or cmd.exe
Process name: Windows Command Prompt
Description: Windows console program. Unlike the old Command.com,cmd.exe is a 32-bit command exercise used in WINNT/2000/XP.
Process files: Cmesys or Cmesys.exe
Process name: Gator GAIN Adware
Description: Gator gain is a adware plug-in (ad plugin, usually due to the installation of some free software to accompany the program).
Process files: Ctfmon or Ctfmon.exe
Process Name: Alternative User Input Services
Description: Controls alternative User Input Text Processor (TIP) and the Microsoft Office Language bar. Ctfmon.exe provides speech recognition,

Support for handwriting recognition, keyboard, translation, and other user input technologies.
Process files: CTSVCCDA or Ctsvccda.exe
Process Name: Create CD-ROM Services
Description: Creates a CD-ROM access service in Win9x.
Process files: cutftp or Cutftp.exe
Process Name: CuteFTP
Description: CuteFTP is a popular FTP client for uploading/downloading files from an FTP server.
Process files: Defwatch or Defwatch.exe
Process Name: Norton AntiVirus
Description: Norton Anti-Virus scans your files and emails to check for viruses.
Process files: Devldr32 or Devldr32.exe
Process name: Create Device Loader
Description: Creative Device loader belongs to the Create SoundBlaster driver.
Process files: DirectCD or Directcd.exe
Process Name: Adaptec DirectCD
Description: Adaptec DirectCD is a File Manager-style interface that burns files to CD-ROM software.
Process files: Dreamweaver or Dreamweaver.exe
Process Name: Macromedia DreamWeaver
Description: Macromedia Dreamweaver is an HTML editor used to create Web sites and other categories of HTML documents.
Process files: em_exec or Em_exec.exe
Process name: Logitech Mouse Settings
Description: This is the Logitech MouseWare status bar icon process for user access to control mouse properties and see MouseWare Help.
Process files: Excel or Excel.exe
Process Name: Microsoft Excel
Description: Microsoft Excel is a spreadsheet program that is included in Microsoft Office.
Process files: FindFast or Findfast.exe
Process name: Microsoft Office Indexing
Description: Microsoft Office Indexing Program is used to increase the speed of Office documents in Microsoft Office indexing.
Process files: FrontPage or Frontpage.exe
Process Name: Microsoft FrontPage
Description: Microsoft FrontPage is an HTML editor used to create Web sites and other categories of HTML documents.
Process files: GMT or Gmt.exe
Process name: Gator Spyware Component
Description: Gator spyware is an ad plugin that installs and boots with Gator.
Process file: hh or hh.exe
Process Name: Gator Windows Help
Description: The Windows Help program is used to open helper files and documents, including in many Windows programs.
Process files: Hidserv or Hidserv.exe
Process name: Microsoft Human Interface Device Audio Service
Description: Background service to support USB audio components and USB multimedia keyboards.
Process files: QQ or QQ.exe
Process Name: QQ
Description: QQ is an online chat and Instant Messenger client.
Process files: IExplore or Iexplore.exe
Process Name: Internet Explorer
Description: The Microsoft Internet Explorer Web browser accesses the WWW World Wide Web through HTTP.

Process files: Kodakimage or Kodakimage.exe
Process Name: Imaging
Description: Kodak imaging is a picture viewer software. Included in Windows to open image files.
Process files: LOADQM or Loadqm.exe
Process name: MSN Queue Manager Loader
Description: MSN Queue Manager Loader is installed with MSN Explorer and MSN Messenger. He will occupy a lot of system resources at some point.
Process files: LOADWC or Loadwc.exe
Process Name: Load WebCheck
Description: Load WebCheck is used to customize settings for some Internet Explorer, add, remove, or update user profiles settings.
Process files: Mad or Mad.exe
Process name: System Attendant Service
Description: The System Attendant service is a background program for Microsoft Exchange Server.

It is used to read Microsoft Exchange's DLLs file to write log information and generate an offline address? Gt;>?br>mcshield.exe
Process files: McShield or Mcshield.exe
Process Name: McAfee VirusScan
Description: McAfee VirusScan is an anti-virus software that scans your files and emails for viruses.
Process files: MGABG or Mgabg.exe
Process name: Matrox BIOS Guard
Description: Matrox BIOS daemon.
Process files: Mmmc or Mmc.exe
Process name: Microsoft Management Console
Description: The Microsoft Management Console Management Control program integrates a number of system control options. such as device management (System, hardware)
or computer rights control (administrative management tool).
Process files: Mobsync or Mobsync.exe
Process Name: Microsoft synchronization Manager
Description: An integral part of Internet Explorer that synchronizes offline viewing of pages in the background.
Process files: MPlayer or Mplayer.exe
Process name: Windows Media Player
Description: Windows Media player is a software that opens music, sound, and video files.
Process files: Mplayer2 or Mplayer2.exe
Process name: Windows Media Player
Description: Windows Media player is a software that opens music, sound, and video files.
Process files: msaccess or Msaccess.exe
Process Name: Microsoft Access
Description: Microsoft Access is a database software that is included in Microsoft Office.
Process files: MSBB or Msbb.exe
Process name: MSBB Web3000 Spyware Application
Description: MSBB Web3000 spyware is included in some adware products, using the registry with Windows startup.
Process files: MSDTC or Msdtc.exe
Process name: Distributed Transaction Coordinator
Description: Microsoft distributed Transaction Coordinator controls the transfer of multiple servers,

is installed in Microsoft Personal Web Server

and Microsoft SQL Server.
Process files: msiexec or msiexec.exe
Process name: Windows Installer Component
Description: Part of Windows installer. The installation files that are used to help the Windows Installer package files (MSI) format.
Process files: MSIMN or Msimn.exe
Process name: Microsoft Outlook Express
Description: Microsoft Outlook Express is an email and newsgroup client that is included in Microsoft Windows.
Process files: msmsgs or Msmsgs.exe
Process name: MSN Messenger Traybar Process
Description: MSN Messenger is an online chat and Instant Messenger client.
Process files: msoobe or Msoobe.exe
Process name: Windows Product Activation
Description: The Product Activation Products activation program for Windows XP license.
Process files: MSPaint or MSPaint.exe
Process Name: Microsoft Paint
Description: Microsoft Paint Paint is an image editor that is included in Microsoft Windows, which is capable of editing BMP images.
Process files: MSPMSPSV or Mspmspsv.exe
Process name: WMDM PMSP Service
Description: The helper Service that Windows Media Player 7 needs to install.
Process files: mysqld-nt or Mysqld-nt.exe
Process Name: MySQL Daemon
Description: MySQL daemon Controls access to the MySQL database.
Process files: navapsvc or Navapsvc.exe
Process name: Norton AntiVirus auto-protect Service
Description: Norton Anti-Virus scans your files and emails for viruses.
Process files: Navapw32 or Navapw32.exe
Process name: Norton AntiVirus Agent
Description: Norton Anti-Virus scans your files and emails for viruses.
Process files: Ndetect or Ndetect.exe
Process name: ICQ ndetect Agent
Description: ICQ ndetect agent is a program used by ICQ to detect network connections.
Process files: Netscape or Netscape.exe
Process Name: Netscape
Description: The Netscape Web browser browses the WWW World Wide Web via HTTP.
Process files: Notepad or notepad.exe
Process Name: Notepad
Description: The Notepad character Editor is used to open the document. Included in Windows.
Process file: ntbackup or Ntbackup.exe
Process Name: Windows Backup
Description: The Windows Backup utility is used to back up files and folders.
Process files: NTVDM or Ntvdm.exe
Process name: Windows 16-bit Virtual Machine
Description: Windows virtual machine is a VM that is set up to be compatible with older 16-bit Windows and DOS programs.
Process files: Nvsvc32 or Nvsvc32.exe
Process name: NVIDIA Driver Helper Service
Description: The NVIDIA Driver Helper service was installed in the Nvida graphics driver.
Process files: Nwiz or Nwiz.exe
Process name: NVIDIA nView Control Panel
Description: The NVIDIA Nview Control Panel is installed in the Nvida graphics driver for adjustment and setup.
Process files: OSA or Osa.exe
Process name: Office Startup Assistant
Description: Microsoft Office Startup Assistant, which launches with Windows, enhances features such as startup, Office fonts, commands, and Outlook transaction reminders.
Process files: Outlook or Outlook.exe
Process Name: Microsoft Outlook
Description: Microsoft Outlook is an email client that is included in Microsoft Office
Process files: Point32 or Point32.exe
Process Name: Microsoft IntelliMouse Monitor
Description: Microsoft IntelliMouse Monitor adds a mouse setting icon in the toolbar.
Process files: Powerpnt or Powerpnt.exe
Process Name: Microsoft PowerPoint
Description: Microsoft PowerPoint is a presentation software that is included in Microsoft Office.
Process files: pstores or Pstores.exe
Process name: Protected Storage Service
Description: The Microsoft Protected Storage service controls confidential content passwords.
Process files: Qttask or Qttask.exe
Process Name: Quick time Tray Icon
Description: The Quick time taskbar icon starts when you run quick.
Process files: Realplay or Realplay.exe
Process Name: Real Player
Description: Real Player is a video file that a media player uses to open and play music, sound, and Real media formats.
Process files: Rnaapp or Rnaapp.exe
Process name: Windows Modem Connection
Description: The Windows modem connection control is used to control the dial modem connection.
Process files: Rtvscan or Rtvscan.exe
Process Name: Norton AntiVirus
Description: Norton Anti-Virus is used to scan your files and emails for viruses.
Process files: rundll32 or rundll32.exe
Process name: Windows RUNDLL32 Helper
Description: Windows Rundll32 for programs that need to call DLLs.
Process files: Sndrec32 or SNDREC32.exe
Process name: Windows Sound Recorder
Description: A Windows recorder is used to play and record sound files (. wav).
Process files: sndvol32 or Sndvol32.exe
Process name: Windows Volume Control
Description: The Windows sound Control process resides on the taskbar to control volume and sound card correlation.
Process files: Spoolss or Spoolss.exe
Process name: Printer Spooler Subsystem
Description: The Windows printer Control subroutine is used to invoke content that needs to be printed from disk to printer.
Process files: Starter or Starter.exe
Process name: Creative Labs ensoniq Mixer Tray icon
Description: The status bar icon is installed in the creative sound mixer. For the Creative sound card (SoundBlaster).
Process files: Systray or Systray.exe
Process name: Windows Power Management
Description: Windows Power Management program is designed to control energy savings and restore startup.
Process files: tapisrv or Tapisrv.exe
Process Name: TAPI Service
Description: Windows Telephony (TAPI) Background services program.
Process files: Userinit or Userinit.exe
Session Name: UserInit process
Description: Userinit program runs the login script, establishes the network connection and launches Shell shell.
Process files: Visio or Visio.exe
Process Name: Microsoft Visio
Description: Microsoft Visio is a graphical management software.
Process files: Vptray or Vptray.exe
Process Name: Norton AntiVirus
Description: Norton Anti-Virus scans your files and emails for viruses.
Process files: Vshwin32 or Vshwin32.exe
Process Name: McAfee VirusScan
Description: McAfee VirusScan is an anti-virus software that scans your files and emails for viruses.
Process files: Vsmon or Vsmon.exe
Process name: True Vector Internet Monitor
Description: True Vector Internet Monitor is part of the ZoneAlarm Personal firewall to monitor the network's flow through data and attacks.

Process files: Vsstat or Vsstat.exe
Process Name: McAfee VirusScan
Description: McAfee VirusScan is an anti-virus software that scans your files and emails for viruses.
Process file: WAB or Wab.exe
Process Name: Address Book
Description: An address in Outlook? Gt;>s to the address, contact information.
Process files: WebScanX or Webscanx.exe
Process Name: McAfee VirusScan
Description: McAfee VirusScan is an anti-virus software that scans your files and emails for viruses.
Process files: Winamp or Winamp.exe
Process Name: WINAMP
Description: WinAmp Media player is a software used to open music, sound and video files, and to manage Mp3 files.
Process files: WINHLP32 or WinHlp32.exe
Process Name: Windows Help
Description: A Windows Help file Viewer to open the Help document. The program is included in many Windows programs.
Process files: winoa386 or Winoa386.mod
Process name: MS-DOS Console
Description: The Windows MS-DOS console is used for DOS commands and scripts.
Process files: winproj or Winproj.exe
Process Name: Microsoft Project
Description: Microsoft project is a project scheduling program.
Process files: WinRoute or Winroute.exe
Process Name: WinRoute
Description: WinRoute is a Windows-based firewall/routing/Connection Sharing software.
Process files: Winword or winword.exe

A detailed description of Windows process

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.