The most basic system processes (that is, these processes are the basic conditions for the system to run. With these processes, the system can run normally ):
Smss.exe Session Manager
Csrss.exe subsystem server process
Winlogon.exe manage user logon
Services.exe contains many system services
Lsass.exe manages IP Security Policies and starts ISAKMP/Oakley (IKE) and IP Security drivers. (System Service)
Generate a session key and assign the service creden。 (ticket) for Interactive Client/Server Authentication ). (System Service)
Svchost.exe contains many system services
Svchost.exe
Spoolsv. EXE loads the file into the memory for later printing. (System Service)
Assumer.exe Resource Manager
Pinyin icon in internat.exe Tray
Additional system processes (these processes are not necessary. You can increase or decrease them through the Service Manager as needed ):
Mstask.exe allows programs to run at a specified time. (System Service)
Regsvc.exe allows remote registry operations. (System Service)
Winmgmt.exe provides system management information (system services ).
Inetinfo.exe provides FTP connection and management through the management unit of Internet Information Service. (System Service)
Tlntsvr.exe allows a remote user to log on to the system and run the console program using the command line. (System Service)
Allows you to manage web and FTP services through the management units of Internet Information Services. (System Service)
Tftpd.exe implements the TFTP Internet standard. The user name and password are not required for this standard. Part of the Remote Installation service. (System Service)
Termsrv.exe provides a multi-session environment that allows client devices to access virtual Windows 2000 Professional desktop sessions and Windows-based programs running on servers. (System Service)
Dns.exe responds to queries and updates requests for Domain Name System (DNS) names. (System Service)
The following services are rarely used. The above services are harmful to security and should be disabled if not necessary.
Tcpsvcs.exe provides the ability to remotely install Windows 2000 Professional on a PXE client computer. (System Service)
The following TCP/IP Services are supported: character generator, daytime, discard, ECHO, and quote of the day. (System Service)
Ismserv.exe allows sending and receiving messages between Windows Advanced Server sites. (System Service)
Ups.exe manages the uninterruptible power supply (UPS) that is connected to the computer ). (System Service)
Wins.exe provides the NetBIOS Name Service for TCP/IP customers who register and resolve NetBIOS names. (System Service)
Llssrv.exe License Logging Service (System Service)
Ntfrs.exe maintains file synchronization between multiple servers in the file directory. (System Service)
Rssub.exe controls the media used to remotely store data. (System Service)
Locator.exe manages the RPC Name Service database. (System Service)
Lserver.exe registers the client license. (System Service)
Dfssvc.exe manages logical volumes distributed on the LAN or WAN. (System Service)
Clipsrv.exe supports "Clipboard viewer", so that you can view the clipboard page remotely. (System Service)
Msdtc.exe is a parallel transaction that is distributed in more than two databases, message queues, file systems, or other transaction protection resource managers. (System Service)
Faxsvc.exe helps you send and receive faxes. (System Service)
Cisvc.exe Indexing Service (System Service)
Dmadmin.exe System Management Service for disk management requests. (System Service)
Mnmsrvc.exe allows authorized users to remotely access Windows desktops using netmeeting. (System Service)
Netdde.exe provides the network transmission and security features of Dynamic Data Exchange (DDE. (System Service)
Smlogsvc.exe configure Performance Logs and alarms. (System Service)
Rsvp.exe provides network signal and local communication control installation for quality service (QoS)-dependent programs and control applications. (System Service)
Rseng.exe is a service and management tool that stores infrequently used data. (System Service)
Rsfsa.exe Manages objects stored remotely. (System Service)
Grovel.exe scans duplicate files on the zero-backup storage (SIS) volume and points the duplicate files to a data storage point to save disk space. (System Service)
Scardsvr.exe manages and controls access to smart cards inserted into smart card readers. (System Service)
Snmp.exe contains a proxy program that can monitor activities of network devices and report to the Network Console workstation. (System Service)
Snmptrap.exe Receives trap messages generated by local or remote SNMP agents, and then transmits the messages to the SNMP manager running on this computer.
. (System Service)
Utilman.exe starts and configures the auxiliary tool from a window. (System Service)
Msiexec.exe installs, repairs, and deletes software based on the commands in the. MSI file. (System Service)
Detailed description:
Win2k running process
Svchost.exe
The svchost.exe file is a common host process name for services running from the dynamic Connection Library. The svhost.exe file is located in the % SystemRoot % \ system32 folder of the system. At the startup time, svchost.exe checks the location in the Registry to build the list of services to be loaded. This will allow multiple svchost.exe to run at the same time. Each session of svchost.execontains a set of services, so that the unique service depends on how and where svchost.exe is started. This makes it easier to control and locate errors.
The svchost.exe group is identified by the following registry values.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ svchost
Each value under this key represents an independent svchost group, and when you are watching the active process, it is displayed as a separate example. Each key value is of the reg_multi_sz type and includes services running in the svchost group. Each svchost group contains one or more service names selected from the registry value. The service parameter value contains a servicedll value.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Service
More information
To see the services that are running in the svchost list.
Start-run-Enter cmd
Then, input tlist-s (tlist should be the winter in the Win2k Toolbox)
Tlist displays a list of active processes. Switch-s to display the list of active services in each process. If you want to know more about
Process information. You can tap the tlist PID.
Tlist displays two examples of svchost.exe running.
0 System Process
8 System
132 smss.exe
160 csrss.exe title:
180 winlogon.exe title: NETDDE agent
208services.exe
SVCs: appmgmt, browser, DHCP, dmserver, Dnscache, Eventlog, LanmanServer, lanmanworkstation, LmHosts, messenger, plugplay,
Protectedstorage, seclogon, TrkWks, w32time, WMI
220 lsass.exe SVCs: netlogon, PolicyAgent, SamSs
404 svchost.exe SVCs: RPCSS
452 spoolsv.exe SVCs: Spooler
544 cisvc.exe SVCs: cisvc
556 svchost.exe SVCs: EventSystem, netman, Ntmssvc, RASMAN, sens, tapisrv
580 regsvc.exe SVCs: RemoteRegistry
596 mstask.exe SVCs: Schedule
660 snmp.exe SVCs: SNMP
728 winmgmt.exe SVCs: Winmgmt
852 cidaemon.exe title: olemainthreadwndname
812 assumer.exe title: Program Manager
1032 OSA. EXE title: reminder
1300 cmd.exe title: D: \ winnt5 \ system32 \ cmd.exe-tlist-S
1080 mapisp32.exe title: WMS idle
1264 rundll32.exe title:
1000 mmc.exe title: Device Manager
1144 tlist.exe
In this example, two groups are set for the Registry.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ svchost:
Netsvcs: reg_multi_sz: EventSystem IAS iprip irmon netman nwsapagent RasAuto RASMAN RemoteAccess sens sharedaccess tapisrv Ntmssvc
RPCSS: reg_multi_sz: RPCSS
Smss.exe
Csrss.exe
This is part of the user mode Win32 subsystem. CSRSS stands for the customer/server operation subsystem and is a basic subsystem that must always run. CSRSS controls windows, creates or deletes threads, and some 16-bit virtual MS-DOS environments.
Assumer.exe
This is a user's shell (I really don't know how to translate the shell). It looks like a task bar, a desktop, and so on. This process does not run as an important process in Windows as you think. You can stop it from the task manager or restart it. Generally, it does not have any negative impact on the system.
Internat.exe
This process can be switched off from the task manager. Internat.exe starts running at startup. It loads different input points specified by the user. The Input Point is from the Registry location HKEY_USERS \. Default \ keyboard layout \ preload to load the content. Internat.exe loads the "en" icon into the system's icon area, allowing users to easily convert different input points. When the process is stopped, the icon disappears, but the input point can still be changed through the control panel.
Lsass.exe
This process cannot be switched off from the task manager.
This is a local security authorization service, and it will generate a process for authorized users using the Winlogon service. This process is executed by using an authorized package, such as the default MSGINA. dll. If the authorization succeeds, LSASS will generate the user's access token. Do not use the start initial shell as the token. Other user-initiated processes will inherit this token.
Mstask.exe
This process cannot be switched off from the task manager. This is a task scheduling service, which allows you to determine the running of a task at a specific time in advance.
Smss.exe
This process cannot be switched off from the task manager. This is a session management subsystem that starts user sessions. Threads) and set system variables. After it starts these processes, it waits until Winlogon or CSRSS ends. If these processes are normal, the system will shut down. If something unexpected occurs, smss.exe will stop the system from responding (that is, suspending ).
Spoolsv.exe
This process cannot be switched off from the task manager. The Spooler Service is used to manage print and fax jobs in the buffer pool.
Service.exe
This process cannot be switched off from the task manager. Most of the system's core mode processes are running as system processes.
System idle Process
This process cannot be switched off from the task manager. This process runs on each processor as a single thread and distributes the Time of the processor when the system does not process other threads.
Taskmagr.exe
This process can be disabled in the task manager. This process is the task manager.
Winlogon.exe
This process is used to manage user logon and launch. Winlogon is activated when you press CTRL + ALT + DEL to display the security dialog box.
Winmgmt.exe
Winmgmt is the core component of Win2000 Client Management. This process is initialized when the client application is connected or when the administrator needs its own services.