Source: http://www.huaidan.org/blog
A process is an execution activity of a program on a computer. When you run a program, you start a process. Obviously, the program is dead (static), and the process is active (dynamic ). Processes can be divided into system processes and user processes. All
Functional processes are system processes. They are the operating systems in the running state. User processes are all processes started by you. A process is the unit in which the operating system allocates resources.
In Windows, a process is refined into a thread, that is, a process has multiple smaller units that can run independently.
Default process in Windows 2000
Csrss.exe
Assumer.exe
Internat.exe
Lsass.exe
Mstask.exe
Smss.exe
Spoolsv.exe
Svchost.exe
Services.exe
System
System Idle Process
Taskmgr.exe
Winlogon.exe
Winmgmt.exe
List of common Windows XP Processes
The most basic system processes (that is, these processes are the basic conditions for the system to run. With these processes, the system can run normally)
Smss.exe System Process Management
Csrss.exe subsystem server process
Winlogon.exe manage user logon
Services.exe contains many system services
Lsass.exe manages IP Security Policies and starts ISAKMP/Oakley (IKE) and IP Security drivers. (System Service) generate session keys and assign service creden。 (ticket) for Interactive Client/Server Authentication ). (System Service)-> netlogon
Svchost.exe contains many system services-> eventsystem,
(SPOOLSV. EXE loads the file into the memory for printing later .)
Assumer.exe Resource Manager
(The pinyin icon in the internat.exe tray area)
Additional system processes (these processes are not necessary. You can increase or decrease them through the Service Manager as needed)
Mstask.exe allows programs to run at a specified time. (System Service)-> schedule
Regsvc.exe allows remote registry operations. (System Service)-> remoteregister
Winmgmt.exe provides system management information (system services ).
Inetinfo.exe-> msftpsvc, w3svc, iisadmn
Tlntsvr.exe-> tlnrsvr
Tftpd.exe implements the TFTP Internet standard. The user name and password are not required for this standard. Part of the Remote Installation service. (System Service)
Termsrv.exe-> termservice
Dns.exe responds to queries and updates requests for Domain Name System (DNS) names. (System Service)
The following are all system services that are rarely used. If you do not need them for the moment, you should turn them off (which is harmful to security)
Tcpsvcs.exe provides the ability to remotely install Windows 2000 Professional on a PXE client computer. (System Service)-> simptcp
The following TCP/IP Services are supported: Character Generator, Daytime, Discard, Echo, and Quote of the Day. (System Service)
Ismserv.exe allows sending and receiving messages between Windows Advanced Server sites. (System Service)
Ups.exe manages the uninterruptible power supply (UPS) that is connected to the computer ). (System Service)
Wins.exe provides the NetBIOS Name Service for TCP/IP customers who register and resolve NetBIOS names. (System Service)
Llssrv.exe License Logging Service (system service)
Ntfrs.exe maintains file synchronization between multiple servers in the file directory. (System Service)
RsSub.exe controls the media used to remotely store data. (System Service)
Locator.exe manages the RPC Name Service database.-> rpclocator (Zone RpcSs)
Lserver.exe registers the client license. (System Service)
Dfssvc.exe manages logical volumes distributed on the LAN or WAN. (System Service)
Clipsrv.exe supports "Clipboard viewer", so that you can view the clipboard page remotely. (System Service)
Msdtc.exe is a parallel transaction that is distributed in more than two databases, message queues, file systems, or other transaction protection resource managers. (System Service)
Faxsvc.exe helps you send and receive faxes. (System Service)
Cisvc.exe Indexing Service (System Service)
Dmadmin.exe System Management Service for disk management requests. (System Service)
Mnmsrvc.exe allows authorized users to remotely access Windows desktops using NetMeeting. (System Service)
Netdde.exe provides the network transmission and security features of Dynamic Data Exchange (DDE. (System Service)
Smlogsvc.exe configure Performance Logs and alarms. (System Service)
Rsvp.exe provides network signal and local communication control installation for quality service (QoS)-dependent programs and control applications. (System Service)
RsEng.exe is a service and management tool that stores infrequently used data. (System Service)
RsFsa.exe Manages objects stored remotely. (System Service)
Grovel.exe scans duplicate files on the zero-backup storage (SIS) volume and points the duplicate files to a data storage point to save disk space (System Service)
SCardSvr.exe manages and controls access to smart cards inserted into smart card readers. (System Service)
Snmp.exe contains a proxy program that can monitor activities of network devices and report to the Network Console workstation. (System Service)
Snmptrap.exe Receives trap messages generated by local or remote SNMP agents, and then transmits the messages to the SNMP manager running on this computer. (System Service)
UtilMan.exe starts and configures the auxiliary tool from a window. (System Service)
Msiexec.exe installs, repairs, and deletes software based on the commands in the. MSI file. (System Service)
Common Windows Processes
System Process
System process
Process file: [system process] or [system process]
Process name: Windows Memory Processing System Process
Description: Windows page memory management process, with a priority of 0.
Whether the process is a system process: Yes
Alg.exe
Process file: alg or alg.exe
Process name: Application Layer Gateway Service
Description: This is an Application Layer Gateway Service for network sharing.
Whether the process is a system process: Yes
Csrss.exe
Process file: csrss or csrss.exe
Process name: Client/Server Runtime Server Subsystem
Description: Client Service subsystem used to control Windows Graphics subsystems.
Whether the process is a system process: Yes
Ddhelp.exe
Process file: ddhelp or ddhelp.exe
Process name: DirectDraw Helper
Description: DirectDraw Helper is an integral part of DirectX for graphics services.
Whether the process is a system process: Yes
Dllhost.exe
Process file: dllhost or dllhost.exe
Process name: dcom dll Host process
Description: The dcom dll Host process supports DLL running Windows programs based on COM objects.
Whether the process is a system process: Yes
Inetinfo.exe
Process file: inetinfo or inetinfo.exe
Process name: IIS Admin Service Helper
Description: InetInfo is part of Microsoft Internet Infomation Services (IIS). It is used for debugging and debugging.
Whether the process is a system process: Yes
Internat.exe
Process file: internat or internat.exe
Process name: Input Locales
Description: This input control icon is used to change settings similar to country, keyboard type, and date format.
Whether the process is a system process: Yes
Kernel32.dll
Process file: kernel32 or kernel32.dll
Process name: Windows Shell Process
Description: A Windows shell process is used to manage multithreading, memory, and resources.
Whether the process is a system process: Yes
Lsass.exe
Process file: lsass or lsass.exe
Process name: local security permission Service
Description: This local security permission Service controls the Windows security mechanism.
Whether the process is a system process: Yes
Mdm.exe
Process file: mdm or mdm.exe
Process name: Machine Debug Manager
Description: Debug debugging management is used to Debug applications and Microsoft Script Editor in Microsoft Office.
Whether the process is a system process: Yes
Mmtask. tsk
Process file: mmtask or mmtask. tsk
Process name: multimedia support process
Description: This Windows multimedia background program controls multimedia services, such as MIDI.
Whether the process is a system process: Yes
Mprexe.exe
Process file: mprexe or mprexe.exe
Process name: Windows route Process
Description: A Windows route process sends a network request to an appropriate part of the network.
Whether the process is a system process: Yes
Msgsrv32.exe
Process file: msgsrv32 or msgsrv32.exe
Process name: Windows Messenger Service
Description: The Windows Messenger service calls the Windows Driver and program management at startup.
Whether the process is a system process: Yes
Mstask.exe
Process file: mstask or mstask.exe
Process name: Windows scheduled task
Description: A Windows scheduled task is used to set the inherited time or date for backup or operation.
Whether the process is a system process: Yes
Regsvc.exe
Process file: regsvc or regsvc.exe
Process name: Remote Registry Service
Description: Remote Registry is used to access the registry on a remote computer.
Whether the process is a system process: Yes
Rpcss.exe
Process file: rpcss or rpcss.exe
Process name: RPC Portmapper
Description: The RPC port ing process in Windows processes RPC calls (Remote module calls) and maps them to the specified service provider.
Whether the process is a system process: Yes
Services.exe
Process file: services or services.exe
Process name: Windows Service Controller
Description: used to manage Windows Services.
Whether the process is a system process: Yes
Smss.exe
Process file: smss or smss.exe
Process name: Session Manager Subsystem
Description: This process is used by the session management subsystem to initialize system variables. The MS-DOS driver name is similar to LPT1 and COM. It calls the Win32 shell sub-system and runs in the Windows login process.
Whether the process is a system process: Yes
Snmp.exe
Process file: snmp or snmp.exe
Process name: Microsoft SNMP Agent
Description: a simple network protocol proxy (SNMP) in Windows is used to listen to and send requests to the appropriate network section.
Whether the process is a system process: Yes
Spool32.exe
Process file: spool32 or spool32.exe
Process name: Printer Spooler
Description: Windows Print task control program, used for printer readiness.
Whether the process is a system process: Yes
Spoolsv.exe
Process file: spoolsv or spoolsv.exe
Process name: Printer Spooler Service
Description: Windows Print task control program, used for printer readiness.
Whether the process is a system process: Yes
Stisvc.exe
Process file: stisvc or stisvc.exe
Process name: Still Image Service
Description: The Still Image Service is used to control the connection between a scanner and a digital camera on Windows.
Whether the process is a system process: Yes
Svchost.exe
Process file: svchost or svchost.exe
Process name: Service Host Process
Description: Service Host Process.