Process interpretation in the WINDOWSF process Manager

(1) [System Idle Process]
Process files: [System process] or [system process]
Process name: Windows Memory Processing System process
Description: Windows page memory management process with 0 levels of precedence.
Description: The process runs on each processor as a single thread and allocates the processor time when the system does not process other threads. The larger the CPU utilization, the more CPU resources are available for allocation, and the smaller the number, the more CPU resources are strained.
(2) [Alg.exe]
Process file: ALG or Alg.exe
Process Name: Application Layer Gateway Service
Description: This is an application-layer Gateway service for network sharing.
Description: A manager for the Gateway Communication plug-in that provides support for the third-party protocol plug-in for the Internet Connection Sharing service and Internet Connection Firewall service.
(3) [Csrss.exe]
Process files: Csrss or Csrss.exe
Process name: Client/server Runtime Server Subsystem
Description: Client services Subsystem for controlling Windows graphics related subsystems.
Description: This is part of the user mode Win32 subsystem. CSRSS on behalf of client/server running subsystem and is a basic subsystem that must be running all the time. CSRSS is used to maintain control of windows, create or remove threads, and some 16-bit virtual MS-DOS environments.
(4) [Ddhelp.exe]
Process files: DDhelp or Ddhelp.exe
Process Name: DirectDraw Helper
Description: DirectDraw Helper is a part of DirectX, which is used for graphics services.
Introduction: Directx Helper
(5) [Dllhost.exe]
Process files: Dllhost or Dllhost.exe
Process name: DCOM DLL Host Process
Description: The DCOM DLL host process supports COM-based objects that support DLLs to run Windows programs.
Description: COM proxy, the more DLL components The system attaches, the more CPU and memory resources the Dllhost consumes.
(6) [Explorer.exe]
Process files: Explorer or Explorer.exe
Process Name: Program Management
Description: Windows Program Manager or Windows Explorer is used to control Windows graphics shell, including Start menu, taskbar, desktop, and file management.
Description: This is a user's shell, in which we look like a task bar, desktop, and so on. Or it's a resource manager, don't believe you're running it to see it. It is still more important to the stability of Windows systems.
(7) [Inetinfo.exe]
Process files: Inetinfo or inetinfo.exe
Process name: IIS Admin Service Helper
Description: Inetinfo is part of Microsoft Internet infomation Services (IIS) for debug debug debugging.
Description: The IIS service process.
(8) [Internat.exe]
Process files: Internat or Internat.exe
Process Name: Input Locales
Description: This input control icon is used to change similar country settings, keyboard types, and date formats. The Internat.exe starts running when it is started. It loads the different input points specified by the user. The input point is hkey_users\\ from this location in the registry. Default\\keyboard Layout\\preload loads the content. Internat.exe loads the "EN" icon into the system's icon area, allowing the user to easily convert different input points. When the process stops, the icon disappears, but the input points can still be changed by the control Panel.
Introduction: It is mainly used to control the input method, when your taskbar does not have "EN" icon, and the system has a internat.exe process, it may be possible to end the process, in the run to execute the internat command.
1 Floor Hope WSG (6 level) 17:05| reply
(9) [Kernel32.dll]
Process files: kernel32 or Kernel32.dll
Process name: Windows shell process
Description: Windows shell processes are used to manage multithreading, memory, and resources.
(ten) [Lsass.exe]
Process files: Lsass or Lsass.exe
Process Name: Local security Rights Service
Description: This local security rights service controls Windows security. Manage IP Security Policies and boot Isakmp/oakley (IKE) and IP security drivers.
Description: This is a local security authorization service, and it generates a process for authorized users who use the Winlogon service. This process is performed by using an authorized package, such as the default Msgina.dll. If the authorization is successful, LSASS generates the user's entry token, and the token does not use the shell that started the initial. Other processes that are initialized by the user inherit the token. While the Windows Active Directory Remote stack Overflow vulnerability, it is using the LDAP 3 Search request feature on the user submission request is missing the correct buffer bounds check, build more than 1000 \ "and\" requests, and send to the server, resulting in a trigger stack overflow, The Lsass.exe service crashes and the system restarts within 30 seconds.
(one) [Mdm.exe]
Process files: MDM or Mdm.exe
Process name: Machine Debug Manager
Description: Debug debugging Management is used to debug the application and Microsoft Script Editor in Microsoft Office.
Introduction: The main work of Mdm.exe is to debug the application software, in this case, pull humorous digression, if you see FFF in the system at the beginning of the 0-byte file, They are mdm.exe in the process of troubleshooting some temporary files, these files are not automatically cleared when the operating system is shut down, so these fff the beginning of the strange files are some suffixes named chk files are useless junk files, can be evenly my bun? Change the rhyme low nest?? Huan plus 臁 6? x system, as long as there are Mdm.exe in the system, it is possible to produce strange files beginning with FFF. You can use the following method to stop the system from running Mdm.exe to completely remove the strange files beginning with FFF: First press the "Ctrl+alt+del" key, select "MDM" in the "Close Program" window that pops up, press "End Task" button to stop Mdm.exe running in the background, then Mdm.exe (in C:\\Windows\\System directory) renamed to Mdm.bak. Run the Msconfig program and cancel the selection of the machine Debug Manager on the startup page. This prevents Mdm.exe from starting, then clicking the "OK" button, ending the Msconfig program, and restarting the computer. In addition, if you use IE 5.X or above version of the browser, it is recommended to disable the script call (click "Tools →internet options → advanced → disable script call"), so you can avoid the FFF beginning of the strange file.
(a) [Mmtask.tsk]
Process files: Mmtask or Mmtask.tsk
Process Name: Multimedia support Process
Description: This Windows multimedia Daemon controls multimedia services, such as MIDI.
Description: This is a task scheduling service that is responsible for the user's prior decision to run a task at a certain time.
() [Mprexe.exe]
Process files: Mprexe or Mprexe.exe
Process Name: Windows routing Process
Description: The Windows routing process involves making a network request to the appropriate network part.
Description: This is the core of the Windows 32-bit Network interface service process file, which is launched by the network client part.
(+) [Msgsrv32.exe]
Process files: msgsrv32 or Msgsrv32.exe
Process name: Windows Messenger Service
Description: Windows Messenger Service calls Windows Driver and program management at startup.
Introduction: Msgsrv32.exe A Management Information window of the application, Win9x if the sound card or video card driver configuration is incorrect, will cause the panic or prompt Msgsrv32.exe error.
(a) [Mstask.exe]
Process files: Mstask or Mstask.exe
Process name: Windows scheduled Task
Description: The Windows scheduled task is used to set the time or date at which the inheritance will be backed up or run.
Description: A scheduled task that starts from the registry. Therefore, programs that are implemented by the Scheduler program do not see its file name in the system information, and once it is removed or disabled from the registry, programs that are started by the scheduled task do not run automatically. Win9x starts the scheduled task, you can stop it from starting by double-clicking the Scheduled Task icon-advanced-to terminate the scheduled task.
2 Floor Hope WSG (6 level) 17:05| reply
(+) [Regsvc.exe]
Process files: regsvc or Regsvc.exe
Process Name: Remote Registry Service
Description: The remote Registry service is used to access the registry on the remote computer.
(+) [Rpcss.exe]
Process files: RPCSS or Rpcss.exe
Process Name: RPC portmapper
Description: The RPC port mapping process for Windows handles RPC calls (remote module calls) and then maps them to the specified service provider.
Description: 98 It is not available at load interpreter or boot time, if there is a problem in use, it can be directly in the registry HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
Hkey_local_machine\\software\\microsoft\\windows\\currentversion\\runservices add \ "String value \", directed to \ "C:\\WINDOWS\\ System\\rpcss\ "can.
() [Services.exe]
Process files: Services or Services.exe
Process name: Windows Service Controller
Description: Manages Windows services.
Description: Most of the system core mode processes are running as system processes. Open the services in the Administration tool and you can see that there are many services that are calling%systemroot%\\system32\\service.exe
(+) [Smss.exe]
Process files: SMSs or Smss.exe
Process Name: Session Manager Subsystem
Description: The process is used by the session management subsystem to initialize system variables, and MS-DOS driver names resemble LPT1 and COM, calling the Win32 shell subsystem and running the Windows logon process.
Summary: This is a session management subsystem that is responsible for initiating user sessions. This process is initialized by the system process and is reflected for many activities, including the WINLOGON,WIN32 (Csrss.exe) thread that is already running and the set of system variables. After it starts these processes, it waits for Winlogon or csrss to end. If these processes are normal, the system is turned off. If something unexpected happens, Smss.exe will let the system stop responding (that is, hang).
() [Snmp.exe]
Process files: SNMP or Snmp.exe
Process name: Microsoft SNMP Agent
Description: Windows Simple Network protocol agent (SNMP) is used to listen for and send requests to the appropriate network section.
Introduction: Responsible for receiving SNMP request packet, send response message according to request and handle interface with WINSOCKAPI.
(+) [Spool32.exe]
Process files: spool32 or Spool32.exe
Process Name: Printer Spooler
Description: The Windows Print Task Control program is used for printer readiness.
(a) [Spoolsv.exe]
Process files: SPOOLSV or Spoolsv.exe
Process name: Printer Spooler Service
Description: The Windows Print Task Control program is used for printer readiness.
Description: The buffering (spooler) service is the management of print and fax jobs in the buffer pool.
(all) [Stisvc.exe]
Process files: stisvc or Stisvc.exe
Process name: Still Image Service
Description: Still Image service is used to control scanners and digital camera connections in Windows.
[Svchost.exe]
Process files: Svchost or Svchost.exe
Process Name: Service Host Process
Description: Service host process is a standard dynamic connection Library host processing services.
Description: The Svchost.exe file is an ordinary host process name for services that run from a dynamic connection library. The Svhost.exe file is located under the system's%SystemRoot%\\System32 folder. At startup, Svchost.exe checks the registry for a location to build a list of services that need to be loaded. This will cause multiple Svchost.exe to run at the same time. Each Svchost.exe session includes a set of services so that the individual services must rely on Svchost.exe how and where to start. This makes it easier to control and find errors. Windows 2k typically has 2 svchost processes, one is the RPCSS (Remote Procedure Call) service process, and the other is a svchost.exe shared by many services. In Windows XP, you typically have more than 4 Svchost.exe service processes, and more in Windows 2003 server.
3 Floor Hope WSG (6 level) 17:07| reply

(+) [Taskmon.exe]
Process files: Taskmon or Taskmon.exe
Process name: Windows Task Optimizer
Description: The Windows Task Optimizer monitors how often you use a program and organizes and optimizes your hard disk by loading programs that you use frequently.
Description: Task Manager, which functions to monitor the execution of a program and report it at any time. Ability to monitor all programs that run in Windows on the taskbar, open and close programs, and directly bring up the Shut down System dialog box.
(+) [Tcpsvcs.exe]
Process files: Tcpsvcs or Tcpsvcs.exe
Process name: TCP/IP Services
Description: TCP/IP Services application supports LAN and Internet connections via TCP/IP.
(+) [Winlogon.exe]
Process files: Winlogon or Winlogon.exe
Process Name: Windows Logon Process
Description: Windows NT User Login program. This process is to manage user login and exit. And Winlogon is activated when the user presses Ctrl+alt+del, and the Security dialog box is displayed.
() [Winmgmt.exe]
Process files: WinMgmt or Winmgmt.exe
Process name: Windows Management Service
Description: Windows Management Service handles requests from the application client through Windows Management Instrumentation data WMI) technology.
Summary: WinMgmt is the core component of Win2000 Client management. This process initializes when the client application connects or when the hypervisor needs his own service. The WinMgmt.exe (CIM Object Manager) and Knowledge Base (Repository) are the two main components of WMI, where the knowledge base is a database of object definitions, a central database that stores all manageable static data, and the object manager handles the collection and manipulation of objects in the Knowledge base and collects information from the WMI provider. WinMgmt.exe runs as a service on Windows 2k/nt and runs as a standalone EXE program on Windows 95/98. WMI errors that occur on some computers on Windows 2k systems can be fixed by installing Windows 2k SP2.
() [System]
Process files: System or System
Process Name: Windows System Process
Description: Microsoft Windows system process.
Description: This process is seen in Task Manager and is part of the normal system process.
The system process is introduced here.
In Windows2k/xp, the following processes must be loaded:
Smss.exe, Csrss.exe, Winlogon.exe, Services.exe, Lsass.exe, Svchost.exe (can exist multiple simultaneously), Spoolsv.exe, Explorer.exe, System Idle Process;
In Windows 9x, the process is something that must be loaded:
Msgsrv32.exe, Mprexe.exe, Mmtask.tsk, Kenrel32.dll

Process interpretation in the WINDOWSF process Manager