Win 2000 list of common system processes

Process

windows 2000/xp's task Manager is a very useful tool that can provide us with a lot of information, such as the programs that are running in the system now, but we may be a bit dazed with those file executables, not knowing what they do, or whether there are any suspicious processes (viruses, Trojans , etc.). The purpose of this article is to provide some of the common process names in Windows 2000 and to illustrate their usefulness.

In Windows 2000, the system contains the following default processes:
csrss.exe
explorer.exe
internat.exe
lsass.exe
mstask.exe
smss.exe
spoolsv.exe
svchost.exe
services.exe
system
system Idle Process
taskmgr.exe
winlogon.exe
winmgmt.exe

More processes and their brief descriptions are listed below

Process name  description

smss.exesessionmanager
csrss.exe Subsystem Server process
winlogon.exe Admin User Login
services.exe contains many system services
lsass.exe manages IP Security policies and initiates Isakmp/oakley (IKE) and IP security drivers.
File Protection system of svchost.exewindows 2000/XP
spoolsv.exe loads the file into memory for later printing. )
explorer.exe Explorer
Phonetic icon for internat.exe tray area)
mstask.exe allows programs to run at specified times.
regsvc.exe allows remoteRegistration FormOperation. (System services)->remoteregister
winmgmt.exe provides system management information (System services).
inetinfo.exemsftpsvc,w3svc,iisadmn
tlntsvr.exetlnrsvr
tftpd.exe implements the TFTP Internet standard. The standard does not require a user name and password.
termsrv.exetermservice
dns.exe answers query and update requests for Domain Name System (DNS) names.
tcpsvcs.exe provides the ability to remotely install Windows Professional on a PXE-capable, remote boot client computer.
ismserv.exe allows messages to be sent and received between Windows Advanced Server sites.
ups.exe manages an uninterruptible power supply (UPS) connected to your computer.
wins.exe provides NetBIOS name services for TCP/IP clients that register and resolve NetBIOS names.
llssrv.exe Certificate Logging Service
ntfrs.exe to maintain file synchronization of file directory content among multiple servers.
rssub.exe controls the media used to store data remotely.
locator.exe manages the RPC name service database.
lserver.exe Register client licenses.
dfssvc.exe manages logical volumes that are distributed over a LAN or WAN.
clipsrv.exe supports ClipBook Viewer so that you can view the clip pages from a remote ClipBook.
msdtc.exe, a parallel transaction, is distributed in more than two databases, message queues,File Systemor other transaction protection resource manager.
faxsvc.exe helps you send and receive faxes.
cisvc.exe Indexing Service
dmadmin.exe System Management Service for disk Management requests.
mnmsrvc.exe allows a privileged user to remotely access the Windows desktop using NetMeeting.
netdde.exe provides network transport and security features for Dynamic Data exchange (DDE).
smlogsvc.exe configures Performance Logs and Alerts.
rsvp.exe provides network signaling and local communication control installation power functions for quality service (QoS)-dependent programs and control applications.
rseng.exe coordinates services and management tools that are used to store infrequently used data.
rsfsa.exe the operation of remotely stored files.
grovel.exe scans for duplicate files on 0 backup storage (SIS) volumes and points duplicate files to a data storage point to conserve disk space (useful only for NTFS file systems).
scardsvr.ex manages and accesses the smart card inserted into the computer's smart card reader.
snmp.exe contains agents that can monitor the activity of network devices and report to the network console workstation.
snmptrap.exe receives a trap message generated by a local or remote SNMP agent, and then passes the message to the SNMP management program running on this computer.
utilman.exe starts and configures the accessibility tool from a single window.
msiexec.exe basis. MSI file to install, fix, and delete the software.

Summary: The secret of discovering a suspicious process is to look at the list of processes in Task Manager, and after looking at it, one can find suspicious processes, just like finding a group of strangers in a familiar crowd.