SVCHOST.EXESVCHOST.EXE files are a normal host process name for services running from the dynamic connection library. The svhost.exe file is positioned under the% SystemRoot% / System32 folder of the system. When startup, Svchost.exe checks the location of the registry to build a list of service that requires load. This will cause multiple svchost.exe to run at the same time. Each SVCHOST.EXE reply contains a set of services, so that a separate service must rely on how SVCHOST.EXE is started there. This makes it easier to control and find errors.
The SVCHOST.EXE group is identified by the following registry value.
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CURRENTVERSION / SVCHOST Each value under this key represents a separate SVCHOST group and it is displayed as a separate example when you are looking at the activity process. Each key value is the value of the REG_MULTI_SZ type and includes services running within the SVCHOST group. Each SVCHOST group contains one or more service names selected from the registry value, and the parameter value of this service contains a serviceDLL value. HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / Service
More information In order to see the services running in the SVCHOST list. Start - Run - Type CMD and then type TLIST -S (TLIST should be the winter winter in the Win2K toolbox) TLIST shows a list of event processes. Switch -s Displays a list of active services in each process. If you want to know more about the process, you can knock TLIST PID.
TLIST shows two examples of SVCHOST.exe run. 0 System Process8 System132 smss.exe160 csrss.exe Title: 180 winlogon.exe Title: NetDDE Agent208services.exeSvcs: AppMgmt, Browser, Dhcp, dmserver, Dnscache, Eventlog, lanmanserver, LanmanWorkstation, LmHosts, Messenger, PlugPlay, ProtectedStorage, seclogon, TrkWks , W32Time, Wmi220 lsass.exe Svcs: Netlogon, PolicyAgent, SamSs404 svchost.exe Svcs: RpcSs452 spoolsv.exe Svcs: Spooler544 cisvc.exe Svcs: cisvc556 svchost.exe Svcs: EventSystem, Netman, NtmsSvc, RasMan, SENS, TapiSrv580 regsvc. exe Svcs: RemoteRegistry596 mstask.exe Svcs: Schedule660 snmp.exe Svcs: SNMP728 winmgmt.exe Svcs: WinMgmt852 cidaemon.exe Title: OleMainThreadWndName812 explorer.exe Title: Program Manager1032 OSA.EXE Title: Reminder1300 cmd.exe Title: D: / WINNT5 /System32/cmd.exe - tlist -s1080 mapisp32.exe title: WMS iDLE TITLE: 1000 mmc.exe title: Device Manager1144 TLIST.EXE sets two groups in this example. HKEY_LOCAL_MACHINE / Software / Microsoft / Windows NT / CurrentVersion / Svchost: netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvcrpcss: Reg_Multi_SZ: RpcSssmss.exe
CSRSS.EXE
This is part of the user mode Win32 subsystem. CSRSS acts on behalf of the client / server running subsystem and a basic subsystem must have been running. CSRSS is responsible for controlling Windows, creates or deletes threads and some 16-bit virtual MS-DOS environments.
Explorer.exe This is a user's shell (I really don't know how to translate shell), we look like task bars, desktops, etc. This process is not as an important process as an important process, you can stop it from the task manager, or restart. It usually does not have any negative impact on the system.
INTERNAT.EXE
This process can be turned off from the task manager. INTERNAT.EXE starts running at startup. It loads different input points specified by the user. The input point is this position hkey_users / .default / keyboard layout / preload loading content from the registry. INTERNAT.EXE loads the "En" icon into the system's icon area, allowing users to easily convert different input points. When the process is stopped, the icon will disappear, but the input point can still change by the control panel.
LSASS.exe This process cannot be turned off from the task manager. This is a local security license service, and it will generate a process for authorized users using Winlogon services. This process is performed by using an authorized package, such as the default Msgina.dll. If the authorization is successful, LSASS will generate the user's entry token, let the table use the initial shell. Other processes initialized by users will inherit this token. MStask.exe This process is not targeted from the task manager. This is a task scheduling service, responsible for the operation of the task running in advance to run at a certain time.
SMSS.exe This process cannot be turned off from the task manager. This is a session management subsystem that is responsible for starting a user session. This process is initialized through the system process and reflects many activities, including Winlogon, Win32 (CSRSS.exe) threads that have been running, and set system variables. After it starts these processes, it waits for Winlogon or CSRSS to end. If these processes are normal, the system is turned off. If something unpredictable occurs, smss.exe will stop the system to stop responding (that is, hangs).
Spoolsv.exe This process cannot be turned off from the task manager. The spooler service is the print and fax jobs in the management buffer pool.
Service.exe This process cannot be turned off from the task manager. Most system core mode processes are run as a system process.
System iDLE Process does not be turned off from the task manager. This process is on each processor as a single-threaded operation and dispatches the processor when the system does not handle other threads.
Taskmagr.exe This process is to be turned off in the task manager. This process is the task manager.
Winlogon.exe This process is managed by user login and launch. And Winlogon is activated when the user presses Ctrl Alt DEL, and the security dialog box is displayed.
Winmgmt.exewinmgm is the core component of Win2000 client management. This process initializes when the client application is connected or when the manager needs his own service.
