1.
[system idle process]
Process file: [system process] or [system process]
Process Name: Windows Memory Processing System Process
Description: Windows page memory management process with level 0 priority.
Temaist: This process is running on each processor as a single-wire and dispatches the time of the processor when the system does not handle other threads. The larger the CPU usage indicates that the CPU resources available, the smaller the number, indicating that the CPU resource is tight.
2.
[alg.exe]
Process file: ALG OR Alg.exe
Process Name: Application Layer Gateway Service
Description: This is an application layer gateway service for network sharing.
Introduction: A gateway communication plug-in manager provides the support of the third-party protocol plugin for the Internet Connection Sharing Services and Internet Connection Firewall Services.
3.
[csrss.exe]
Process file: CSRSS or CSRSS.exe
Process Name: Client / Server Runtime Server Subsystem
Description: Client Services subsystem to control Windows graphics related subsystems.
Today: This is part of the user mode Win32 subsystem. CSRSS acts on behalf of the client / server running subsystem and a basic subsystem must have been running. CSRSS is used to maintain Windows control, create or delete threads and some 16-bit virtual MS-DOS environments.
4.
[ddhelp.exe]
Process file: ddhelp or ddhelp.exe
Process Name: DirectDraw Helper
Description: DirectDraw Helper is DirectX this component for graphics services.
Summary: DirectX Help
5.
[DLLHOST.EXE]
Process file: DLLHOST or DLLHOST.EXE
Process Name: DCOM DLL HOST process
Description: The DCOM DLL HOST process supports the COM object to support DLL to run a Windows program.
Summary: COM agent, the more DLL components of the system, the more CPU resources and memory resources occupied by DLLHOST, and the "shock wave killer" in August is probably more familiar with it.
6.
[Explorer.exe]
Process file: Explorer or Explorer.exe
Process Name: Program Management
Description: Windows Program Manager or Windows Explorer is used to control the Windows Graphics Shell, including start menus, taskbels, desktop, and file management.
Tour: This is a user's shell, which looks like task bars, desktop, and more. Or it is the resource manager, don't believe you do it in the run. It is still important to the stability of the Windows system, and the red code is to find it, and create Explorer.exe under C and D.
7.
[inetinfo.exe]
Process file: inetinfo or inetinfo.exe
Process Name: IIS Admin Service Helper
Description: INetInfo is part of Microsoft Internet Infomation Services (IIS) for debugging in debug debugging.
Introduction: IIS service processes, blue code is using the buffer buffer overtinfo.exe buffer.
8.
[internat.exe]
Process file: infernat or internat.exe
Process Name: Input Locales
Description: This input control icon is used to change similar countries settings, keyboard types, and date formats. INTERNAT.EXE starts running at startup. It loads different input points specified by the user. The input point is this position hkey_users / .default / keyboard layout / preload loading content from the registry. INTERNAT.EXE loads the "En" icon into the system's icon area, allowing users to easily convert different input points. When the process is stopped, the icon will disappear, but the input point can still change by the control panel. Describe: It is mainly used to control the input method. When your taskbar does not have a "en" icon, the system has the INTERNAT.EXE process, and you may wish to end the process and execute the INTERNAT command in the run.
9.
[kernel32.dll]
Process file: kernel32 or kernel32.dll
Process Name: Windows Shell Process
Description: The Windows shell process is used to manage multithreades, memory, and resources.
Summary: More Content Browse
Illegal operation and kernel32 interpretation
10.
[lsass.exe]
Process file: lsass or lsass.exe
Process Name: Local Security Permission Service
Description: This local security permission service controls the Windows security mechanism. Manage IP Security Policy and launch Isakmp / Oakley (IKE) and IP security drivers.
Tour: This is a local security authorization service, and it will generate a process for authorized users using Winlogon services. This process is performed by using an authorized package, such as the default Msgina.dll. If the authorization is successful, LSASS will generate the user's entry token, let the table use the initial shell. Other processes initialized by users will inherit this token. The Windows Active Directory Remote Stack Overflow Vulnerability is the use of the LDAP 3 search request function lacks the correct buffer boundary check for the user submission request, builds more than 1000 "and" requests, and send it to the server, causing the trigger stack overflow to make LSASS .exe service crashes, the system restarts within 30 seconds.
11.
[mdm.exe]
Process file: mdm or mdm.exe
Process Name: Machine Debug Manager
Description: DEBUG Error Manage The Microsoft Script Editor script editor in the application and Microsoft Office.
Summant: MDM.EXE's main task is for application software, saying it, talking out, if you see the 0 byte file starting at the beginning of FFF, they are MDM.exe in troubleshooting In the process, some temporary files are generated. These files are not automatically cleared when the operating system is turned off, so these FFF's blame file is some of the files named CHK, which is unused, can be arbitrarily deleted without Will have adverse effects on the system. For the 9X system, as long as there is Mdm.exe in the system, it is possible to generate blame files starting with FFF. You can stop using the following method to stop running mdm.exe to completely delete the blame file starting with FFF: first press "Ctrl Alt Del" key key, select "MDM" in the "Close Program" window that pops up "," The End Task button will stop MDM.EXE in the background run, then rename MDM.EXE (in the C: / Windows / System Directory) to MDM.BAK. Run the MSconfig program and cancel the "Machine Debug Manager" in the startup page. This will not let MDM.exe start, and then click the "OK" button to end the MSConfig program and restart the computer. Also, if you use the IE 5.x or more version of the browser, it is recommended to disable script calls (click "Tools → Internet Options → Advanced → Disable Script Call"), which avoids the blame file starting with FFF. 12.
[mmtask.tsk]
Process file: mmtask or mmtask.tsk
Process Name: Multimedia Support Process
Description: This Windows multimedia backeeper controls multimedia services, such as MIDI.
Introduction: This is a task scheduling service, responsible for the operation of the task run in advance to run at a certain time.
13.
[MPREXE.EXE]
Process file: mprexe or mprexe.exe
Process Name: Windows Routing Process
Description: The Windows routing process includes issuing a network request to the appropriate network section.
Tour: This is the core of Windows 32-bit network interface service process file, the core of the network client component. Impression "A-311 Trojan (Trojan.a-311.104)" also creates MPREXE.exe processes in memory, which can be completed through resource management.
14.
[msgsrv32.exe]
Process file: msgsrv32 or msgsrv32.exe
Process Name: Windows Membrane Service
Description: Windows messenger service calls Windows driver and program management at startup.
Top: Msgsrv32.exe Application, Win9X, if the sound card or graphics driver configuration is incorrect, will cause a crash or prompt Msgsrv32.exe error.
15.
[mstask.exe]
Process file: mstask or mstask.exe
Process Name: Windows Planning Task
Description: Windows Planning Tasks Use to set inheritance or date backup or run.
Introduction: Plan tasks, it starts from the registry. Therefore, through the program task program implements self-starting programs not seeing its file name in system information, once it is deleted or disabled from the registry, the programs launched by the planned task cannot be run automatically. Win9x's system startup will open a planned task, you can stop it from starting by double-clicking the Scheduled Task Icon - Advanced - Termination Plan Task. In addition, the attacker often uses the planned task during the attack, including uploading files, promoting permissions, planting lattice, cleaning footprints.
16.
[Regsvc.exe]
Process file: regsvc or regsvc.exe
Process Name: Remote Registry Serving: Remote Registry Server is used to access the registry of the remote computer.
17.
[rpcss.exe]
Process file: rpcss or rpcss.exe
Process Name: RPC Portmapper
Description: Windows RPC port mapping process Processes RPC calls (remote module calls) and map them to the specified service provider.
Top: 98 It does not start when loading the interpreter or boot, if there is a problem in use, you can directly register HKEY_LOCAL_MACHINE / Software / Microsoft / Windows / CurrentVersion / Run
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RunServices Add "String Value" to "c: / windows / system / rpcss".
18.
[Services.exe]
Process file: Services Or Services.exe
Process Name: Windows Service Controller
Description: Manage Windows services.
Summary: Most system core mode processes are run as a system process. Open the service in the management tool, you can see that there are many services that are calling% systemroot% / system32 / service.exe
19.
[smss.exe]
Process file: SMSS or smss.exe
Process Name: Session Manager Subsystem
Description: This process serves as a session management subsystem to initialize system variables, and the MS-DOS driver name is similar to LPT1 and COM, call the Win32 shell subsystem and running in the Windows landing process.
Simply: This is a session management subsystem and is responsible for starting a user session. This process is initialized through the system process and reflects many activities, including Winlogon, Win32 (CSRSS.exe) threads that have been running, and set system variables. After it starts these processes, it waits for Winlogon or CSRSS to end. If these processes are normal, the system is turned off. If something unpredictable occurs, smss.exe will stop the system to stop responding (that is, hangs).
20.
[snmp.exe]
Process file: SNMP or snmp.exe
Process Name: Microsoft SNMP Agent
Description: Windows Simple Network Protocol Agent (SNMP) is used to listen and send requests to the appropriate network part.
Summary: Responsible for receiving SNMP request packets, sending response packets and handling interfaces with WinsockApi as required.
twenty one.
[spool32.exe]
Process file: spool32 or spool32.exe
Process Name: Printer Spooler
Description: Windows Print Task Control Program for printer Ready.
twenty two.
[spoolsv.exe]
Process file: spoolsv or spoolsv.exe
Process Name: Printer Spooler Service
Description: Windows Print Task Control Program for printer Ready.
Subworked: SpoOLER service is the print and fax jobs in the management buffer pool.
twenty three.
[stisvc.exe]
Process file: Stisvc or Stisvc.exe
Process Name: STILL Image Service
Description: STILL Image Service is used to control the scanner and digital cameras connected in Windows.
twenty four.
[SVCHOST.EXE]
Process file: SVCHOST or SVCHOST.EXE process Name: Service Host Process
Description: Service Host Process is a standard dynamic connection host handler service.
Summary: SVCHOST.EXE files are a normal host process name for services running from the dynamic connection library. The svhost.exe file is positioned under the% SystemRoot% / System32 folder of the system. When startup, Svchost.exe checks the location of the registry to build a list of service that requires load. This will cause multiple svchost.exe to run at the same time. Each SVCHOST.EXE reply contains a set of services, so that a separate service must rely on how SVCHOST.EXE is started there. This makes it easier to control and find errors. Windows 2K typically has 2 SVCHOST processes, one is a RPCSS (Remote Procedure Call) service process, and another is a SVCHOST.EXE shared by many service. In Windows XP, there are generally more than 4 SVCHOST.exe service processes, and more in Windows 2003 Server.
25.
[taskmon.exe]
Process file: Taskmon or taskmon.exe
Process Name: Windows Task Optimizer
Description: Windows Task Optimizer monitors the frequency you use a program and organize your hard drive by loading frequently used programs.
Typographic: Task Manager, its function is to monitor the execution of the program and report it at any time. Ability to monitor programs that run in a window in the taskbar, open and end the program, and directly call the shutdown system dialog box.
26.
[tcpsvcs.exe]
Process file: tcpsvcs or tcpsvcs.exe
Process Name: TCP / IP SERVICES
Description: TCP / IP Services Application supports the LAN and the Internet connection via TCP / IP.
27.
[Winlogon.exe]
Process file: Winlogon or Winlogon.exe
Process Name: Windows Logon Process
Description: Windows NT user login program. This process is managing user login and exits. And Winlogon is activated when the user presses Ctrl Alt DEL, and the security dialog box is displayed.
28.
[WinMgmt.exe]
Process file: Winmgmt or Winmgmt.exe
Process Name: Windows Management Service
Description: Windows Management Service Performs a request from the application client through the Windows Management Instrumentation Data WMI) technology.
Summary: WinMGMT is the core component of Win2000 client management. This process initializes when the client application is connected or when the manager needs his own service. Winmgmt.exe (Repository) is the two main components of WMI, where the knowledge base is an object-defined database, which is a central database that manages static data, and the object manager is responsible for handling knowledge. The collection and operation of the object in the library is collected from the WMI provider. Winmgmt.exe runs on Windows 2K / NT as a service, and runs on Windows 95/98 as a separate EXE program. WMI errors that Windows 2K systems appear on some computers can be corrected by installing Windows 2K SP2.
29.
[system]
Process file: system or system
Process Name: Windows System Process
Description: Microsoft Windows system process. Tour: This process will be seen in the task manager, which is a normal system process.
In Windows2K / XP, the following process must be loaded:
SMSS.EXE, CSRSS.EXE, Winlogon.exe, Services.exe, LSAss.exe, Svchost.exe (there are multiple), spoolsv.exe, explorer.exe, system idle process;
In Windows 9x, the process must be loaded:
Msgsrv32.exe, mprexe.exe, mmtask.tsk, kenrel32.dll.
