[Recommended] I don't understand the process of the system process. Let you understand basic system processes and attached system processes
Http://bbs.cfanclub.net/dispbbs.asp?boardid=2&id=198567 There are 6 svchost.exe in my process. Do you say there is a problem, the answer is yes, no. I just saw a post, there were 4 svchost.exe in the system of brothers, and a dream boss has said no problem. But there are still a lot of don't understand, just in my hand, there is information and you will learn together.
The system process is turned into one. Understanding the system process and the common process process can be understood as a computer program in an active state, which performs a specific task in the operating system. The system process generally includes: basic system processes and additional system processes. The following uses Windows XP systems to introduce 1. The most basic system process This system process is a must-have condition for system operation. Only if these processes are active, the system can run normally. Therefore, they cannot be completed. Winlogon.exe: Manage user login. CSRSS.exe: This is a subsystem server process, responsible for controlling Windows creation or deleting threads and 16-bit virtual DOS environments. System iDLE Process: This process is served as a single-wire running on each processor and dispatches the processor when the system does not process other threads. SMSS.exe: This is a session management subsystem that is responsible for starting a user session. Services.exe: This is the system service management tool that contains many system services. LSASS.exe: This is a local security authorization service, manages IP security policies, and launching Isakmp / Oakley (IKE) and IP security drivers. Explorer.exe: Explorer. Spoolsv.exe: Manage the print and fax jobs in the buffer, load files into memory for later printing. SVCHOST.EXE: When the system is started, SVCHOST.exe will check the location in the registry to create a list of service that requires load. Multiple svchost.exe If you run, it indicates that there are currently a multi-group service in active state, multiple DLL files are called. 2. Additional system processes Additional system processes are not required to run, and can end related processes based on service management needs. MStask.exe: Allows programs to run at the specified time. Regsvc.exe: Allows remote registry operations. Winmgmt.exe: Provides system management information. INetInfo.exe: Provides FTP connection and management through the management unit of the Internet Information Services. TLNTSVR.EXE: Allows remote users to log in to the system and run console programs using the command line. TFTPD.exe: Implement TFTP Internet standards. This standard does not require username and password. Part of the remote installation service. TERMSRV.EXE: Provides a multi-session environment allows client devices to access virtual Windows 2000 Professional desktop sessions and Windows-based programs running on the server. DNS.exe: Respond to query and update requests for the Domain Name System (DNS) name. If the system process mentioned above is in the operation, how much will threaten the system security, only when the service is turned on. The rest of the system service is rarely used, and no more. Second, check the system process General Method: If you are using the Windows NT / 2000 / XP / 2003 operating system, turn out the Windows Task Manager, switch to the Process tab, you can see the current running The process name and its corresponding user name, CPU occupies and memory usage. The related pictures of this topic are as follows: If you are a Windows 9x / ME operating system, you can only view the system process for the reception activities, and the process of running in the background cannot be viewed, then you need to install and run the Third Party "Windows Task Manager "program.
Windows Task Manager 3.1 for Win9X / ME Software Description: Windows Task Manager is the most common system monitoring tool on the NT platform, but there is no similar tool on the Win9X / ME platform, this software fills this empty lack. Task Manager provides information about programs and processes running on your calculation. Also show the unit of the most common metric process performance. Use the Task Manager to monitor the key indicator of your computer performance. You can check the status of the running program and terminate the program that has stopped responding. You can also use up to 20 parameters to evaluate activities that are running, see graphics and data reflecting the CPU and memory usage. The 3.0 version also bundled a new software LAN connection detector. Click to download its interface design and features that are almost no difference with the tools that come with the Windows system, and you can also see the running system process. The related pictures of this topic are as follows: Advanced Means: The general methods mentioned above are unable to see the hidden process and their more detailed information, so you need to use a professional third-party software-willow rubbing to achieve this First, the purpose. Liu Ye Eye V4.00 Beta 1 Software Description: This small software can list all system all processes (including hidden) and kill processes. The "Program Response" function is added, as well as "Restriction Log". It is more powerful and has IE protection. After clicking the download launch "Willi Wicked Eye", we can see all the running processes including the hidden process. The related pictures of this topic are as follows: and the main purpose of our hidden process is to identify the tip, automatically identify system files in the "Liuye rubbed" program, and everyone only needs to detect those "unknown" process. Third, the trick-type kill process destination 1: Save system resources, block unnecessary process implementation method: Our article introduces the most basic system process, after starting the Windows XP system, if you find other processes other than this, It can end it as appropriate. In the Windows Task Manager, we select the "End Process" or "End Process Tree" in the Right-click pop-up menu. Maybe everyone does not understand the "end process tree", the so-called process tree means that after an application runs, it may also call other processes to perform operations. This set of processes form a process tree (process tree) It may be multi-level, not only one hierarchical child process). The application is called a parent process, which is called a child process. When we end a process tree, it means that all sub-processes they belong at the same time. Purpose 2: Comparison process, blocking Trojan implementation: For example, when we start a netizen transferred file, if it is not a bundle of Trojans, it can detect whether to add Trojan by comparing the process, after the process, the process. process. The ultrasound process manager V1.5 needs to be used at this time. Underpere Process Manager 1.5.02 software introduction: This software is used to view the system process, module, window information, and to their operations, if you close the process, set priority, hide the window, let the buttons available, change Get text box content (including some password box), registry launch items to manage, see the class names of different objects, and so on. Click to download "Process Management" of the right function list in the "Transfer Process Manager" main interface, click the "Record List" button before starting the specified file or program, and then click the "Compare Process List" button after running. Then, switch to "Other" tabs, which can be visually seen in an increase in increasing or decreased process names. We have run a file, if there are two processes, the other is that it is likely to be a Trojan, and it will be blocked.
This topic related pictures are as follows: Destination 3: Blocking system process implementation: For processes that cannot be blocked in Windows Task Manager, it can be used to enhance the "ultrasound process manager" to block. After selecting the specified process in the list, click the "Close System Process" button. But everyone should also take into account the consequences that may be taken after blocking, need to be careful. Purpose 4: Batch Block Process Implementation: If we need one-time end multiple processes, click on "Process Management" → "Batch Off Process" in the "Transfer Process Manager" program, select multiple pre-population in the pop-up dialog box. After the end of the process, click the "Batch Off" button. The related pictures of this topic are as follows: IV, system process FAQ Question: Why display multiple SVCHOST.EXE processes? A: Windows 2000 typically has two SVCHOST processes, one is a RPCSS (Remote Procedure Call) service process, and the other is a SVCHOST.EXE shared by many service. Windows XP generally has more than four SVCHOST.exe service processes, and more in Windows 2003 Server. WINDOWS is launched by SVCHOST in a shared process, mainly to reduce system resources to a certain extent. However, there is also a certain safety hazard, for example, some process inserting the back door In order to prevent being killed, it is often inserted into the SVCHOST process. So how can I know which services are using svchost.exe? Taking the Windows XP system as an example, after running the "Tasklist / SVC" in it, you can view the process information after entering the confirmation operation. The related pictures of this topic are as follows: Moreover, the normal SVCHOST file is stored in the "C: / Windows / System32" directory, we can use third-party software to view the storage path of the file, if you appear in other directory, be careful. Q: Why does the TIMPLATFORM.EXE process will appear after QQ 2004 start? It used to use QQ2003 without this process. A: The role of this process is the bridge that is connected to the TM. To end it, turn off the QQ program installation folder after QQ, and find the "TIMPLATMM.EXE" file to delete it. Q: What is "System iDle Process" in the list of processes in the Windows XP system? Why is the CPU usage always more than 90%? How can I remove it? Answer: 90% of the "System IDle Process" process not occupying the resources of the CPU, just that it is more than 90% of the CPU resources here. The larger the number here, the more resources available, and the smaller the number, the more tense the CPU resource. This process is required by the system and cannot be prohibited. The related pictures of this topic are as follows:
My process gives you a look. The related pictures of this topic are as follows: This topic is related to the following:
