In-depth understanding of Win2000 system process list
Tiler
Mobile application (2003-03-21 10:04:44)
Win2000 system process list
The most basic system process (that is, these processes are the basic conditions of the system run, with these processes, the system can run normally)
SMSS.exe session manager
CSRSS.EXE subsystem server process
Winlogon.exe management user login
Services.exe contains many system services
LSAss.exe Manages IP Security Policy and launch Isakmp / Oakley (IKE) and IP security drivers. (System Services) Generate session keys and grants a service credentials (Ticket) for interactive client / server authentication. (System service) -> Netlogon
Svchost.exe contains many system services !!! -> Eventsystem,
(Spoolsv.exe loads files into memory for later printing.)
Explorer.exe Explorer
(Internat.exe Pinyin Icon)
============================================================================================================================================================================================================= ==================
Additional system processes (these processes are not necessary, you can increase or decrease through service manager as needed)
MStask.exe allows programs to run at the specified time. (System Services) -> Schedule
Regsvc.exe allows remote registry operations. (System Services) -> RemoteRegister
Winmgmt.exe provides system management information (system service).
inetinfo.exe-> MSFTPSVC, W3SVC, Iisadmn
TLNTSVR.EXE-> TLNRSVR
TFTPD.exe implements TFTP Internet standards. This standard does not require username and password. Part of the remote installation service. (system service)
Termsrv.exe -> Termservice
DNS.exe Answer Query and Update Request for Domain Name System (DNS) name. (system service)
============================================================================================================================================================================================================= ================
The following is all system services, and rarely use it, if you don't need it for the time being, it should be turned off (harmful to security)
TCPSVCS.EXE provides the ability to remotely install Windows 2000 Professional on the PXE remote boot client computer. (System Services) -> Simptcp
Support the following TCP / IP services: Character Generator, Daytime, Discard, Echo, and Quote of The Day. (System Services) ISMSERV.EXE allows you to send and receive messages between Windows Advanced Server sites. (system service)
UPS.exe management is connected to the computer's uninterruptible power supply (UPS). (system service)
Wins.exe provides NetBIOS Name Services for TCP / IP customers registered and parsing NetBIOS names. (system service)
Llssrv.exe license logging service (system service)
NTFRS.EXE Synchronize files in the maintenance file directory content between multiple servers. (system service)
Rssub.exe controls media used to remotely store data. (system service)
Locator.exe Management RPC Name Service Database .-> RpClocator (District RPCSS)
Lserver.exe registered client license. (system service)
DFSSVC.exe Manages logical volumes distributed in a local area network or wide area network. (system service)
Clipsrv.exe supports the "Scrapbook Viewer" so that you can access the scrap page from the remote scrapbook. (system service)
MSDTC.exe is a transaction, which is distributed in more than two databases, messages, file systems, or other transaction protection resource managers. (system service)
Faxsvc.exe Helps you send and receive faxes. (system service)
CISVC.EXE INDEXING Service (System Service) !!!
Dmadmin.exe System Management Service for Disk Management Request. (system service)
MnMsrvc.exe allows users to access the Windows desktop remotely using NetMeeting remotely. (system service)
NetDe.exe provides network transfer and security features of Dynamic Data Exchange (DDE). (system service)
SMLogsvc.exe Configuring Performance Logs and Alerts. (system service)
RSVP.exe provides network signals and local communication control installation capabilities for programs and control applications that depend on quality service (QoS). (system service)
RSENG.EXE coordinates the service and management tools for storing uncommon data. (system service)
RSFSA.EXE manages the operation of the file that is stored. (system service)
Grovel.exe Scanning the Duplicate file on the zero backup storage (SIS) volume and points the duplicate file to a data storage point to save disk space. (system service)
Scardsvr.exe manages and accesss control over smart cards inserted in your computer smart card reader. (system service)
SNMP.exe contains the agent to monitor the network device and report to the network console workstation. (system service)
SNMPTrap.exe Receives the trap message generated by the local or remote SNMP agent and then passes the message to the SNMP manager running on this computer. (system service)
Utilman.exe launches and configures an auxiliary tool from a window. (system service)
Msiexec.exe is installed, repaired, and deletes software based on the command contained in the .msi file. (system service)
to sum up:
The secret of finding suspicious processes is to see the list of processes in the task manager. After watching, you can find suspicious processes, just like
Looking for a group of strangers in familiar people. Of course, the Trojan can be the same or approximately the process of certain system, and people are really unambiguous.
Process name description
The most basic system process (that is, these processes are the basic conditions for system operation, with these processes, the system can
normal operation)
SMSS.exe session manager
CSRSS.EXE subsystem server process
Winlogon.exe management user login
Services.exe contains many system services
LSAss.exe Manages IP Security Policy and launch Isakmp / Oakley (IKE) and IP security drivers. (system
Services) Generate session keys and grant a service credentials for interactive client / server authentication. (System service) -> Netlogon
SVCHOST.EXE contains many system services !!! -> Eventsystem, (Spoolsv.exe loads files into memory so
After printing. )
Explorer.exe Explorer (Pinyin Icon of Internat.exe Trays)
============================================================================================================================================================================================================= ==================
Additional system processes (these processes are not necessary, you can increase or decrease through service manager as needed)
MStask.exe allows programs to run at the specified time. (System Services) -> Schedule
Regsvc.exe allows remote registry operations. (System Services) -> RemoteRegister
Winmgmt.exe provides system management information (system service).
inetinfo.exe-> MSFTPSVC, W3SVC, Iisadmn
TLNTSVR.EXE-> TLNRSVR
TFTPD.exe implements TFTP Internet standards. This standard does not require username and password. Part of the remote installation service
. (system service)
Termsrv.exe -> Termservice
DNS.exe Answer Query and Update Request for Domain Name System (DNS) name. (system service)
============================================================================================================================================================================================================= ================
The following is all system services, and rarely use it, if you don't need it for the time being, it should be turned off (harmful to security)
TCPSVCS.EXE provides remote installation of Windows 2000 Professional on PXE Remote Starts Customer Computer
Ability. (System Services) -> SimptCP supports the following TCP / IP services: Character Generator, Daytime,
Discard, Echo, and Quote of The Day. (system service)
Ismserv.exe allows you to send and receive messages between Windows Advanced Server sites. (system service)
UPS.exe management is connected to the computer's uninterruptible power supply (UPS). (system service)
Wins.exe provides NetBIOS Name Services for TCP / IP customers registered and parsing NetBIOS names. (System service
Affiliate
Llssrv.exe license logging service (system service)
NTFRS.EXE Synchronize files in the maintenance file directory content between multiple servers. (system service)
Rssub.exe controls media used to remotely store data. (system service)
Locator.exe Management RPC Name Service Database .-> RPClocator (District RPCSS) Lserver.exe Register Client License. (system service)
DFSSVC.exe Manages logical volumes distributed in a local area network or wide area network. (system service)
Clipsrv.exe supports the "Scrapbook Viewer" so that you can access the scrap page from the remote scrapbook. (system service)
Msdtc.exe is a transaction, which is distributed in more than two databases, message queues, file systems, or other transaction protection.
Resource manager. (system service)
Faxsvc.exe Helps you send and receive faxes. (system service)
CISVC.EXE INDEXING Service (System Service) !!!
Dmadmin.exe System Management Service for Disk Management Request. (system service)
MnMsrvc.exe allows users to access the Windows desktop remotely using NetMeeting remotely. (system service)
NetDe.exe provides network transfer and security features of Dynamic Data Exchange (DDE). (system service)
SMLogsvc.exe Configuring Performance Logs and Alerts. (system service)
RSVP.EXE provides network signals and local communication control installations for programs and control applications that depend on quality service (QoS)
can. (system service)
RSENG.EXE coordinates the service and management tools for storing uncommon data. (system service)
RSFSA.EXE manages the operation of the file that is stored. (system service)
GROVEL.EXE Scan Zero Backup Storage (SIS) Volumes on the volume, and points your duplicate file to a data storage point.
Save disk space. (system service)
Scardsvr.exe manages and accesss control over smart cards inserted in your computer smart card reader. (system service)
SNMP.exe contains the agent to monitor the network device and report to the network console workstation. (system service
)
SNMPTrap.exe Receives trap messages generated by local or remote SNMP proxy, then pass messages to run
SNMP management program on this computer. (system service)
Utilman.exe launches and configures an auxiliary tool from a window. (system service)
Msiexec.exe is installed, repaired, and deletes software based on the command contained in the .msi file. (system service)
See Microsoft Web for details
