Difference between revisions of "Processes in the Windows Task Manager"

Revision as of 06:19, 29 August 2009

Legacy Notes Section

 Services which may be in your task monitor on Windows XP (most apply to Win2k also)
 Windows Services, 3rd Party Services and Drivers
 
 process               description
 -------------------------------------------------------------------------------
 
 USER LEVEL PROCESSES:
 
 1XConfig.exe  Shuttle and SCM MicroSystems drivers or USB utilities Tray icon
 AltiAgent.exe VOiP software propritary
 AltDesk.exe   virtual desktop manager for Windows 9x/NT/Me/2000/XP
 ApntEx.exe    Alps Pointing-device touchpad software driver
 Apoint.exe    Alps Pointing-device touchpad software driver
 F-StopW.exe   F-Prot anti-virus background scanner
 hkcmd.exe     Hotkey Command interpretter part of Intel multimedia devices
 igfxtray.exe  Intel Graphics Tray Icon Graphics Accelerator Helper
 jusched.exe   Sun Microsystem's Java updater
 PRONoMgr.exe  System Tray icon for Intel PRO series Ethernet
 STACMON.exe   SigmaTel Souncard Monitor stacmon for Sigmatel audio devices
 TeaTimer.exe  Spybot search and destroy realtime monitor
 ZCfgSVC.exe   Intel ProSET Zero Config MFC Application Windows 2000/XP/2003 Service
 
 SYSTEM LEVEL PROCESSES:
 
 csrss.exe     
 LSASS.EXE     Local Security Authority Service Process 
 S24EvMon.exe  Event Monitor Wireless extensions for network driver
 SERVICES.EXE  Windows Service Controller for starting and stopping services
 smss.exe      MS Windows Session Manager Subsystem
 SPOOLSV.EXE   Microsoft Printer Spooler responsible for managing print jobs
 svchost.exe   (*A)DLL generic host process
 
 LOCAL SERVICE PROCESSES:
 
 alg.exe               Microsoft Windows Internet Connection sharing and firewall
 svchost.exe   (*A)DLL generic host process
 
 NETWORK SERVICE PROCESSES:
 
 svchost.exe   (*A)DLL generic host process
 
 -------------------------------------------------------------------------------
 
 notes:
 
 (*A). Legit svchost.exe will be present in the %Windir%\System32 folder.  They
 are generic host process name for services that run from dynamic-link
 libraries (DLLs).  The Svchost.exe file is located in the
 %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part
 %of the registry to construct a list of services that it must load. Multiple
 %instances of Svchost.exe can run at the same time. Each Svchost.exe session
 %can contain a grouping of services. ( MSKB Article ID : 314056 )
 Svchost.exe groups are identified in the following registry key:
 HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost
 PROCESS DETAILS for each svchost:
 At the command prompt type tasklist /svc /fi "imagename eq svchost.exe" and
 press the enter key. You will see a list of the processes on your computer as
 well as the services that a SVCHOST.EXE process is managing.
 EXAMPLE:
 C:\>tasklist /svc /fi "imagename eq svchost.exe"
 
 Image Name                   PID Services
 ========================= ====== =============================================
 svchost.exe                  852 DcomLaunch, TermService
 svchost.exe                  940 RpcSs
 svchost.exe                 1032 AudioSrv, CryptSvc, Dhcp, dmserver, ERSvc,
                                  EventSystem, helpsvc, HidServ, lanmanserver,
                                  lanmanworkstation, Netman, Nla, Schedule,
                                  seclogon, SENS, SharedAccess,
                                  ShellHWDetection, srservice, Themes, TrkWks,
                                  W32Time, winmgmt, wuauserv, WZCSVC
 svchost.exe                 1080 Dnscache
 svchost.exe                 1136 LmHosts, RemoteRegistry, SSDPSRV, WebClient

@@ Line 1: / Line 1: @@
+== Legacy Notes Section ==
+  <nowiki>Services which may be in your task monitor on Windows XP (most apply to Win2k also)</nowiki>
+  <nowiki>Windows Services, 3rd Party Services and Drivers</nowiki>
+  <nowiki></nowiki>
+  <nowiki>process               description</nowiki>
+  <nowiki>-------------------------------------------------------------------------------</nowiki>
+  <nowiki></nowiki>
+  <nowiki>USER LEVEL PROCESSES:</nowiki>
+  <nowiki></nowiki>
+  <nowiki>1XConfig.exe  Shuttle and SCM MicroSystems drivers or USB utilities Tray icon</nowiki>
+  <nowiki>AltiAgent.exe VOiP software propritary</nowiki>
+  <nowiki>AltDesk.exe   virtual desktop manager for Windows 9x/NT/Me/2000/XP</nowiki>
+  <nowiki>ApntEx.exe    Alps Pointing-device touchpad software driver</nowiki>
+  <nowiki>Apoint.exe    Alps Pointing-device touchpad software driver</nowiki>
+  <nowiki>F-StopW.exe   F-Prot anti-virus background scanner</nowiki>
+  <nowiki>hkcmd.exe     Hotkey Command interpretter part of Intel multimedia devices</nowiki>
+  <nowiki>igfxtray.exe  Intel Graphics Tray Icon Graphics Accelerator Helper</nowiki>
+  <nowiki>jusched.exe   Sun Microsystem's Java updater</nowiki>
+  <nowiki>PRONoMgr.exe  System Tray icon for Intel PRO series Ethernet</nowiki>
+  <nowiki>STACMON.exe   SigmaTel Souncard Monitor stacmon for Sigmatel audio devices</nowiki>
+  <nowiki>TeaTimer.exe  Spybot search and destroy realtime monitor</nowiki>
+  <nowiki>ZCfgSVC.exe   Intel ProSET Zero Config MFC Application Windows 2000/XP/2003 Service</nowiki>
+  <nowiki></nowiki>
+  <nowiki>SYSTEM LEVEL PROCESSES:</nowiki>
+  <nowiki></nowiki>
+  <nowiki>csrss.exe     </nowiki>
+  <nowiki>LSASS.EXE     Local Security Authority Service Process </nowiki>
+  <nowiki>S24EvMon.exe  Event Monitor Wireless extensions for network driver</nowiki>
+  <nowiki>SERVICES.EXE  Windows Service Controller for starting and stopping services</nowiki>
+  <nowiki>smss.exe      MS Windows Session Manager Subsystem</nowiki>
+  <nowiki>SPOOLSV.EXE   Microsoft Printer Spooler responsible for managing print jobs</nowiki>
+  <nowiki>svchost.exe   (*A)DLL generic host process</nowiki>
+  <nowiki></nowiki>
+  <nowiki>LOCAL SERVICE PROCESSES:</nowiki>
+  <nowiki></nowiki>
+  <nowiki>alg.exe               Microsoft Windows Internet Connection sharing and firewall</nowiki>
+  <nowiki>svchost.exe   (*A)DLL generic host process</nowiki>
+  <nowiki></nowiki>
+  <nowiki>NETWORK SERVICE PROCESSES:</nowiki>
+  <nowiki></nowiki>
+  <nowiki>svchost.exe   (*A)DLL generic host process</nowiki>
+  <nowiki></nowiki>
+  <nowiki>-------------------------------------------------------------------------------</nowiki>
+  <nowiki></nowiki>
+  <nowiki>notes:</nowiki>
+  <nowiki></nowiki>
+  <nowiki>(*A). Legit svchost.exe will be present in the %Windir%\System32 folder.  They</nowiki>
+  <nowiki>are generic host process name for services that run from dynamic-link</nowiki>
+  <nowiki>libraries (DLLs).  The Svchost.exe file is located in the</nowiki>
+  <nowiki>%SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part</nowiki>
+  <nowiki>%of the registry to construct a list of services that it must load. Multiple</nowiki>
+  <nowiki>%instances of Svchost.exe can run at the same time. Each Svchost.exe session</nowiki>
+  <nowiki>%can contain a grouping of services. ( MSKB Article ID : 314056 )</nowiki>
+  <nowiki>Svchost.exe groups are identified in the following registry key:</nowiki>
+  <nowiki>HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost</nowiki>
+  <nowiki>PROCESS DETAILS for each svchost:</nowiki>
+  <nowiki>At the command prompt type tasklist /svc /fi "imagename eq svchost.exe" and</nowiki>
+  <nowiki>press the enter key. You will see a list of the processes on your computer as</nowiki>
+  <nowiki>well as the services that a SVCHOST.EXE process is managing.</nowiki>
+  <nowiki>EXAMPLE:</nowiki>
+  <nowiki>C:\>tasklist /svc /fi "imagename eq svchost.exe"</nowiki>
+  <nowiki></nowiki>
+  <nowiki>Image Name                   PID Services</nowiki>
+  <nowiki>========================= ====== =============================================</nowiki>
+  <nowiki>svchost.exe                  852 DcomLaunch, TermService</nowiki>
+  <nowiki>svchost.exe                  940 RpcSs</nowiki>
+  <nowiki>svchost.exe                 1032 AudioSrv, CryptSvc, Dhcp, dmserver, ERSvc,</nowiki>
+  <nowiki>                                 EventSystem, helpsvc, HidServ, lanmanserver,</nowiki>
+  <nowiki>                                 lanmanworkstation, Netman, Nla, Schedule,</nowiki>
+  <nowiki>                                 seclogon, SENS, SharedAccess,</nowiki>
+  <nowiki>                                 ShellHWDetection, srservice, Themes, TrkWks,</nowiki>
+  <nowiki>                                 W32Time, winmgmt, wuauserv, WZCSVC</nowiki>
+  <nowiki>svchost.exe                 1080 Dnscache</nowiki>
+  <nowiki>svchost.exe                 1136 LmHosts, RemoteRegistry, SSDPSRV, WebClient</nowiki>
+  <nowiki></nowiki>
 &nbsp;

Difference between revisions of "Processes in the Windows Task Manager"

Revision as of 06:19, 29 August 2009

Legacy Notes Section

Navigation menu

Views

Personal tools

Navigation

Popular Categories

comprehensive

Search

D.U.C.K. Toolbox