Basic system processes (that is, these processes are the basic conditions for system operation, with these processes, the system can run normally)
smss.exe Session Manager
csrss.exe subsystem server process
winlogon.exe Managing User Login
services.exe contains many system services
lsass.exe manages IP security policies and starts ISAKMP/Oakley (IKE) and IP security drivers. (System Service) Generates a session key and grants a service ticket for interactive client/server authentication. (System Services) -> netlogon
svchost.exe contains many system services!!!->eventsystem, (SPOOLSV.EXE loads files into memory for later printing.)
explorer.exe Resource Management (internat.exe pinyin icon in the tray area)
Additional system processes (these processes are not necessary, you can increase or decrease through the service manager as needed)
Mstask.exe allows programs to run at a specified time. (System Services)->schedule
regsvc.exe allows remote registry operations. (System Services)->remoteregister
winmgmt.exe provides system management information (system services).
inetinfo.exe->msFTPsvc,w3svc,IISadmn
tlntsvr.exe->tlnrsvr
tftpd.exe implements the TFTP Internet standard. This standard does not require a username and password. Part of the remote installation service. (System Services)
termsrv.exe ->termservice
dns.exe answers queries and update requests for Domain Name System (DNS) names. (System Services)
The following are all system services, and will rarely be used, if you do not need it for a while, it should be turned off (harmful for security)
tcpsvcs.exe Provides the ability to remotely install Windows 2000 Professional
on a PXE remote bootable client computer. (System Services)->simptcp supports the following TCP/IP services: Character Generator, Daytime,
Discard, Echo, and Quote of the Day. (System Services)
ismserv.exe allows messages to be sent and received between Windows Advanced Server sites. (System Services)
ups.exe Manages the uninterruptible power supply (UPS) connected to the computer. (System Services)
wins.exe Provides the NetBiOS Name Service for TCP/IP clients who register and resolve NetBIOS-type names. (System Services)
llssrv.exe License Logging Service(system service)
ntfrs.exe Maintains file synchronization of file directory contents across multiple servers. (System Services)
RsSub.exe controls the media used to store data remotely. (System Services)
locator.exe Manage RPC Name Service Database.->rpclocator(Zone RpCSS)
lserver.exe Register a client license. (System Services)
dfssvc.exe Management Distributed on LAN or 阌蛲 呒怼? System Services)
clipsrv.exe supports "Scrapbook Viewer" so that you can view scrapbook pages from remote scrapbooks. (System Services)
msdtc.exe A side-by-side transaction that is distributed across more than two databases, message queues, file systems, or other transaction protection
resource managers. (System Services)
faxsvc.exe helps you send and receive faxes. (system service)
cisvc.exe Indexing Service(system service)!!!
dmadmin.exe System management service for disk management requests. (System Services)
mnmsrvc.exe allows authorized users to remotely access the Windows desktop using NetMeeting. (System Services)
netdde.exe provides network transport and security features for Dynamic Data Exchange (DDE). (System Services)
smlogsvc.exe Configure performance logs and alerts. (System Services)
rsvp.exe provides network signals and local communication control installation capabilities for Quality of Service (QoS)-dependent programs and control applications. (System Services)
RsEng.exe coordinates services and management tools used to store less frequently used data. (System Services)
RsFsa.exe manages the operation of remotely stored files. (System Services)
grovel.exe scans duplicate files on a zero-backup storage (SIS) volume and points duplicate files to a data storage point,
to save disk space. (System Services)
SCardSvr.exe manages and controls access to smart cards inserted in a computer smart card reader. (System Services)
snmp.exe contains an agent that monitors the activity of network devices and reports to the network console workstation. (System Services)
snmptrap.exe receives trap messages generated by local or remote SNMP agents and then passes the messages to the SNMP manager running on this computer. (System Services)
UtilMan.exe Launches and configures accessibility tools from a window. (System Services)
msIExec.exe installs, repairs, and removes software based on the commands contained in the .MSI file. (System Services)
Summary:
The secret to discovering suspicious processes is to look at the list of processes in the Task Manager. After reading more, you can find suspicious processes at a glance, just like finding a group of familiar people. Like strangers in the