When starting Windows XP/2003, there are always quite a few programs transferred to the system memory. We can call up the Windows Task Manager by pressing Ctrl+Atl+Del to check the progress of these programs. Process is the virtual address space and control information needed for program execution. By looking at the process, we can know which programs are running.

Some of these programs are used to control important system functions, such as hardware devices and file management. Some users don't need it at all, so stopping it can save system resources and speed up the system operation; There may be some virus programs. Only by knowing the situation in time and taking corresponding anti-virus measures can the security of the system be fully guaranteed.

The basic system process is a necessary condition for the system to run, and it can't be shut down to ensure the normal operation of the system. Although some extra system processes are unnecessary, we can start and stop them through the service manager (control panel → administrative tools → services) according to the situation.

This paper lists the process of Windows XP/2003 system for readers' quick reference.

First, the basic system flow

Process name

Description of production process

Can you turn it off?

Smss.exe

The session management subsystem is responsible for starting user sessions. This process responds to many active threads and sets system variables.

no

Service.exe

Including alarm, event log, plug and play and other system services.

no

Svchost.exe

You can see multiple Svchost.exe processes loading multiple system services.

no

Csrss.exe

This is a subsystem server process, which is responsible for controlling Windows to create or delete threads and 16-bit virtual DOS environment.

no

Winlogon.exe

Manage user login and logout.

no

Lsass.exe

It is used to store the security information of local user accounts, manage domain login, and support network computer login authentication events.

no

Explorer.exe

Resource manager, including taskbar, desktop, etc.

can

Taskmagr.exe

This process is the task manager.

can

system idle process

[JP2] This process runs as a single thread on each processor and allocates processor time when the system is not processing other threads [JP]

no

Internat.exe

Load the EN icon and enter the icon area of the system.

can

Second, the additional system flow

Process name

Corresponding service

Corresponding service description

Service operation suggestion

Clipsrv.exe

scrap book

Scrapbook. Enable ClipBook Viewer to store information and realize remote computer * * *

stop

Netdde.exe

. Network dynamic data exchange

Network dynamic data exchange service. Provides dynamic data exchange (DDE) network transmission and security for programs running on the same computer or different computers.

If you don't need the scrapbook service, please stop.

Network Dde Dsdm

Network dynamic data exchange network * * * Enjoy the service. Managing dynamic data exchange (DDE) networks * * * Enjoy

If the network DDE service is not needed, please stop.

Dllhost.exe

COM+ system applications and

COM+ system application service. Manage the configuration and tracking of COM+-based components.

begin

MS software shadow copy provider

Manage the volume replication service. If this service is stopped, software shadow copy will be unmanageable, and any services that depend on it (such as MS Backup) will be unable to start.

begin

Msdtc.exe

Distributed transaction coordinator

Distributed transaction coordinator. Coordinate transactions across multiple resource managers such as databases, message queues, and file systems.

stop

Cisvc.exe

Indexing service

Indexing service. Index the contents and attributes of files on local and remote computers, and provide fast access to files through flexible query language.

stop

Dmadmin.exe

Logical disk manager management service

Logical disk administrator system management service. Configure hard disks and volumes. The service only runs during the configuration process and then terminates.

According to the specific situation, it is set to manual.

Spoolsv.exe

Print spooler system

Print background processing service. Load the file into memory, and then send the data to the printer for processing after the printer is idle.

If there is no printer, you can stop.

Vssvc.exe

Shadow copy

Upload management service. Manage and execute shadow copies for backup and other purposes.

stop

Msiexec.exe

Windows Installer

Windows installation service. Install, repair or remove the software according to the instructions contained in the msi file.

It depends on the situation.

Imapi.exe

IMAPI CD-Burning Com service

IMAPI disc burning service. Managing CD burning with image mastering application programming interface (IMAPI)

If there is no burner, stop

Smlogsvc.exe

Performance logs and alerts

Performance logging and warning service

stop

Scardsvr.exe

smart card

Smart card service. Manage this computer's access to smart cards.

stop

Smart card assistant

Smart card assistance service. Enables support for traditional non-plug and play smart card readers.

stop

Ups.exe

UPS

Ups power management service. Manage the Uninterruptible Power Supply (UPS) connected to the computer.

stop

Wmiapsrv.exe

WMI performance adapter

WMI performance adapter service. Provider performance library information from WMI Hiperf

stop

Alg.exe

Application layer gateway service

Application layer gateway. Provide third-party protocol plug-in support for Internet connection and Internet connection firewall.

If you don't use the Internet firewall, please stop.

Mnmsrvc.exe

Netmeeting remote desktop sharing

NetMeeting remote desktop * * * enjoy. Allow authorized users to remotely access this computer on the company Intranet using NetMeeting.

If you don't need to enjoy the remote desktop, stop.

Rsvp.exe

Qos Rsvp

Qos admission control service. Provide network signals and local communication control installation functions for programs and control applications that depend on quality of service (Qos).

If the network card does not support 802. 1p, stop.

Sessmgr.exe

Remote Desktop Help Session Manager

Remote desktop assistance service. Managing and controlling remote assistance

If you are not using Remote Assistance, please stop.

Locator.exe

Remote procedure call locator

The remote procedure calls the location service. Manage RPC name service database

stop

Tlntsvr.exe

A standard protocol for remote connection service or software (which can be a verb) that implements this protocol.

Remote login service. Allow remote users to log on to this computer and run programs.

stop

Third, the common software and program flow.

Process name

Corresponding software program

Accwiz.exe

Accessibility wizard

Agentsvr.exe

Ole automation server, part of Microsoft agent

Alogserv.exe？ Avconsol.exe？ Avsynmgr.exe

Anti-virus software Mcafee Virusscan.

Backweb.exe

Advertising plug-in

Bcb.exe

Borland C++ Builder

Calc.exe

Windows calculator program

Capp.exe

Symantec client with antivirus and personal firewall

Charmap.exe

Windows Character Map helps you find unusual characters.

Cidaemon.exe

The Windows Indexing Service will help you search for files faster next time.

3】 Cisvc.exe

The sword depends on the memory usage. If it exceeds 40M, it will automatically restart the process.

Cleanmgr.exe

Windows disk cleaner

Cliconfig.exe

SQL Server Client Network Utility

Clipbrd.exe

Clipbook viewer

Cmd.exe

Windows command console program

Cmesys.exe

Crocodile zengyi advertisement plug-in

Conf.exe

Network conference system

Control.exe

Windows control panel program

Ctfmon.exe

Control the Microsoft Office language bar

Ddeshare.exe

DDE*** Enjoy Plan

Dialer.exe

Telephone dialing program

Drwtsn32.exe

Dr. Watson

Dxdiag.exe

Directx diagnostic tool

Em_Exec

Logitech mouse status bar icon process

Excel.exe

Microsoft Excel spreadsheet program

Eudcedit.exe

True word-making program

Freecell.exe

Free cell game

Frontpage.exe

Microsoft FrontPage

Fsquirt.exe

Bluetooth file transfer wizard

Fxscover.exe

Fax home page editor

Gmt.exe

Gator spyware advertising plug-in

Iexplore.exe

Microsoft Internet Explorer web browser

Inetwiz.exe

Internet connection wizard

Hh.exe

Windows helper

Loadqm.exe

MSN queue manager loader

Loadwc.exe

Load WebCheck to customize some IE settings.

Magnify.exe

Window magnifier

Migwiz.exe？ Migwiz_a.exe

File and Settings Transfer Wizard

Mmc.exe

Microsoft console management program, including multiple system tools.

Mobsync.exe

Part of IE, used to synchronize offline viewing pages in the background.

Moviemk.exe

Windows audio-visual production

Msaccess.exe

Microsoft Access database software

Msconfig.exe

System configuration application

Msdtc.exe

Ms DTC management program

Msheartts.exe

Online red heart game

Mshta.exe

User account manager

Msiexec.exe

Part of Windows Installer

Msimn.exe

Microsoft Outlook Express

Msmsgs.exe

Msn Messenger chat software

Msoobe.exe

Product activation plan for Windows XP license

Mspaint.exe

Microsoft drawing program

Mysqld-nt.exe

The Mysql daemon controls access to the Mysql database.

Narrator.exe

Microsoft narrator program, you can read menus, dialogs and so on.

Navapsvc.exe？ Navapw32.exe

Norton antivirus firewall

Netscape.exe

Netscape web browser

Netsetup.exe

Network installation wizard

Notepad.exe

Windows notepad program

Ntbackup.exe

Windows backup tools are used to back up files and folders.

Ntvdm.exe

A Windows virtual machine is a virtual machine that is set to be compatible with the old 16-bit Windows and DOS programs.

Nwiz.exe

NVidia nView control panel

Odbcad32.exe

Open database connection

Osa.exe

Microsoft Office startup assistant

Osk.exe

Windows screen keyboard

Outlook.exe

Microsoft Outlook

Packager.exe

Object packaging

Pinball.exe

Pinball game

Point32.exe

Microsoft IntelliMouse monitor icon in the toolbar

Powerpnt.exe

Microsoft PowerPoint

Pstores.exe

Microsoft protected storage service controls the encryption password.

Qttask.exe

Quick time taskbar icon

Realplay.exe

RealPlayer media player

Regedit.exe

Registry editor

Rstrui.exe

System recovery program

Rundll32.exe

Windows runs dll32 to call the dll program.

Sigverif.exe

File signature verification program

Sndrec32.exe

Windows recorder

Sndvol32.exe

Windows sound control process

Spools.exe

Windows printer control subroutine

Sysedit.exe

System configuration editor

Tapisrv.exe

Windows telephone background service program (TAPI)

Userinit.exe

Login script, establish network connection, start shell shell.

Vsmon.exe

Part of Zonealarm's personal firewall

Wab.exe

Address book in Outlook

Wiaacmgr.exe

Scanner and camera wizard

Winchat.exe

Windows chat tool

Winhlp32.exe

Windows help file viewer

Winproj.exe

Microsoft Project is a project planner.

Winword.exe

Microsoft word processing software

Wkcalrem.exe

Microsoft works calendar reminder schedule reminder

Wkqkpick.exe

Winzip status bar icon

Wmplayer.exe

Windows Media Player media player

Wordpad.exe

Windows wordpad program

Wowexec.exe

Windows executes support programs on Windows, similar to Ntvdm.exe, to be compatible with 16-bit applications.

Ypager.exe

Yahoo messenger status bar icon

Four, common viruses, Trojan process

Process name

The corresponding virus, Trojan horse.

Process name

The corresponding virus, Trojan horse.

. Extensions of executable programs

Blast furnace evolution

Intel.exe

Legendary rebellion

_. Extensions of executable programs

have a try

Internet.exe

Legendary ghost

Aboutagirl.exe

First lover

Internet.exe

Network god head

Absr.exe

Back door. Automatic updater

Kernel 16.exe

Transmission count

Aplica32.exe

The late virus society

Kernel32.exe

Batu or glacier

Avconsol.exe

The late virus society

Kiss.exe

Legendary angel

Avp.exe

The late virus society

Krn 132.exe

Attached letter virus

Avp32.exe

The late virus society

Libupdate.exe

Biological network

Avpcc.exe

The late virus society

Load.exe

Nimda virus

Avpm.exe

The late virus society

Lock it down? 2000.exe

The late virus society

Avserve.exe

Shock wave virus

Mbbmanager.exe

Smart gene

Bbeagle.exe

Evil eagle virus

Mdm.exe

Dolly 1.6- 1.7

Brain spy. Extensions of executable programs

Brain spy vBeta

Microsoft

Legendary cryptographer

Cfiadmin.exe

The late virus society

Mmc.exe

Nimda virus

Cfiaudit.exe

The late virus society

Mprdll.exe

Application for permission of biological products

Cfinet32.exe

The late virus society

Msabel32.exe

Cain and Abel

Checkdll.exe

Net cow

Msblast.exe

Shock wave virus

Cmctl32.exe

Back structure

Mschv.exe

control

Command.exe

Aol troy company

Msgsrv36.exe

be stuporous

Diagcfg.exe

Guangwai girl

Msgsvc.exe

Fire phoenix

Dkbdll.exe

Der Spaeher

Msgsvr 16.exe

Acid trembling

Dllclient.exe

Bergkamp

Msie5.exe

Canazon

Dvldr32.exe

Cryptographic virus

Msstart.exe

Back door. livup

Esafe.exe

The late virus society

Mstesk.exe

Dolly 1. 1- 1.5

Expiorer.exe

Acid battery

Netip.exe

Spirit 2000 beta

Feweb.exe

The late virus society

Netspy.exe

Network elf

Flcss.exe

Fun love virus

Notpa.exe

secret

Frw.exe

The late virus society

Odbc.exe

Remote control instruction

Icload95.exe

The late virus society

Pcfwallicon.exe

The late virus society

Icloadnt.exe

The late virus society

Pcx.exe

Explorer

Icmon.exe

The late virus society

Pw32.exe

The late virus society

Icsupp95.exe

The late virus society

Recycle-Bin.exe

heap of dog droppings

Iexplore.exe

Malicious postman virus

Regscan.exe

Porter's back door variety

Rpcsrv.exe

Malicious postman virus

Tftp.exe

Nimda virus

Rundll.exe

SCKISS love forest

Thing.exe

thing

Rundll32.exe

Hunter virus

User.exe

SchWindler

Runouce.exe

China hacker virus

Vp32.exe

The late virus society

Scanrew

Legendary terminator

Vpcc.exe

The late virus society

Scvhost.exe

Anger virus

Vpm.exe

The late virus society

Server 1.2.exe

Spirit 2000? 1.2 fixation

Vsecomr.exe

The late virus society

Server.exe

Nemesis, Winchester, Yate

Vshwin32.exe

The late virus society

Service.exe

Trino

Vsstat.exe

The late virus society

Setup.exe

Password virus or Xanadu

Vw32.exe

The late virus society

Sockets.exe

vampire

Windown.exe

Spirit 2000 1.2

Something.exe

Blade

Windows.exe

Black hole 200 1

Spfw.exe

Ripple change PX

Winfunctions.exe

Shades of Darkness

Svchost.exe (thread 105)

Code Blue

Wingate.exe

Malicious postman virus

Sysedit32.exe

SCKISS love forest

Wink.exe

Attached letter virus

Sysexplor.exe

wCrat

Winl0g0n.exe

Laughter virus

Sysexplr.exe

glacier

Winmgm32.exe

Big Mac virus

Syshelp.exe

Malicious postman virus

Winmsg32.exe

Xtcp

Sysprot.exe

Satan back door

Winprot.exe

Chupachbra

Sysrunt.exe

Ripper

Winprotecte.exe

sneaky

System.exe

heap of dog droppings

Winrpc.exe

Malicious postman virus

System32.exe

Deep throat 1.0

Winrpcsrv.exe

Malicious postman virus

Systray.exe

Deep throat 2.0-3. 1

Winserv.exe

Softwarst

Syswindow.exe

Troy cows

Winsys

Legendary hunter

Task bar. exe

WebEx

Winupdate.exe

Sckiss love forest

Taskbar.exe

Encrypted virus

Winver.exe

Sckiss love forest

Taskmon.exe

Norich worm virus

Winvnc.exe

Malicious postman virus

Task 32

The legendary black eyes

Winzip.exe

Shadow plan

Tds2-98.exe

The late virus society

Wqk.exe

Attached letter virus

Tds2-Nt.exe

The late virus society

Wscan.exe

Attack FTP

Temp$0 1.exe

Snid

Xx.Tmp.exe

Nimda virus

Tempinetb？ 00st.exe

inexplainable

Zcn32.exe

ambush

Tempserver.exe

Delta source

Zonealarm.exe

The late virus society