(1) [system Idle Process]
The process of document: [system process] or [system process]
Process name: Windows system memory process
Description: Windows page memory management process, with priority 0.
Introduction: the process as a single thread running on each processor, and the system does not deal with other threads of processor time allocated. Its occupancy rate in the greater cpu that can be allocated more resources to the CPU, said that the smaller the number of CPU resources.

(2) [alg.exe]
The process of document: alg or alg.exe
Process: Application Layer Gateway Service
Description: This is an application layer gateway services for network sharing.
: A communications gateway plug-in manager for the “Internet Connection Sharing service” and “Internet Connection Firewall” agreement to provide third-party plug-ins.

(3) [csrss.exe]
The process of document: csrss or csrss.exe
The name of the process: Client / Server Runtime Server Subsystem
Description: Client service sub-system for the control of Windows-related graphics subsystem.
: This is a user mode Win32 subsystem. csrss on behalf of the client / server was running sub-system and a basic sub-system has to be run. csrss used to maintain control of Windows, to create or delete the thread and some of the 16-bit virtual MS-DOS environment.

(4) [ddhelp.exe]
The process of document: ddhelp or ddhelp.exe
The name of the process: DirectDraw Helper
Description: DirectDraw Helper is the DirectX graphics for this service an integral part.
Profile: Directx program to help

(5) [dllhost.exe]
The process of document: dllhost or dllhost.exe
The name of the process: DCOM DLL Host Process
Description: DCOM DLL Host-based support for the process COM objects support DLL to run Windows program.
Introduction: com agents, additional system components, the more dll, dllhost occupied cpu and memory resources, more resources, and in August the “killer wave” is probably more familiar with it so that everyone now.

(6) [explorer.exe]
The process of document: explorer or explorer.exe
Process: Program Manager
Description: Windows Program Manager or Windows Explorer for Windows graphical control of Shell, including the Start menu, taskbar, desktop and document management.
: This is a user of the shell, our mission looks like, and so on the desktop. Or that it is the Explorer, you do not believe in the implementation of the run, take a look at it. Its windows system stability is quite important, and Code Red is looking for its troubles in the c and d to create the next-gen explorer.exe.

(7) [inetinfo.exe]
The process of document: inetinfo or inetinfo.exe
The name of the process: IIS Admin Service Helper
Description: InetInfo is the Microsoft Internet Infomation Services (IIS), used to debug Debug debugging.
Introduction: IIS service process, Code Blue is the use of the inetinfo.exe buffer overflow vulnerability.

(8) [internat.exe]
The process of document: internat or internat.exe
The name of the process: Input Locales
Description: The icons used to control the importation of such countries to change the settings, keyboard and type the date format. internat.exe at the start of the run time. It specified by the user to load a different point of input. Input from the registry is the location of the HKEY_USERS \. DEFAULT \ Keyboard Layout \ Preload loading content. internat.exe load “EN” icon into the system icon in the area, allowing users to easily convert the input of different points. When the process stopped, the icon will disappear, but the point still be able to enter through the Control Panel to change.
: It is mainly used to control the input, when your taskbar is no “EN” icon, and the system internat.exe process, it may end out of the process, running in order to implement internat.

(9) [kernel32.dll]
The process of document: kernel32 or kernel32.dll
Process name: Windows shell process
Description: Windows shell process for managing multi-threaded, memory and resources.
: More browsing illegal operation and interpretation of Kernel32

(10) [lsass.exe]
The process of document: lsass or lsass.exe
Process: the security of local authority services
Description: The safety of local authority control services Windows security mechanisms.
IP Security Policy Management to start, as well as ISAKMP / Oakley (IKE) and IP Security, and other drivers.
: This is a local authorized by the security services, and it will use the services winlogon authorized users to generate a process. This process is authorized through the use of the package, for example, the default to the implementation of the msgina.dll. If the authorization is successful, lsass will have access to the user’s token, do not use the token to start the initial shell. Other users by the initialization process will inherit this token. Active Directory windows and remote stack overflow vulnerability, is the use of LDAP 3 search function for users to request a request submitted by the lack of proper border buffer zone, construction of more than 1000 “AND” the request and send it to the server, leading to trigger a stack overflow, so that Lsass . exe services to the collapse of the system in 30 seconds to restart.
(11) [mdm.exe]
The process of document: mdm or mdm.exe
The name of the process: Machine Debug Manager
Description: Debug debugging management for debugging applications and Microsoft Office in the Microsoft Script Editor script editor.
Introduction: Mdm.exe main task is for application software debugging (Debug), said here, pulled beside the point, if you see the system fff at the beginning of the file 0 bytes, which is mdm.exe in the process of debugging In some temporary documents in the operating system automatically shut down when not clear, these fff strange at the beginning of the document are known as the suffix of the CHK files are useless junk files, I even sang throughout   Xiu Yun-for-low-nest   plus travel Lian Kan 6? X systems, as long as the system has Mdm.exe exist, it is possible to have a fff strange at the beginning of the document. The following methods can allow the system to stop running Mdm.exe to complete in order to delete fff at the beginning of the strange: First of all, according to “Ctrl + Alt + Del” combination of keys in the pop-up “procedures to close the” window select “Mdm”, according to the “End Task” button to stop the run Mdm.exe in the background, followed by the Mdm.exe (in the C: \ Windows \ System directory) changed its name to Mdm.bak. Program run msconfig in the start page for the abolition of “Machine Debug Manager” option. This will allow Mdm.exe from the start, and then click “OK” button, the end of the msconfig program and restart your computer. In addition, if you use IE 5.X version of the browser over the proposed script to disable call (click on “Tools → Internet Options → Advanced → disable script called”), so as to avoid fff strange at the beginning of the document once again produce.

(12) [mmtask.tsk]
The process of document: mmtask or mmtask.tsk
Process: the process of multi-media support
Description: The Windows multimedia program back multimedia services, such as MIDI.
: This is a task scheduling service, the user is responsible for the decision in advance at a certain time the task of running the operation.

(13) [mprexe.exe]
The process of document: mprexe or mprexe.exe
Process name: Windows routing process
Description: Windows, including the process of routing to the appropriate part of the network issued a request for the network.
: This is a Windows 32-bit network interface services to process documents, Web client components start at the core. The impression of “A-311 Trojan (Trojan.A-311.104)” will be set up in memory mprexe.exe process, through the end of the process of resource management.

(14) [msgsrv32.exe]
The process of document: msgsrv32 or msgsrv32.exe
Process name: Windows Messenger Service
Description: Windows Messenger service called Windows-driven management and procedures at the start.
Introduction: msgsrv32.exe a window of information management applications, win9x under the sound card or if the card driver is configured incorrectly, it can cause death or prompt msgsrv32.exe error.

(15) [mstask.exe]
The process of document: mstask or mstask.exe
Process name: Windows Scheduled Tasks
Description: Windows program used to set the task of succession in what time or what the date or the backup operation.
: Mission plan, adopted by the registry since its start. As a result, the task through the program since the program started in the System Information program can not see its file name, once it from the registry to remove or disable, then through the mission plans to start the whole process can not be run automatically. win9X under the system will open the program to start the task, the task can double-click the program icon – High – plans to terminate the mandate to stop it from the start. In addition, an attacker in the attack, also plans to use the task, including upload, enhance the authority, planting the back door, sweeping the footprints.

(16) [regsvc.exe]
The process of document: regsvc or regsvc.exe
Process: Remote Registry Service
Description: Remote Registry service on the remote computer used to access the registry.

(17) [rpcss.exe]
The process of document: rpcss or rpcss.exe
The name of the process: RPC Portmapper
Description: Windows of the RPC ports to deal with the process of mapping is called RPC (remote call module) and then mapping them to the designated service providers.
: 98 it is not loaded in the interpreter or guide when they start, if there are problems in use, directly in the registry HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices add “string value”, directed to “C: \ WINDOWS \ SYSTEM \ RPCSS” can be.

(18) [services.exe]
Document the process: services or services.exe
Process name: Windows Service Controller
Description: Windows Management Service.
: Most of the core system as a model of the process is in the process of running the system. Open the management tools in the service, you can see there are a number of service calls in the% systemroot% \ system32 \ service.exe

(19) [smss.exe]
The process of document: smss or smss.exe
The name of the process: Session Manager Subsystem
Description: The process for the session management sub-system
EC to initialize variables system, MS-DOS driver and the LPT1 similar to the name of the COM, call the Win32 Boatbuilding run in the Windows system and the process of landing.
Description: This is a session management sub-system, responsible for the user to start the conversation. This process is the process through the system initialization and the many activities, including running Winlogon, Win32 (Csrss.exe) thread and set up a system to reflect the variable. It starts in these processes, it Winlogon or wait for the end of the Csrss. If the normal course of time, turn off the system. In the event of any unexpected things, smss.exe will allow the system to stop responding (hang is).
(20) [snmp.exe]
The process of document: snmp or snmp.exe
The name of the process: Microsoft SNMP Agent
Description: Windows simple network protocol agent (SNMP) to monitor and send a request to the appropriate part of the network.
Description: responsible for receiving requests for SNMP messages, according to the request sent in response to messages and WinsockAPI to deal with the interface.

(21) [spool32.exe]
The process of document: spool32 or spool32.exe
The name of the process: Printer Spooler
Description: Windows printing mission control procedures in place for the printer.

(22) [spoolsv.exe]
The process of document: spoolsv or spoolsv.exe
The name of the process: Printer Spooler Service
Description: Windows printing mission control procedures in place for the printer.
: Buffer (spooler) buffer pool management services are the print and fax operations.

(23) [stisvc.exe]
The process of document: stisvc or stisvc.exe
The name of the process: Still Image Service
Description: Still Image Service is used to control the scanner and digital camera connected to Windows.

(24) [svchost.exe]
The process of document: svchost or svchost.exe
The name of the process: Service Host Process
Description: Service Host Process is a standard DLL host processing services.
Introduction: Svchost.exe those documents from the DLL to run the service is a common host of the process. Svhost.exe document positioning system in the% systemroot% \ system32 folder. Start at the time, Svchost.exe checks the location of the registry to load the need to build a list of services. This results in a number of Svchost.exe running at the same time. Svchost.exe back during each of the services are set to such an extent that individual must rely on the services and how Svchost.exe where to start. This is all the more easy to control and look for errors. windows 2k General 2 svchost process is a RPCSS (Remote Procedure Call) service process, and one shared by many of the services of a svchost.exe. In windows XP, there is generally more than 4 svchost.exe process services, windows 2003 server is in more.

(25) [taskmon.exe]
The process of document: taskmon or taskmon.exe
Process name: Windows Task Optimizer
Description: windows task Optimizer you use a program to monitor the frequency and load through the regular use of those procedures are in place to organize your hard disk optimization.
: Task Manager, and its function is to monitor the implementation of the program at any time and report. Be able to monitor all the windows in the taskbar to run the program, and open the end of the process, but also directly out of the system to close the dialog box.

(26) [tcpsvcs.exe]
The process of document: tcpsvcs or tcpsvcs.exe
Process name: TCP / IP Services
Description: TCP / IP Services Application through the support of the TCP / IP to connect local area networks and the Internet.

(27) [winlogon.exe]
The process of document: winlogon or winlogon.exe
Process name: Windows Logon Process
Description: Windows NT users landing procedures. This is the process of managing the user to log in and out of. Winlogon and the user press the CTRL + ALT + DEL when activated, shows the security dialog box.

(28) [winmgmt.exe]
The process of document: winmgmt or winmgmt.exe
Process name: Windows Management Service
Description: Windows Management Service through the Windows Management Instrumentation data WMI) from the application of technology to deal with the client’s request.
Profile: winmgmt is win2000 client management of the core components. When the client application to connect or when management needs his own service initialization process. WinMgmt.exe (CIM Object Manager) and Knowledge Base (Repository) is the WMI two main components, of which Knowledge is the definition of the object database, which is to store all the static data management center database, the object manager responsible for knowledge Library and the collection of objects from the operation and WMI provider to collect information. WinMgmt.exe in Windows 2k/NT on as a service running in Windows 95/98 as an independent exe program. Windows 2k computer system in some emerging WMI error can be installed on Windows 2k SP2 to fix.

(29) [system]
Document the process: system or system
Process name: Windows System Process
Description: Microsoft Windows system process.
: In the Task Manager to see this process, the normal process of the system.

The process of introducing the system here.
Windows2k/XP in the following process is to be loaded:
smss.exe, csrss.exe, winlogon.exe, services.exe, lsass.exe, svchost.exe (at the same time there are several), spoolsv.exe, explorer.exe, System Idle Process;
In Windows 9x, you must load the process:
msgsrv32.exe, mprexe.exe, mmtask.tsk, kenrel32.dll.