1) svchost.exe running in the Task Manager..?
Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).
Microsoft decided instead of creating a separate executable file for each service that start in windows they will create different .dll files and let the process svchost.exe host them all.
Basicly this means that svchost starts and it loads all the needed dll files from the services needed.
2) What is iexplore.exe?
Iexplore.exe is the process for Microsoft Internet Explorer. This process is a nonessential process and can safely be killed. By killing it, however, one or more Internet Explorer windows will be closed and any data within lost.
3) What is csrss.exe?
Csrss.exe is, by Microsoft's definition, the part of the Microsoft Client/Server Runtime Server Subsystem that runs in user mode. It is a critical subsystem that is primarily responsible for managing threads and creating console windows. It also handles any other operations of the Win32 subsystem that are not in kernel mode. Due to the critical nature of this process, it cannot be stopped from the task manager.
4) What is rundll32.exe?
Rundll32.exe is a process that allows dynamic link libraries (DLLs) to be executed. Many system DLLs contain entry points for external use. These include the control panel, as well as Shell32.dll, which allows you to bring up windows such as the "Open with..." dialog. This process is a system process that is essential to the system's proper operation. Despite this, it is generally safe to kill a misbehaved rundll32.exe, as it will only terminate the program that is executing as a DLL. Removing the executable altogether, however, will render your system unable to execute DLLs and thus render significant parts of the system unusable.
5) What is lsass.exe?
Lsass.exe is by Microsoft's definition, the Local Security Authentication Server. Its purpose is to validate attempts to log on to your machine. If the login is successful, it generates the user's access token and uses it to launch the shell (explorer.exe). Any processes the user launches will also inherit this token.
Due to the critical nature of this process, it cannot be stopped from the task manager.
6) What is alg.exe?
Alg.exe is, according to Microsoft's definition, the Application Layer Gateway Service. It is a necessary process for Internet Connection Sharing, as well as the Windows Internet Connection Firewall. Additionally, it provides the ability to use third-party protocol plugins, such as for a third-party firewall.
If you use the Windows Firewall or Internet Connection Sharing, do not kill this process. Doing so will cause you to lose network connectivity until the next reboot. If you use a third-party firewall, you also may need to keep it running. Additionally, many other pieces of network-related software, such as Intel Pro/Set, is known to require it to be able function properly. It is therefore recommended that you do not disable the Application Layer Gateway.
7) What is wuauclt.exe?
Wuauclt.exe is the Windows Update Autoupdate Client. It is a background process that periodically checks with Microsoft's servers for updates to the operating system and drivers. If you wish to use Automatic Updates, this is a necessary process. If not, you can safely disable the Automatic Updates service, which will prevent it from running. While it is possible to kill this process through the task manager, it is likely that it will immediately come back if automatic updates are enabled.
8) What is ccApp.exe?
CcApp.exe is the Symantec Common Client Application. It is used by many Norton applications, including Norton AntiVirus, Norton AntiSpam, and Norton Internet Security. Norton uses it for its background virus protection and email scanning features. This process is not essential to the operation of the system; however, it is essential to the proper functioning of Norton products. If you do not want to use the background scanning features of your Symantec software, you should disable it in the application. If you do not have any Symantec product installed, you should not have any processes with this name. The presence of this process on systems without Symantec software typically indicates a virus or spyware infection.
9) What is explorer.exe?
Windows Explorer, or explorer.exe, is the default Windows user shell. This process is responsible for the file manager, desktop, and taskbar. As such, it is arguably the most readily apparent process in Windows. Despite its ubiquity, Explorer can be safely terminated. Doing so, however, will prevent you from launching any programs via the graphical user interface (as your taskbar, start menu, and icons will be gone).
10) What is ctfmon.exe?
Ctfmon.exe is the part of Microsoft Office XP and later that is responsible for activating the Alternative User Input Text Input Processor and the Microsoft Office Language Bar. Essentially, it provides support for speech recognition, handwriting recognition, and other types of alternative user input. It may start on system boot, even if no other Microsoft Office applications are running. This is a nonessential process that can safely be terminated as long as there are no Microsoft Office programs running. It is not recommended to terminate it while a Microsoft Office application is running or if you are using handwriting recognition, speech recognition, the language bar, or any other type of alternative user input. If you do not need the functionality this process provides and wish to permanently eliminate it, you can remove Alternative User Input support from your installation of Microsoft Office via the Add/Remove Programs control panel.
11) What is spoolsv.exe?
Spoolsv.exe is the Windows Print Spooler service. Its function is to manage spooled print jobs and handle the print queue. This process is not essential to the operation of the system; however, if you use a printer, the Print Spooler service must be enabled and spoolsv.exe must be running. If you do not have a printer, it is safe to kill this process and disable the Print Spooler service.
12) What is services.exe?
Services.exe is the Windows Services Control Manager. This process is responsible for starting, stopping, and managing system services. Services.exe will start automatic services on boot and stop all services on shutdown. This process is a critical system process and is essential to the operation of the system. Due to the critical nature of the process, it is not possible to terminate it via the task manager. Disabling this process otherwise will render your system unbootable.
13) What is smss.exe?
Smss.exe is the session manager subsystem. This process is responsible for creating environment variables, starting the Win32 subsystem, creating paging files, establishing DOS device mappings, and initializing the Windows Logon Manager. As such, it is responsible for starting user sessions. This process is a critical system process and is essential to the operation of the system. Due to the critical nature of the process, it is not possible to terminate the process via the task manager. Disabling this process otherwise will render your system unbootable.
14) What is jusched.exe?
Jusched.exe is the Java Update Scheduler. This process is installed by Sun Microsystems' Java to periodically check for updates. By default, it is installed as a service and set to start automatically.
This process is a nonessential process and can be safely terminated. Note that terminating the process will prevent automatic updates to Java. To prevent the Java Update Scheduler from starting on boot, open up the Java Control Panel and uncheck "Check for Updates Automatically. When asked if you would like to update monthly, choose "Never Update."
15) What is winlogon.exe?
Winlogon.exe is the part of the Windows Login Subsystem. This process is responsible for handling the secure attention sequence (pressing Ctrl+Alt+Del before seeing the login box), loading user profiles, locking the system when a screensaver is running, and verifying the operating system's activation key. On Windows XP, it provides support functions for Graphical Idenitification and Authentication (GINA). This process is a critical system process and is essential to the operation of the system. Due to the critical nature of the process, it is not possible to terminate the process via the task manager. Disabling it otherwise will prevent you from logging in.
16) What is mdm.exe?
Mdm.exe is the Windows Machine Debug Manager. It is used for debugging scripts in Internet Explorer, as well as debugging code in Microsoft Visual Studio and other Microsoft development environments. This process is a nonessential process and can safely be killed and disabled. By killing the machine debug manager, however, you will lose the ability to debug scripts in Internet Explorer.
17) What is mdm.exe?
Mdm.exe is the Windows Machine Debug Manager. It is used for debugging scripts in Internet Explorer, as well as debugging code in Microsoft Visual Studio and other Microsoft development environments. This process is a nonessential process and can safely be killed and disabled. By killing the machine debug manager, however, you will lose the ability to debug scripts in Internet Explorer.
18) What is alcxmntr.exe?
Alcxmntr.exe, or the Realtek AC97 Audio Event Monitor, is a service installed with Realtek audio drivers. It is not known exactly what this program does; however, it is a necessary part of the Realtek drivers.
This process is not essential to the operation of the system; however, you should not make any attempt to disable it. Doing so may prevent your audio from working.
No comments:
Post a Comment