windows XP 中有个tasklist.exe程序
在CMD下运行tasklist /svc就可以看到每个进程中的服务,如
System Idle Process 0 暂缺
System 4 暂缺
smss.exe 444 暂缺
csrss.exe 508 暂缺
winlogon.exe 532 暂缺
services.exe 576 Eventlog, PlugPlay
lsass.exe 588 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 748 DcomLaunch, TermService
svchost.exe 788 RpcSs
svchost.exe 1140 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
EventSystem, FastUserSwitchingCompatibility,
helpsvc, LanmanServer, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, ShellHWDetection,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv, WZCSVC
svchost.exe 1652 Dnscache
svchost.exe 1688 Alerter, LmHosts, WebClient
explorer.exe 316 暂缺
RavMon.exe 472 暂缺
ThunderMini.exe 476 暂缺
ctfmon.exe 488 暂缺
nvsvc32.exe 1396 NVSvc
RavMonD.exe 1452 RsRavMon
wdfmgr.exe 1716 UMWdf
alg.exe 1236 ALG
PortalClient.exe 1648 暂缺
cmd.exe 1928 暂缺
conime.exe 1840 暂缺
wmiprvse.exe 1384 暂缺
tasklist.exe 1264 暂缺
一般svchost进程都是服务进程,如果有个svchost不带服务名,那么它就可疑了,应该查毒。
作者Blog:
http://blog.csdn.net/bluekylin/