Guest ms Posted August 12, 2008 Posted August 12, 2008 W2K/SP4, home desktop, DUN, no system issues AFAIK. csrss.exe 192 C:\WINNT\system32\csrss.exe Client Server Runtime Process 5.00.2195.6601. Copyright © Microsoft Corp. 1981-1999 Explorer.EXE 1068 C:\WINNT\Explorer.EXE Windows Explorer 5.00.3700.6690. Copyright © Microsoft Corp. 1981-1999 lsass.exe 256 C:\WINNT\system32\lsass.exe LSA Executable and Server DLL (Export Version) 5.00.2195.6695. Copyright © Microsoft Corp. 1981- 1999 msdtc.exe 480 C:\WINNT\System32\msdtc.exe MS DTC console program 03.00.00.3504. Copyright © Microsoft Corp. 1995-1999 MSTask.exe 648 C:\WINNT\system32\MSTask.exe Task Scheduler Engine 4.71.2195.6704. Copyright © Microsoft Corp. 1997 services.exe 244 C:\WINNT\system32\services.exe Services and Controller app 5.00.2195.6700. Copyright © Microsoft Corp. 1981-1999 smss.exe 168 C:\WINNT\System32\smss.exe Windows NT Session Manager 5.00.2195.6601. Copyright © Microsoft Corp. 1981-1999 spoolsv.exe 452 C:\WINNT\system32\spoolsv.exe Spooler SubSystem App 5.00.2195.6659. Copyright © Microsoft Corp. 1981-1999 svchost.exe 428 C:\WINNT\system32\svchost.exe Generic Host Process for Win32 Services 5.00.2134.1. Copyright © Microsoft Corp. 1981-1999 svchost.exe 596 C:\WINNT\System32\svchost.exe Generic Host Process for Win32 Services 5.00.2134.1. Copyright © Microsoft Corp. 1981-1999 winlogon.exe 216 C:\WINNT\system32\winlogon.exe Windows NT Logon Application 5.00.2195.6714. Copyright © Microsoft Corp. 1981- 1999 WinMgmt.exe 700 C:\WINNT\System32\WBEM\WinMgmt.exe Windows Management Instrumentation 1.50.1085.0100. Copyright © Microsoft Corp. 1995-1999 This is my list of active processes, I omitted my utilities/drivers, the question relates to the MS processes. First, I notice 2 active files of "svchost.exe"- is that normal, or what causes it? Second, is there anything else not normal in a normal system? Thanks Mike
Guest DL Posted August 12, 2008 Posted August 12, 2008 Re: My process list Not unusual Nothing obvious, but some malaware / trojans can assume the identity of another process "ms" <ms@invalid.com> wrote in message news:6geh0jFfddodU1@mid.individual.net... > W2K/SP4, home desktop, DUN, no system issues AFAIK. > > csrss.exe 192 C:\WINNT\system32\csrss.exe Client Server Runtime > Process 5.00.2195.6601. Copyright © Microsoft Corp. 1981-1999 > Explorer.EXE 1068 C:\WINNT\Explorer.EXE Windows Explorer > 5.00.3700.6690. Copyright © Microsoft Corp. 1981-1999 > lsass.exe 256 C:\WINNT\system32\lsass.exe LSA Executable and Server > DLL (Export Version) 5.00.2195.6695. Copyright © Microsoft Corp. 1981- > 1999 > msdtc.exe 480 C:\WINNT\System32\msdtc.exe MS DTC console program > 03.00.00.3504. Copyright © Microsoft Corp. 1995-1999 > MSTask.exe 648 C:\WINNT\system32\MSTask.exe Task Scheduler Engine > 4.71.2195.6704. Copyright © Microsoft Corp. 1997 > services.exe 244 C:\WINNT\system32\services.exe Services and > Controller app 5.00.2195.6700. Copyright © Microsoft Corp. 1981-1999 > smss.exe 168 C:\WINNT\System32\smss.exe Windows NT Session > Manager 5.00.2195.6601. Copyright © Microsoft Corp. 1981-1999 > spoolsv.exe 452 C:\WINNT\system32\spoolsv.exe Spooler SubSystem App > 5.00.2195.6659. Copyright © Microsoft Corp. 1981-1999 > svchost.exe 428 C:\WINNT\system32\svchost.exe Generic Host Process for > Win32 Services 5.00.2134.1. Copyright © Microsoft Corp. 1981-1999 > svchost.exe 596 C:\WINNT\System32\svchost.exe Generic Host Process for > Win32 Services 5.00.2134.1. Copyright © Microsoft Corp. 1981-1999 > winlogon.exe 216 C:\WINNT\system32\winlogon.exe Windows NT > Logon Application 5.00.2195.6714. Copyright © Microsoft Corp. 1981- > 1999 > WinMgmt.exe 700 C:\WINNT\System32\WBEM\WinMgmt.exe Windows Management > Instrumentation 1.50.1085.0100. Copyright © Microsoft Corp. 1995-1999 > > This is my list of active processes, I omitted my utilities/drivers, the > question relates to the MS processes. > > First, I notice 2 active files of "svchost.exe"- is that normal, or what > causes it? > > Second, is there anything else not normal in a normal system? > > Thanks > > Mike > >
Guest John John (MVP) Posted August 13, 2008 Posted August 13, 2008 Re: My process list There is nothing unusual in your list, perhaps it is uncommon to have the Distributed Transaction Coordinator service (msdtc.exe) running on a home machine but there may be a valid reason to have it running. Having multiple instances of Svchost,exe running is perfectly normal, see the following for more information: Description of Svchost.exe in Windows 2000 http://support.microsoft.com/kb/250320/ John ms wrote: > W2K/SP4, home desktop, DUN, no system issues AFAIK. > > csrss.exe 192 C:\WINNT\system32\csrss.exe Client Server Runtime > Process 5.00.2195.6601. Copyright © Microsoft Corp. 1981-1999 > Explorer.EXE 1068 C:\WINNT\Explorer.EXE Windows Explorer > 5.00.3700.6690. Copyright © Microsoft Corp. 1981-1999 > lsass.exe 256 C:\WINNT\system32\lsass.exe LSA Executable and Server > DLL (Export Version) 5.00.2195.6695. Copyright © Microsoft Corp. 1981- > 1999 > msdtc.exe 480 C:\WINNT\System32\msdtc.exe MS DTC console program > 03.00.00.3504. Copyright © Microsoft Corp. 1995-1999 > MSTask.exe 648 C:\WINNT\system32\MSTask.exe Task Scheduler Engine > 4.71.2195.6704. Copyright © Microsoft Corp. 1997 > services.exe 244 C:\WINNT\system32\services.exe Services and > Controller app 5.00.2195.6700. Copyright © Microsoft Corp. 1981-1999 > smss.exe 168 C:\WINNT\System32\smss.exe Windows NT Session > Manager 5.00.2195.6601. Copyright © Microsoft Corp. 1981-1999 > spoolsv.exe 452 C:\WINNT\system32\spoolsv.exe Spooler SubSystem App > 5.00.2195.6659. Copyright © Microsoft Corp. 1981-1999 > svchost.exe 428 C:\WINNT\system32\svchost.exe Generic Host Process for > Win32 Services 5.00.2134.1. Copyright © Microsoft Corp. 1981-1999 > svchost.exe 596 C:\WINNT\System32\svchost.exe Generic Host Process for > Win32 Services 5.00.2134.1. Copyright © Microsoft Corp. 1981-1999 > winlogon.exe 216 C:\WINNT\system32\winlogon.exe Windows NT > Logon Application 5.00.2195.6714. Copyright © Microsoft Corp. 1981- > 1999 > WinMgmt.exe 700 C:\WINNT\System32\WBEM\WinMgmt.exe Windows Management > Instrumentation 1.50.1085.0100. Copyright © Microsoft Corp. 1995-1999 > > This is my list of active processes, I omitted my utilities/drivers, the > question relates to the MS processes. > > First, I notice 2 active files of "svchost.exe"- is that normal, or what > causes it? > > Second, is there anything else not normal in a normal system? > > Thanks > > Mike > >
Guest ms Posted August 13, 2008 Posted August 13, 2008 Re: My process list ms <ms@invalid.com> wrote in news:6geh0jFfddodU1@mid.individual.net: > W2K/SP4, home desktop, DUN, no system issues AFAIK. > > csrss.exe 192 C:\WINNT\system32\csrss.exe Client Server > Runtime Process 5.00.2195.6601. Copyright © Microsoft Corp. > 1981-1999 Explorer.EXE 1068 C:\WINNT\Explorer.EXE Windows > Explorer 5.00.3700.6690. Copyright © Microsoft Corp. 1981-1999 > lsass.exe 256 C:\WINNT\system32\lsass.exe LSA Executable > and Server DLL (Export Version) 5.00.2195.6695. Copyright © > Microsoft Corp. 1981- 1999 > msdtc.exe 480 C:\WINNT\System32\msdtc.exe MS DTC console > program 03.00.00.3504. Copyright © Microsoft Corp. 1995-1999 > MSTask.exe 648 C:\WINNT\system32\MSTask.exe Task Scheduler > Engine 4.71.2195.6704. Copyright © Microsoft Corp. 1997 > services.exe 244 C:\WINNT\system32\services.exe Services > and Controller app 5.00.2195.6700. Copyright © Microsoft Corp. > 1981-1999 smss.exe 168 C:\WINNT\System32\smss.exe Windows > NT Session Manager 5.00.2195.6601. Copyright © Microsoft Corp. > 1981-1999 spoolsv.exe 452 C:\WINNT\system32\spoolsv.exe > Spooler SubSystem App 5.00.2195.6659. Copyright © Microsoft Corp. > 1981-1999 svchost.exe 428 C:\WINNT\system32\svchost.exe > Generic Host Process for Win32 Services 5.00.2134.1. Copyright © > Microsoft Corp. 1981-1999 svchost.exe 596 > C:\WINNT\System32\svchost.exe Generic Host Process for Win32 > Services 5.00.2134.1. Copyright © Microsoft Corp. 1981-1999 > winlogon.exe 216 C:\WINNT\system32\winlogon.exe Windows NT > Logon Application 5.00.2195.6714. Copyright © Microsoft Corp. 1981- > 1999 > WinMgmt.exe 700 C:\WINNT\System32\WBEM\WinMgmt.exe Windows > Management Instrumentation 1.50.1085.0100. Copyright © Microsoft > Corp. 1995-1999 > > This is my list of active processes, I omitted my utilities/drivers, > the question relates to the MS processes. > > First, I notice 2 active files of "svchost.exe"- is that normal, or > what causes it? > > Second, is there anything else not normal in a normal system? > > Thanks > > Mike > > Thanks to all Mike
Guest ms Posted August 13, 2008 Posted August 13, 2008 Re: My process list "John John (MVP)" <audetweld@nbnet.nb.ca> wrote in news:#IcAvfN$IHA.4684@TK2MSFTNGP04.phx.gbl: > There is nothing unusual in your list, perhaps it is uncommon to have > the Distributed Transaction Coordinator service (msdtc.exe) running on > a > home machine but there may be a valid reason to have it running. > Having multiple instances of Svchost,exe running is perfectly normal, > see the following for more information: > > Description of Svchost.exe in Windows 2000 > http://support.microsoft.com/kb/250320/ > > John > > ms wrote: > >> W2K/SP4, home desktop, DUN, no system issues AFAIK. >> >> csrss.exe 192 C:\WINNT\system32\csrss.exe Client Server >> Runtime Process 5.00.2195.6601. Copyright © Microsoft Corp. >> 1981-1999 Explorer.EXE 1068 C:\WINNT\Explorer.EXE Windows >> Explorer 5.00.3700.6690. Copyright © Microsoft Corp. 1981-1999 >> lsass.exe 256 C:\WINNT\system32\lsass.exe LSA Executable >> and Server DLL (Export Version) 5.00.2195.6695. Copyright © >> Microsoft Corp. 1981- 1999 >> msdtc.exe 480 C:\WINNT\System32\msdtc.exe MS DTC console >> program 03.00.00.3504. Copyright © Microsoft Corp. 1995-1999 >> MSTask.exe 648 C:\WINNT\system32\MSTask.exe Task >> Scheduler Engine 4.71.2195.6704. Copyright © Microsoft Corp. 1997 >> services.exe 244 C:\WINNT\system32\services.exe Services >> and Controller app 5.00.2195.6700. Copyright © Microsoft Corp. >> 1981-1999 smss.exe 168 C:\WINNT\System32\smss.exe Windows >> NT Session Manager 5.00.2195.6601. Copyright © Microsoft Corp. >> 1981-1999 spoolsv.exe 452 C:\WINNT\system32\spoolsv.exe >> Spooler SubSystem App 5.00.2195.6659. Copyright © Microsoft Corp. >> 1981-1999 svchost.exe 428 C:\WINNT\system32\svchost.exe >> Generic Host Process for Win32 Services 5.00.2134.1. Copyright © >> Microsoft Corp. 1981-1999 svchost.exe 596 >> C:\WINNT\System32\svchost.exe Generic Host Process for Win32 >> Services 5.00.2134.1. Copyright © Microsoft Corp. 1981-1999 >> winlogon.exe 216 C:\WINNT\system32\winlogon.exe Windows >> NT Logon Application 5.00.2195.6714. Copyright © Microsoft Corp. >> 1981- 1999 >> WinMgmt.exe 700 C:\WINNT\System32\WBEM\WinMgmt.exe >> Windows Management Instrumentation 1.50.1085.0100. Copyright © >> Microsoft Corp. 1995-1999 >> >> This is my list of active processes, I omitted my utilities/drivers, >> the question relates to the MS processes. >> >> First, I notice 2 active files of "svchost.exe"- is that normal, or >> what causes it? >> >> Second, is there anything else not normal in a normal system? >> >> Thanks >> >> Mike >> >> Thanks for the link. Mike
Guest John John (MVP) Posted August 13, 2008 Posted August 13, 2008 Re: My process list ms wrote: > Thanks for the link. You're welcome. John
Recommended Posts