svchost.exe

Discussion in 'Tech Talk' started by ANGELL, Jan 2, 2004.

  1. ANGELL

    ANGELL
    [OP]
    Triple door fridge made it kid

    Joined:
    Jun 23, 2003
    Messages:
    4,930
    Likes Received:
    18
    Location:
    Hammonds Plains
    yeah its killing my computer it slows it down almost to a stand still, it is running at like 50-70 of my CPU usage, why the hell is it so high?
     
  2. DJQ

    DJQ
    New Member

    Joined:
    Jun 3, 2003
    Messages:
    7,401
    Likes Received:
    0
    Location:
    Aliant
    SUMMARY
    This article describes Svchost.exe and its functions. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).
    MORE INFORMATION
    The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started. This allows for better control and easier debugging.

    Svchost.exe groups are identified in the following registry key:
    HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost

    Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service names that are extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service

    To view the list of services that are running in Svchost:
    Click Start on the Windows taskbar, and then click Run.
    In the Open box, type CMD, and then press ENTER.
    Type Tasklist /SVC, and then press ENTER.
    Tasklist displays a list of active processes. The /SVC switch shows the list of active services in each process. For further information about a process, type the following command, and then press ENTER:
    Tasklist /FI "PID eq processID" (with the quotation marks)

    The following example of Tasklist output shows two instances of Svchost.exe that are running. Image Name PID Services
    ========================================================================
    System Process 0 N/A
    System 8 N/A
    Smss.exe 132 N/A
    Csrss.exe 160 N/A
    Winlogon.exe 180 N/A
    Services.exe 208 AppMgmt,Browser,Dhcp,Dmserver,Dnscache,
    Eventlog,LanmanServer,LanmanWorkstation,
    LmHosts,Messenger,PlugPlay,ProtectedStorage,
    Seclogon,TrkWks,W32Time,Wmi
    Lsass.exe 220 Netlogon,PolicyAgent,SamSs
    Svchost.exe 404 RpcSs
    Spoolsv.exe 452 Spooler
    Cisvc.exe 544 Cisvc
    Svchost.exe 556 EventSystem,Netman,NtmsSvc,RasMan,
    SENS,TapiSrv
    Regsvc.exe 580 RemoteRegistry
    Mstask.exe 596 Schedule
    Snmp.exe 660 SNMP
    Winmgmt.exe 728 WinMgmt
    Explorer.exe 812 N/A
    Cmd.exe 1300 N/A
    Tasklist.exe 1144 N/A

    The registry setting for the two groupings for this example are as follows:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost:
    Netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
    RApcss :Reg_Multi_SZ: RpcSs


    The information in this article applies to:
    Microsoft Windows XP Professional
     
  3. Evil_Jeanyus

    Invisible mode

    Joined:
    Dec 10, 2003
    Messages:
    1,697
    Likes Received:
    0
    Location:
    Toronto
    only delete it if it's running multiple times
     
  4. Davan

    do what now?

    Joined:
    Jun 18, 2003
    Messages:
    1,876
    Likes Received:
    0
    Location:
    Calgary
    It's perfectly normal for it to be running multiple times, as it can be running separate services from DLL's in each instance.
     

Share This Page