Author Topic: A list of all system processes and files in Windows, as of XP.  (Read 2464 times)

0 Members and 1 Guest are viewing this topic.

13thSlayer

  • Guest
A list of all system processes and files in Windows, as of XP.
« on: October 10, 2010, 06:10:12 AM »
Most malware can be found by antivirs, however sometimes it's possible to see it yourself. One of a very common symptoms is that you have a weird process running. If you don't know which processes are system ones, you probably won't be able to tell them and malware apart. Here is a full list of processes I currently have on my system, excluding non-system ones:
smss.exe (Windows Session Manager)
csrss.exe (Client runtime process)
winlogon.exe (System log-in process)
services.exe (System daemon application)
svchost.exe (Common win32 host process. ATTENTION - This process can hold other processes inside. Also, there usually is a whole bunch of these running, like 5)
MDM.EXE (Machine debug manager)
spoolsv.exe (Spooler SubSystem App)
alg.exe (Application Layer Gateway)
lsass.exe (LSA Shell)
rundll32.exe (DLL runner)
ctfmon.exe (CTF Loader)
wuauclt.exe (Windows Update)
There may be other processes which are related to your drivers. E.g. "SOUNDMAN.EXE" is related to Realtek sound cards, SSMMgr - to Samsung printers, etc, etc.
I don't think this list changed much ever since XP. You can always get Process Explorer from www.sysinternals.com to check what this or that process is, what DLLs it has loaded, what files opened...
You can see files here. Note that the wallpapers on my machine have russian names :D
« Last Edit: October 10, 2010, 11:11:02 AM by 13thSlayer »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: A list of all system processes and files in Windows, as of XP.
« Reply #1 on: October 14, 2010, 01:04:36 PM »
Just naming the filenames mean nothing at all. It is also about the location where they are and sometimes even the location is correct but the original file is replaced with a bogus one.
Couple of sites where one can find a process list:
http://www.processid.com/
http://www.tasklist.org/
http://www.liutilities.com/products/wintaskspro/processlibrary/

Another way to check processes/files is HijackThis
Run HijackThis, save the log file and analyze it on at least two online sites.
They can be found at THIS SITE.
Go to the HijackThis section there. It has tutorials, online analyzers etc.