chadi
December 12th 03, 06:42 PM
Hello,
when a user tries to logon
svchost.exe uses 80% of CPU
I used tasklist /svc and its results is below
Q: CAN you please help me to identify this
svchost with PID 1392 ( shown below )
and how can I disble it from starting at logon?
btw, I have a svchost.exe file with a smiley icon in my
windows directory ( This is a NOT a Microsoft version )
and another one with a regular application icon in
windows\system32 ( This is a Microsoft version )
Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
SMSS.EXE 360 N/A
CSRSS.EXE 416 N/A
WINLOGON.EXE 440 N/A
SERVICES.EXE 484 Eventlog, PlugPlay
LSASS.EXE 496 PolicyAgent,
ProtectedStorage, SamSs
SVCHOST.EXE 648 RpcSs
SVCHOST.EXE 672 AudioSrv, Browser,
CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver,
lanmanworkstation, Messenger,
Netman, Nla, RasAuto,
RasMan, Schedule,
seclogon, SENS,
ShellHWDetection, srservice,
TapiSrv, TermService,
Themes, TrkWks,
uploadmgr, W32Time,
winmgmt, wuauserv, WZCSVC
SVCHOST.EXE 844 Dnscache
SVCHOST.EXE 860 LmHosts, RemoteRegistry,
SSDPSRV
SPOOLSV.EXE 972 Spooler
EXPLORER.EXE 1272 N/A
SVCHOST.EXE 1392 N/A
CFD.EXE 1456 N/A
evntsvc.exe 1472 N/A
MSNMSGR.EXE 1488 N/A
mmc.exe 1608 N/A
NPROTECT.EXE 1768 NProtectService
NVSVC32.EXE 1800 NVSvc
SVCHOST.EXE 1888 stisvc
WANMPSVC.EXE 1932 WANMiniportService
TASKMGR.EXE 1044 N/A
NOTEPAD.EXE 1060 N/A
CMD.EXE 1080 N/A
tasklist.exe 1028 N/A
wmiprvse.exe 1368 N/A
when a user tries to logon
svchost.exe uses 80% of CPU
I used tasklist /svc and its results is below
Q: CAN you please help me to identify this
svchost with PID 1392 ( shown below )
and how can I disble it from starting at logon?
btw, I have a svchost.exe file with a smiley icon in my
windows directory ( This is a NOT a Microsoft version )
and another one with a regular application icon in
windows\system32 ( This is a Microsoft version )
Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
SMSS.EXE 360 N/A
CSRSS.EXE 416 N/A
WINLOGON.EXE 440 N/A
SERVICES.EXE 484 Eventlog, PlugPlay
LSASS.EXE 496 PolicyAgent,
ProtectedStorage, SamSs
SVCHOST.EXE 648 RpcSs
SVCHOST.EXE 672 AudioSrv, Browser,
CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver,
lanmanworkstation, Messenger,
Netman, Nla, RasAuto,
RasMan, Schedule,
seclogon, SENS,
ShellHWDetection, srservice,
TapiSrv, TermService,
Themes, TrkWks,
uploadmgr, W32Time,
winmgmt, wuauserv, WZCSVC
SVCHOST.EXE 844 Dnscache
SVCHOST.EXE 860 LmHosts, RemoteRegistry,
SSDPSRV
SPOOLSV.EXE 972 Spooler
EXPLORER.EXE 1272 N/A
SVCHOST.EXE 1392 N/A
CFD.EXE 1456 N/A
evntsvc.exe 1472 N/A
MSNMSGR.EXE 1488 N/A
mmc.exe 1608 N/A
NPROTECT.EXE 1768 NProtectService
NVSVC32.EXE 1800 NVSvc
SVCHOST.EXE 1888 stisvc
WANMPSVC.EXE 1932 WANMiniportService
TASKMGR.EXE 1044 N/A
NOTEPAD.EXE 1060 N/A
CMD.EXE 1080 N/A
tasklist.exe 1028 N/A
wmiprvse.exe 1368 N/A