I've been on a mission to decrease windows startup time and increase performance of my new Vista Computer. I have cut down on the number of services that need to be started and have been making some pretty good progress. I often check task manager to see how many process are running, and constantly see several svchost.exe processes.
How can I find out what is starting this process?
I can understand your confusion with svchost.exe. It seems like it's a "mystery" process that continues to multiply the longer Windows is running. But there is good reason why this process exists.
Some Components of Windows, that are implemented as Services, are known as Programs (executable) and run the background. These Programs are known as stand alone programs.
Another type of program exist, known as DLL's, which are a library of functions, that can not be implemented as a Service and run in the background on it's own. Because of this, a program named svchost.exe exist to run programs, implemented as DLL's, as a service.
Still confused? Let's take a visual look and see what programs (DLL's) are running that have been started by svchost.exe.
Open a command prompt and enter:
tasklist /svc /FI "IMAGENAME eq svchost.exe"
The above command will list all the svchost.exe processes and display the programs (DLL's) that have been started by svchost.exe.
Below is the output from my Computer (I have formatted so it can be viewed easily):
C:\Users\wtn>tasklist /svc /FI "IMAGENAME eq svchost.ex"e
Image Name PID Services
=========== ==== ========
svchost.exe 768 DcomLaunch, PlugPlay
svchost.exe 828 RcSs
svchost.exe 856 WinDefend
svchost.exe 1012 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
svchost.exe 1036 AudioEndpointBuilder, Netman, PcaSvc,
SysMain, TrkWks, UxSms, WdiSystemHost,
Wlansvc, WPDBusEnum, wudfsvc
svchost.exe 1048 AeLookupSvc, BITS, EapHost, gpsvc,
LanmanServer, MMCSS, ProfSvc, RasMan,
Schedule, seclogon, SENS, ShellHWDetection,
Themes, Winmgmt, wuauserv
svchost.exe 1224 EventSystem, fdPHost, FDResPub,
LanmanWorkstation, netprofm, nsi, SSDPSRV,
upnphost, W32Time, wcncsvc, WebClient
svchost.exe 1404 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv
svchost.exe 1608 BFE, DPS
svchost.exe 2000 stisvc
svchost.exe 340 WerSvc
Notice, I have ten instances of svchost.exe running with some of them responsible for starting multiple programs. You can clearly see what the programs are, such as Dnscache, Schedule, and. Windefend.
It's unknown as to exactly how and why svchost.exe runs in this fashion, but it may be for performance and troubleshooting (debugging) reasons.
Since the outout also displays the PID (Process Identification), you can then look at task Manager and see how much CPU and Memory each svchost process is consuming.
If you are not a fan of the command prompt, you can use the tool Process Explorer for identifing processes started by svchost.exe.
With Process Explorer, just mouse over the process and it will display all the services running inside svchost,exe. To get more information such as, CPU, memory, etc, right click on the process and select Properties.
To get more information such as, CPU, memory, etc, right click on the process and select Properties.
As you can see svchost.exe is one process you do not want to kill or prevent from starting.
No comments:
Post a Comment