بسم الله الرحمن الرحيم
السلام عليكم ورحمة الله
ماهية ملف (svchost.exe) !! وحقيقته .
مقدمة :
قد يكون العنوان غريب بعض الشئ وكثيرنا لا يعرف ماهو هذا الملف أو بالأحرى برنامج مايكروسوفت ، وللأسف المنتديات العربيه بدأت تفتى فى الموضوع وده فيرس ده ملف خطر والكلام من ده ، وموقع دعم مايكروسوفت كتب مقاله راائعه بخصوص البرنامج ده ، ومذكرش ان البرنامج ده فيرس او اى شئ من كلام المنتديات، عمالين نقول ، فين البرنامج ده ، البرنامج ده موجود فى التاسك مانجر فى تبويب (processes) .
svchost.exe
ليس فيروس و لا ملف ضار أصلا بل هو اسم مضيّف عام للخدمات التي تنطلق من مكتبات الروابط DLL وهي مكتبة تضم العديد من الملفات التي تشتمل على دوال تنفيذية يمكن تحميلها وتشغيلها من خلال تطبيقاتمختلفة. وتوفر بذلك مجموعة من الخدمات الأساسية التي يمكن طلبها من خلال أي برنامج دون الحاجة لأن تتضمن هذه البرامج هذه الخدمات داخلها ، وإنما تقوم باستدعائها وتحميلها إلى الذاكرة وتشغيلهاوقت الحاجة إليها فقط .
الشركة المصنعة .
شركة مايكروسوفت .
لا توجد أية أخطار أمنية من هذا التطبيق (فيروس / تروجان / دودة/برامج تجسس)
الأخطاء المشتركة : لا توجد.
الأخطاء المشتركة : لا توجد.
مكانه :
في مفتاح الريجستري التالي :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
نظرة عن كثب :
هو جزء لا يتجزاء من ويندوز إكس بي وويندوز 2000 لأنه ضروري لبعض البرامج التي قد تحتاجها لكي تعمل ... نعم يمكن أَن يكون هناك فايروس في جهازك ، ويمكن أَن يختار لنفسه إسماً يشبه svchost. exe .. ووجوده بجهازك لا يعني بأن جهاز مصاب بفايروس. . لأن أي جهاز يعمل بنظام ويندوز xp سيكون به أكثر من أو 5 نسخ من svchost. exe لكي يشغل برامجه . الوحيدون الذي لن يروا svchost. exe هم أولئك الذين يستخدمون win9x لأنه غير موجود بهذه الإصدارات من ويندوز .
ومن المضحك أن تشير بعض المنتديات إلى وجود فيروس خطير فقط لأنهم وجدوا svchost. exe، مما يسدفع الناس الى الاعتقاد بأن svchost. exe ما هو الإ فايروس مدمر أصاب جهازه . لتتأكد من خلو جهازك من وجود فايروس عليك باستخدام أحد البرامج مثل adaware فهو برنامج
معروف وقوي.
ملف Svchost.exe موجود مسار النظام SystemRoot\System32 folder. في بدء التشغيل ، فهو يقوم بعمل التدقيق اللازم في جزء خدمات الرجيستري لبِناء قائمة الخدمات التي يحتاجها لتحميل برامجه .
وكل Svchost.exe تحتوي على مجموعة خدمات تقوم بتعديل مسارات البرامج لكي تعمل بشكل سلس وذلك عن طريق السيطرة على المسارات وإعطاء كل برنامج دورة للعمل حسب ترتيب البداية.
مجموعات Svchost.exe الميمزة في مفتاح الريجستري كالتالي :
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost
كل قيمة تحت هذا المفتاح يمثل مجموعة Svchost منفصلة لتضمن تسلسل العمليات النشطة التي يقوم بها الجهاز . كل قيمة REG_MULTI_SZ تساوي وتحتوي تلك الخدمات التي تجري تحت مجموعة Svchost.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic
es\Service
وهنا نشاهد العينة التالية من Tlist يظهر فيها حالتان من الملف Svchost.exe وهي في حالة نشاط :
0 System Process
8 System
132 smss.exe
160 csrss.exe Title: 180 winlogon.exe Title: NetDDE Agent
208 services.exe Svcs: AppMgmt,Browser,Dhcp,dmserver,Dnscache,Eventlog,la nmanserver,LanmanWorkstation,LmHosts,Messenger,Plu gPlay,ProtectedStorage,seclogon,TrkWks,W32Time,Wmi
220 lsass.exe Svcs: Netlogon,PolicyAgent,SamSs
404 svchost.exe Svcs: RpcSs
452 spoolsv.exe Svcs: Spooler
544 cisvc.exe Svcs: cisvc
556 svchost.exe Svcs: EventSystem,Netman,NtmsSvc,RasMan,SENS,TapiSrv
580 regsvc.exe Svcs: RemoteRegistry
596 mstask.exe Svcs: Schedule
660 snmp.exe Svcs: SNMP
728 winmgmt.exe Svcs: WinMgmt
852 cidaemon.exe Title: OleMainThreadWndName
812 explorer.exe Title: Program Manager
1032 OSA.EXE Title: Reminder
1300 cmd.exe Title: D:WINNT5System32cmd.exe - tlist -s
1080 MAPISP32.EXE Title: WMS Idle
1264 rundll32.exe Title: 1000 mmc.exe Title: Device Manager
1144 tlist.exe
إعدادات الريجستري للمجموعيتين السابقتين في المثال السابق كالتّالي :
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost:
netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
rpcss :Reg_Multi_SZ: RpcSs
مقالة مايكروسوفت :
This article describes Svchost.exe and its functions. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).
Note Tasklist is not included in Windows XP Home Edition. This article is intended for advanced users in commercial environments. If you are not comfortable with advanced information, you might want to ask someone for help or contact support. For information about how to contact support, visit the following Microsoft Web site:
Note Tasklist is not included in Windows XP Home Edition. This article is intended for advanced users in commercial environments. If you are not comfortable with advanced information, you might want to ask someone for help or contact support. For information about how to contact support, visit the following Microsoft Web site:
The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services allows for better control and easier debugging.
Svchost.exe groups are identified in the following registry key:
The registry setting for the two groupings for this example are as follows: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost:
Netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
RApcss :Reg_Multi_SZ: RpcSs
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost
Each value under this key represents a separate Svchost group and appears as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service names that are extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service
To view the list of services that are running in Svchost: - Click Start on the Windows taskbar, and then click Run.
- In the Open box, type CMD, and then press ENTER.
- Type Tasklist /SVC, and then press ENTER.
Tasklist /FI "PID eq processID" (with the quotation marks)
The following example of Tasklist output shows two instances of Svchost.exe that are running. Image Name PID Services
========================================================================
System Process 0 N/A
System 8 N/A
Smss.exe 132 N/A
Csrss.exe 160 N/A
Winlogon.exe 180 N/A
Services.exe 208 AppMgmt,Browser,Dhcp,Dmserver,Dnscache,
Eventlog,LanmanServer,LanmanWorkstation,
LmHosts,Messenger,PlugPlay,ProtectedStorage,
Seclogon,TrkWks,W32Time,Wmi
Lsass.exe 220 Netlogon,PolicyAgent,SamSs
Svchost.exe 404 RpcSs
Spoolsv.exe 452 Spooler
Cisvc.exe 544 Cisvc
Svchost.exe 556 EventSystem,Netman,NtmsSvc,RasMan,
SENS,TapiSrv
Regsvc.exe 580 RemoteRegistry
Mstask.exe 596 Schedule
Snmp.exe 660 SNMP
Winmgmt.exe 728 WinMgmt
Explorer.exe 812 N/A
Cmd.exe 1300 N/A
Tasklist.exe 1144 N/A
Netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
RApcss :Reg_Multi_SZ: RpcSs
مقالة يونى بلو :
Windows errors related to svchost.exe?
The file svchost.exe is the Generic Host Process for Win32 Services used for administering 16-bit-based dynamically linked library files (DLL files) including other supplementary support applications.
As operating systems became more complex Microsoft decided to run more software functionality from a dynamic link library (DLL) interface. However DLLs are unable to launch themselves and require at least one executable program, i.e. svchost.exe, is needed to bridge between the library process and the operating system.
Through the solitary file svchost.exe, the DLLs efficiently contain and dispense Win32 services as well as neatly facilitate the execution of svchost.exe’s own operations. Acting as a host, the file svchost.exe creates multiple instances of itself. The multiple executions of the file svchost.exe contribute to the stability and security of the operating system by reducing the possibility of a crashing process that causes a domino effect on its neighbor processes, thereby creating a system-wide crash in the machine. We strongly recommend that you run a FREE registry scan to identify svchost.exe related errors.
Other instances of SVCHOST.EXE:
1) svchost.exe is a process registered as a backdoor vulnerability which may be installed for malicious purposes by an attacker allowing access to your computer from remote locations, stealing passwords, Internet banking and personal data. If unaccounted for, this process should be removed immediately. Click here to run a free registry scan now.
2) svchost.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. Click here to run a free registry scan now.
3) svchost.exe is a process belonging to Microsoft Service Host Process. This could also be a stealth monitoring software that sits in the background and tracks all activities such as keyboard input (including websites visited, passwords etc.) This information can be sent to third parties through email or ftp uploads. If you did not intentionally install this program make sure you remove it to protect your privacy. Click here to run a free registry scan now.
As operating systems became more complex Microsoft decided to run more software functionality from a dynamic link library (DLL) interface. However DLLs are unable to launch themselves and require at least one executable program, i.e. svchost.exe, is needed to bridge between the library process and the operating system.
Through the solitary file svchost.exe, the DLLs efficiently contain and dispense Win32 services as well as neatly facilitate the execution of svchost.exe’s own operations. Acting as a host, the file svchost.exe creates multiple instances of itself. The multiple executions of the file svchost.exe contribute to the stability and security of the operating system by reducing the possibility of a crashing process that causes a domino effect on its neighbor processes, thereby creating a system-wide crash in the machine. We strongly recommend that you run a FREE registry scan to identify svchost.exe related errors.
Other instances of SVCHOST.EXE:
1) svchost.exe is a process registered as a backdoor vulnerability which may be installed for malicious purposes by an attacker allowing access to your computer from remote locations, stealing passwords, Internet banking and personal data. If unaccounted for, this process should be removed immediately. Click here to run a free registry scan now.
2) svchost.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. Click here to run a free registry scan now.
3) svchost.exe is a process belonging to Microsoft Service Host Process. This could also be a stealth monitoring software that sits in the background and tracks all activities such as keyboard input (including websites visited, passwords etc.) This information can be sent to third parties through email or ftp uploads. If you did not intentionally install this program make sure you remove it to protect your privacy. Click here to run a free registry scan now.
Warning: Multiple instances of SVCHOST may be running on your pc at one time. Some of these may or may not be the legitimate versions.
Scan for SVCHOST.EXE related errors
Scan for SVCHOST.EXE related errors
بعض ما قيل عن برنامج مايكروسوفت :
Svchost.exe Virus Guide
Some people report a single instance of svchost which takes up 99% of their computer’s resources – meaning a dead stop for everything else. What’s worse is that when there are multiple instances of svchost they are often competing for the same memory space, meaning none of them get to finish what they are trying to do, and neither do you! Before you take the steps to repair svchost, it’s a good idea to understand how this program works and what it does.
The svchost file is required to run these files as there is no executable. The .dlls called by the svchost executable could be for automatic updates or other legitimate programs, or they can be used to mask less benign programs.
Since there are many different services required by your computer there could be several instances of svchost.exe running on your computer, and they could all be taking up different amounts of your computer’s memory. A problem tends to arise when one .dll can’t complete its task, which in turn bogs down the rest of the svchost programs. Unfortunately, the svchost.exe is used as a favourite access point for viruses and other malicious programs, especially with Windows XP which has had serious issues with svchost in the past, although most of these issues have now been patched.
However, if you see instances of svchost it is a good idea to run a virus scan, just to be sure that nothing has crept in. Usually you will have a good indication that the svchost.exe is masking a virus or some other major problem when it is using 50% or more of your computer’s resources. The svchost can also become corrupted and cause problems when you install and remove programs, which shifts around the .dll files. So what do you do to fix svchost? While it’s a good idea to download a good registry scanner, you may want to do some more investigating to find the root cause of the problem before you begin.
Svchost.exe Virus & Svchost Information Guide!
On occasion you may notice that your computer is running terribly slow. Curious to discover the problem you open up the task manager, and find something similar to the following: There may just be one svchost, or several – but combined they are bogging down your computer.
Some people report a single instance of svchost which takes up 99% of their computer’s resources – meaning a dead stop for everything else. What’s worse is that when there are multiple instances of svchost they are often competing for the same memory space, meaning none of them get to finish what they are trying to do, and neither do you! Before you take the steps to repair svchost, it’s a good idea to understand how this program works and what it does.
What is Svchost.exe Exactly?
Svchost is a shell program that is used to run many different services on your pc. These services are contained in .dll (dynamic link library) files, and run separately from other programs you may be using on your PC.The svchost file is required to run these files as there is no executable. The .dlls called by the svchost executable could be for automatic updates or other legitimate programs, or they can be used to mask less benign programs.
Since there are many different services required by your computer there could be several instances of svchost.exe running on your computer, and they could all be taking up different amounts of your computer’s memory. A problem tends to arise when one .dll can’t complete its task, which in turn bogs down the rest of the svchost programs. Unfortunately, the svchost.exe is used as a favourite access point for viruses and other malicious programs, especially with Windows XP which has had serious issues with svchost in the past, although most of these issues have now been patched.
However, if you see instances of svchost it is a good idea to run a virus scan, just to be sure that nothing has crept in. Usually you will have a good indication that the svchost.exe is masking a virus or some other major problem when it is using 50% or more of your computer’s resources. The svchost can also become corrupted and cause problems when you install and remove programs, which shifts around the .dll files. So what do you do to fix svchost? While it’s a good idea to download a good registry scanner, you may want to do some more investigating to find the root cause of the problem before you begin.
How to Remove Svchost.exe Virus in Just Under 3 Minutes
أدينا شفنا مقالات المواقع والمنتديات وبينهم اللى بيقول نعطل البرنامج ده ومنهم اللى يقول نسيبه ده مهم ، ناخد بأى رأى ، والله ان ارجح رأى انك متعطلهوش ، انت كده بتخرب نظامك بايدك لو عطلته عشان فيه تطبيقات مش هتشتغل والبرنامج ده هو المسئول عن التطبيقات دى انو يشغلها .
تحميل ملف (svchost.exe) :
تفعيل (svchost.exe) مفتاح ريجيسترى :
المصادر المعتمد عليها فى الشرح :
Uniblue
wikipidia
microsoftsupport
Svchost.exe Guides & Virus Removal
شبكة الحاسوب السلفية
تنبيه : المرجوا عدم نسخ الموضوع بدون ذكر مصدره المرفق بالرابط المباشر للموضوع الأصلي وإسم المدونة وشكرا
:))
;))
;;)
:D
;)
:p
:((
:)
:(
=((
=))
:-*
:x
b-(
:-t
8-}
1 التعليقات:
كلامك اقنعني شكرا