IPAddr

The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging.

Svchost.exe groups are identified in the following registry key:


  HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost
Each value under this key represents a separate Svchost group and appears as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service names that are extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service
` To view the list of services that are running in Svchost:
  1. Click Start on the Windows taskbar, and then click Run.
  2. In the Open box, type CMD, and then press ENTER.
  3. Type Tasklist /SVC, and then press ENTER.

Tasklist displays a list of active processes. The /SVC switch shows the list of active services in each process. For more information about a process, type the following command, and then press ENTER:


  Tasklist /FI "PID eq processID" (with the quotation marks)


  TASKLIST [/S system [/U username [/P [password]]]] [/M [module] | /SVC | /V] 
           [/FI filter] [/FO format] [/NH]

  Description: This command line tool displays a list of application(s) and 
  associated task(s)/process(es) currently running on either a local or remote system.

  Parameter List:
    /S   system        Remote system to connect to.
    /U   [domain\]user User context under which the command should execute.
    /P   [password]    Password for the given user context. Prompts for input if omitted.
    /M   [module]      Lists tasks that have DLL modules loaded matching the given pattern.
                       If no module name given, displays all modules loaded by each task.
    /SVC               Displays services in each process.
    /V                 Specifies that the verbose information is to be displayed.
    /FI  filter        Displays tasks that match a given criteria specified by the filter.
    /FO  format        Specifies the output format. Valid values: "TABLE", "LIST", "CSV".
    /NH                Specifies that no "Column Header" be displayed in the output.
                       Valid only for "TABLE" and "CSV" formats.
    /?                 Displays this help/usage.

  Filters:
    Filter Name     Valid Operators           Valid Value(s)
    -----------     ---------------           --------------
    STATUS          eq, ne                    RUNNING | NOT RESPONDING
    IMAGENAME       eq, ne                    Image name
    PID             eq, ne, gt, lt, ge, le    PID value
    SESSION         eq, ne, gt, lt, ge, le    Session number
    SESSIONNAME     eq, ne                    Session name
    CPUTIME         eq, ne, gt, lt, ge, le    CPU time in the format of hh:mm:ss.
    MEMUSAGE        eq, ne, gt, lt, ge, le    Memory usage in KB
    USERNAME        eq, ne                    User name in [domain\]user format
    SERVICES        eq, ne                    Service name
    WINDOWTITLE     eq, ne                    Window title
    MODULES         eq, ne                    DLL name

  Examples:
    TASKLIST
    TASKLIST /M
    TASKLIST /V
    TASKLIST /SVC
    TASKLIST /M wbem*
    TASKLIST /S system /FO LIST
    TASKLIST /S system /U domain\username /FO CSV /NH
    TASKLIST /S system /U username /P password /FO TABLE /NH
    TASKLIST /FI "USERNAME ne NT AUTHORITY\SYSTEM" /FI "STATUS eq running"

Examples from my computer
========================= ====== ============ ======== ============
Image Name                   PID Session Name Session#    Mem Usage
========================= ====== ============ ======== ============
ati2evxx.exe                1464                     0      2,660 K
atiptaxx.exe                2628                     0      3,872 K
CAPPActiveProtection.exe    2968                     0      8,656 K
CAVRid.exe                  3188                     0      4,440 K
CAVTray.exe                 3304                     0      6,000 K
cctray.exe                  2660                     0     11,360 K
cmd.exe                      856                     0      3,604 K
csrss.exe                    456                     0      4,748 K
ctfmon.exe                  3372                     0      4,676 K
cvpnd.exe                   1604                     0      7,276 K
EmailAgent.exe              1564                     0      3,688 K
explorer.exe                2104                     0     27,140 K
iexplore.exe                 296                     0     43,860 K
inetinfo.exe                 356                     0     11,300 K
iSafe.exe                   1492                     0     13,232 K
ITMRTSVC.exe                 552                     0      2,752 K
lsass.exe                   1120                     0      1,748 K
MailWasher.exe              1312                     0     17,276 K
MDM.EXE                      824                     0      3,620 K
msnmsgr.exe                 3880                     0     32,412 K
qttask.exe                  2712                     0      3,060 K
services.exe                1060                     0      5,296 K
Skype.exe                   3600                     0     24,264 K
slserv.exe                   428                     0      1,380 K
smss.exe                    2028                     0        376 K
soundman.exe                2896                     0      3,928 K
spoolsv.exe                  860                     0      7,480 K
sqlservr.exe                1240                     0     14,420 K
svchost.exe                  400                     0      4,428 K
svchost.exe                  508                     0      5,124 K
svchost.exe                  788                     0      4,848 K
svchost.exe                 1084                     0      5,540 K
svchost.exe                 1152                     0      7,476 K
svchost.exe                 1936                     0      4,336 K
svchost.exe                 1952                     0      4,696 K
svchost.exe                 3988                     0     14,008 K
SynTPEnh.exe                2828                     0      4,352 K
SynTPLpr.exe                2804                     0      2,768 K
System                         4                     0        208 K
System Idle Process            0                     0         16 K
tasklist.exe                2408                     0      5,380 K
taskmgr.exe                 2416                     0      1,748 K
TaskSwitch.exe              3024                     0      2,728 K
transtask.exe               3420                     0      5,140 K
uphclean.exe                1800                     0      1,852 K
VetMsg.exe                  2876                     0      4,880 K
wdfmgr.exe                  1144                     0      2,616 K
winlogon.exe                 904                     0      2,256 K
wmiprvse.exe                1892                     0      6,928 K
wuauclt.exe                 2700                     0     18,720 K

========================= ====== =============================================
Image Name                   PID Services
========================= ====== =============================================
ati2evxx.exe                1464 Ati HotKey Poller
atiptaxx.exe                2628 N/A
CAPPActiveProtection.exe    2968 N/A
CAVRid.exe                  3188 N/A
CAVTray.exe                 3304 N/A
cctray.exe                  2660 N/A
cmd.exe                      856 N/A
csrss.exe                    456 N/A
ctfmon.exe                  3372 N/A
cvpnd.exe                   1604 CVPND
EmailAgent.exe              1564 Persits Software EmailAgent
explorer.exe                2104 N/A
iexplore.exe                 296 N/A
inetinfo.exe                 356 IISADMIN, SMTPSVC, W3SVC
iSafe.exe                   1492 CAISafe
ITMRTSVC.exe                 552 ITMRTSVC
lsass.exe                   1120 Netlogon, PolicyAgent, ProtectedStorage, SamSs
MailWasher.exe              1312 N/A
MDM.EXE                      824 MDM
msnmsgr.exe                 3880 N/A
qttask.exe                  2712 N/A
services.exe                1060 Eventlog, PlugPlay
Skype.exe                   3600 N/A
slserv.exe                   428 SLService
smss.exe                    2028 N/A
soundman.exe                2896 N/A
spoolsv.exe                  860 Spooler
sqlservr.exe                1240 MSSQLSERVER
svchost.exe                  400 Dnscache
svchost.exe                  508 stisvc
svchost.exe                  788 DcomLaunch
svchost.exe                 1084 RpcSs
svchost.exe                 1152 SSDPSRV, WebClient
svchost.exe                 1936 HTTPFilter
svchost.exe                 1952 usnsvc
svchost.exe                 3988 EventSystem, helpsvc, Nla, RasMan, Schedule,
svchost.exe                 3989 SENS, TapiSrv, Themes, winmgmt
SynTPEnh.exe                2828 N/A
SynTPLpr.exe                2804 N/A
System                         4 N/A
System Idle Process            0 N/A
tasklist.exe                3512 N/A
taskmgr.exe                 2416 N/A
TaskSwitch.exe              3024 N/A
transtask.exe               3420 N/A
uphclean.exe                1800 UPHClean
VetMsg.exe                  2876 VETMSGNT
wdfmgr.exe                  1144 UMWdf
winlogon.exe                 904 N/A
wmiprvse.exe                1892 N/A
wuauclt.exe                 2700 N/A