Csrss.exe - You cannot end this process from Task Manager.
This is the user-mode portion of the Win32 subsystem (with Win32.sys being the kernel-mode portion). Csrss stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment.
Csrss는 Client/Server Runtime SubSystem의 약자로서, 윈도우 콘솔을 관장하고, 쓰레드를 생성/삭제하며, 16bit 가상 MS-DOS 모드를 지원하는 Win32 서브시스템의 유저모드입니다.
Explorer.exe - You can end this process from Task Manager.
This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system.
작업표시줄, 바탕화면 등과 같은 유저 쉘을 지원하는 프로세스로 작업관리자를 통해 중지될 수 있습니다.
Internat.exe - You can end this process from Task Manager.
Internat.exe runs at startup; it loads the different input locales specified by the user. The locales to be loaded are taken from the following registry key:
HKEY_USERS\.DEFAULT\Keyboard Layout\Preload
Internat.exe loads the "EN" icon into the system tray, allowing the user to easily switch between locales. This icon disappears when the process is stopped, but the locales can still be changed through Control Panel.
사용자에 따른 입력 로케일을 로드합니다.
Lsass.exe - You cannot end this process from Task Manager.
This is the local security authentication server, and it generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.
Lsass는 Local Security Authentication Server의 약자로서, Winlogon 서비스에 필요한 인증 프로세스를 담당합니다. 이 과정은 Msgina.dll과 같은 인증 패키지를 이용하여 이루어집니다. 인증이 성공적으로 이루어지면 초기 쉘을 실행하는데 사용되는 사용자 액세스 토큰을 생성하고, 사용자가 초기화하느하는 다른 프로세스들은 이 토큰을 상속받게 됩니다.
Mstask.exe - You cannot end this process from Task Manager.
This is the task scheduler service, responsible for running tasks at a time predetermined by the user.
Mstask는 작업 스케쥴러 서비스입니다.
Smss.exe - You cannot end this process from Task Manager.
This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).
Smss는 Session Manager SubSystem의 약자로서, 사용자 세션을 시작하는 기능을 담당합니다. 이 프로세스는 시스템 쓰레드에 의해 실행되며, Winlogon, Win32(Csrss.exe)을 구동시키고, 시스템 변수를 설정합니다. 이러한 과정이 끝나면, Smss는 Winlogon이나 Csrss가 끝나기를 기다려, 정상적인 Winlogon/Csrss 종료시 시스템을 종료시키며, 비정상적인 Winlogon/Csrss 종료시, 시스템이 멎는 상태가 됩니다. (System Hang)
Spoolsv.exe - You cannot end this process from Task Manager.
The spooler service is responsible for managing spooled print/fax jobs.
프린터 및 팩스의 Spooling 기능을 담당합니다.
Svchost.exe - You cannot end this process from Task Manager.
This is a generic process, which acts as a host for other processes running from DLLs; therefore, don't be surprised to see more than one entry for this process. To see what processes are using Svchost.exe, use Tlist.exe from the Windows 2000 CD-ROM; the syntax is tlist -s at the command prompt.
For more information, see the following article : 250320 Description of Svchost.exe in Windows 2000
Svchost는 DLL로부터 실행되는 다른 프로세스들의 host 역할을 해 줍니다. 따라서 작업관리자의 프로세스 창에는 하나 이상의 Svchost.exe가 존재할 수 있습니다. 실제로 어떤 프로세스들이 Svchost상에서 실행되고 있는지 확인하기 위해서는, tlist -s 명령어를 사용하면 됩니다.
Services.exe - You cannot end this process from Task Manager.
This is the Services Control Manager, which is responsible for starting, stopping, and interacting with system services.
Service Control Manager로서, 시스템 서비스들을 시작/정지시키고, 그들간의 상호작용하는 기능을 수행한다.
System - You cannot end this process from Task Manager.
Most system kernel-mode threads run as the System process.
대부분의 커널모드 쓰레드들의 시작점이 되는 프로세스입니다.
System Idle Process - You cannot end this process from Task Manager.
This process is a single thread running on each processor, which has the sole task of accounting for processor time when the system isn't processing other threads. In Task Manager, expect this process to account for the majority of processor time.
각 CPU마다 하나씩 실행되는 쓰레드로서, (개인용 컴퓨터의 경우 CPU가 여러 개 들어가 있지는 않겠죠?), 말 그대로 idle 프로세스입니다. 놀고 있다는 얘기죠. System Idle Process의 CPU 점유율이 높을수록, 컴터가 많이 놀고 있다는 뜻입니다.
Taskmgr.exe - You can end this process from Task Manager.
This is the process for Task Manager itself.
Task Manager 즉, 작업관리자 자신입니다.
Winlogon.exe - You cannot end this process from Task Manager.
This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.
사용자 로그인/로그오프를 담당하는 프로세스입니다. 윈도우의 시작/종료시에 활성화 되며, 또한 Ctrl-Alt-Del을 눌렀을 경우에도 활성화됩니다.
Winmgmt.exe - You cannot end this process from Task Manager.
Winmgmt.exe is a core component of client management in Windows 2000. This process initializes when the first client application connects or continuously when management applications request its services.
클라이언트 관리의 핵심 요소입니다.
Many of the processes that cannot be ended from Task Manager can be ended using the Resource Kit utility kill.exe. However, this command may cause system failure or other unwanted side effects.
위에 기술한 프로세스들 중에서, 작업관리자에서 [프로세스 끝내기]로 종료시킬 수 있는 프로세스는 Explorer.exe, Internat.exe, Taskmgr.exe 뿐입니다.
나머지 프로세스들은 윈도우를 정상적으로 운영하는데 있어 필수적인 프로세스들로서, 작업관리자에서 종료시킬 수 없습니다. 단, 이러한 프로세스들도 Resource Kit의 kill.exe 명령으로 강제종료시킬 수는 있지만, 시스템 다운을 유발하거나, 다른 부작용을 낳을 수 있습니다