vista have svchost.exe,svchost,startup process

Users used Windows 2000/XP/Server2003 there are clear systems have 2 to 4 svchost process. However, under the svchost process in Vista up to 12. The svchost.exe is the same file path C: \ Windows \ System32 \ svchost.exe, they are what is difference? Vista zone today to tell you. We open the Vista Task Manager can see the user name for each svchost process is different, either SYSTEM while the others are NETWORK SERVICE 
     
     We can Vista Task Manager a new "command line" feature to see each process line peb start cmdline know really what is the corresponding group of. If we allow Vista Task Manager shows that "command line" can refer to the Vista Task Manager zone Vista's new features you know a text. They are imgsvc NetworkServiceNetworkRestricted LocalServiceNoNetwork NetworkService LocalService netsvcs LocalSystemNetworkRestricted LocalServiceNetworkRestricted services rpcss WerSvcGroup DcomLaunch Unit 


     C: \ Windows \ System32 \ svchost.exe-k imgsvc 
     C: \ Windows \ System32 \ svchost.exe-k NetworkServiceNetworkRestricted 
     C: \ Windows \ System32 \ svchost.exe-k LocalServiceNoNetwork 
     C: \ Windows \ System32 \ svchost.exe-k NetworkService
     C: \ Windows \ System32 \ svchost.exe-k LocalService 
     C: \ Windows \ System32 \ svchost.exe-k netsvcs 
     C: \ Windows \ System32 \ svchost.exe-k LocalSystemNetworkRestricted 
     C: \ Windows \ System32 \ svchost.exe-k LocalServiceNetworkRestricted 
     C: \ Windows \ System32 \ svchost.exe-k services 
     C: \ Windows \ System32 \ svchost.exe-k rpcss 
     C: \ Windows \ System32 \ svchost.exe-k WerSvcGroup 
     C: \ Windows \ System32 \ svchost.exe-k DcomLaunch 

How to tell whether the true svchost process svchost process and add-ons in the dll the existence of abnormal service. (Svchost process is used to load the Windows NT service group). Let us take a normal Vista process to analyze. 

First, we write with their own small piece of software (http://computervi.com product) to detect. From the "process management" list, we can see "select a command-line" as svchost.exe-k SDRSVC Services Division, where all For safety's svchost process, through Vista antivirus partner's "security" tab can be seen. 

So what kind of svchost process for the virus? In Vista antivirus partner in the "Security" tab for the UN -unknown safety representatives. We also can observe the svchost process in the command line does not form a service group to start, while the corresponding Dll module path "safe" label for the UN.  we can determine that it is a virus.