It depends on the amount of services you have started, those set as automatic usually is started automatically with windows, some might also start when performing various tasks such as changing network settings, messing with disk management etc..
Each copy of svchost actually handles multiple services.
If you check the properties of for example Workstation (c.panel->admin.tools->services) you can see that it runs:
svchost.exe -k netsvcs
But also Server runs with the same parameter. Now if you run> regedit.exe
and go here:
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\
You'll find an entry for netsvcs listing all the services it handles. If you have a better task manager you could see the full path to svchost.exe and the parameter it's running with, like with this one: http://www.lentoman.net/temp/tasks.gif
The conclusion is that it's okay to have multiple svchost.exe running as long as the path is the same and it resides in the system32 folder, if its not located in the system32 folder it could be a virus. Of course the original svchost.exe could be infected or replaced aswell, but it's less likely as it's a complicated task to do.
Also there are other services that doesn't use svchost.exe but that's another story...
Each copy of svchost actually handles multiple services.
If you check the properties of for example Workstation (c.panel->admin.tools->services) you can see that it runs:
svchost.exe -k netsvcs
But also Server runs with the same parameter. Now if you run> regedit.exe
and go here:
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\
You'll find an entry for netsvcs listing all the services it handles. If you have a better task manager you could see the full path to svchost.exe and the parameter it's running with, like with this one: http://www.lentoman.net/temp/tasks.gif
The conclusion is that it's okay to have multiple svchost.exe running as long as the path is the same and it resides in the system32 folder, if its not located in the system32 folder it could be a virus. Of course the original svchost.exe could be infected or replaced aswell, but it's less likely as it's a complicated task to do.
Also there are other services that doesn't use svchost.exe but that's another story...
