Showing stack for one of these threads it gives me:
ntoskrnl.exe!KiSwapContext+0x7fntoskrnl.exe!KiSwapThread+0x2fantoskrnl.exe!KeWaitForSingleObject+0x2dantoskrnl.exe!KiSuspendThread+0x29ntoskrnl.exe!KiDeliverApc+0x420ntoskrnl.exe!KiApcInterrupt+0x103ntoskrnl.exe!ExAcquireFastMutex+0x5PROCMON20.SYS+0x2a83PROCMON20.SYS+0x5ae0PROCMON20.SYS+0x6561ntoskrnl.exe!CmpCallCallBacks+0x24dntoskrnl.exe! ?? ::NNGAKEGL::`string'+0x225cbntoskrnl.exe!ObpLookupObjectName+0x2centoskrnl.exe!ObOpenObjectByName+0x2f4ntoskrnl.exe!CmOpenKey+0x25dntoskrnl.exe!KiSystemServiceCopyEnd+0x13ntdll.dll!NtOpenKey+0xaADVAPI32.dll!LocalBaseRegOpenKey+0x153ADVAPI32.dll!RegOpenKeyExInternalW+0x1f2ADVAPI32.dll!RegOpenKeyExW+0x19umpnpmgr.dll!OpenObjectBaseKey+0xeeumpnpmgr.dll!PnpGetDeviceRegProp+0x33eumpnpmgr.dll!PNP_GetDeviceRegProp+0x59RPCRT4.dll!Invoke+0x65RPCRT4.dll!Ndr64StubWorker+0x653RPCRT4.dll!NdrServerCallAll+0x40RPCRT4.dll!DispatchToStubInCNoAvrf+0x14RPCRT4.dll!RPC_INTERFACE::DispatchToStubWorker+0x100RPCRT4.dll!LRPC_SCALL::DispatchRequest+0x180RPCRT4.dll!LRPC_SCALL::HandleRequest+0x1fbRPCRT4.dll!LRPC_ADDRESS::ProcessIO+0x28fRPCRT4.dll!LOADABLE_TRANSPORT::ProcessIOEvents+0x1d1RPCRT4.dll!ProcessIOEventsWrapper+0x9RPCRT4.dll!BaseCachedThreadRoutine+0x9bRPCRT4.dll!ThreadStartRoutine+0x24kernel32.dll!BaseThreadInitThunk+0xdntdll.dll!RtlUserThreadStart+0x1dchecking threads in wmiPrvSE it shows 3 X RPCRT4.dll!TreadStartRoutine at the top, constantly using cpu.
19 16:30:59,1138739 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\kernel32.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\kernel32.dll20 16:30:59,1139329 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\user32.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\user32.dll21 16:30:59,1139796 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\ntdll.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\ntdll.dll22 16:30:59,1140131 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\psapi.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\psapi.dll23 16:30:59,1140506 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\wbem\WmiPrvSE.exe SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\wbem\WmiPrvSE.exe24 16:30:59,1140817 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\wbem\cimwin32.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\wbem\cimwin32.dll25 16:30:59,1141191 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\framedynos.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\framedynos.dll26 16:30:59,1141602 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\cscapi.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\cscapi.dll27 16:30:59,1141999 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\wbem\wmiutils.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\wbem\wmiutils.dll28 16:30:59,1142391 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\wbem\wbemsvc.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\wbem\wbemsvc.dll29 16:30:59,1142799 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\wbem\fastprox.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\wbem\fastprox.dll30 16:30:59,1143144 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\wbemcomn.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\wbemcomn.dll31 16:30:59,1143565 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\cfgmgr32.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\cfgmgr32.dll32 16:30:59,1143894 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\winsta.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\winsta.dll33 16:30:59,1144251 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\wintrust.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\wintrust.dll34 16:30:59,1144647 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\powrprof.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\powrprof.dll35 16:30:59,1145010 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\ntmarta.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\ntmarta.dll36 16:30:59,1145367 wmiprvse.exe 1124 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\rsaenh.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\rsaenh.dllMcAfee antivirus protection log alarms that svchost is trying to shut down some mcafee componentsOk, you are now thinking VIRUS! , yepp me too , but no, checked the files with booth mcafee and onlie, spybot and ad-aware , nothing. Procexpl say its a verified MS image file (both files)I have uninstalled most of the programs installed lately, nothing.....I have stopped all services (that can be stopped, exept wmi) nothing...I have killed all running processes ... nothing...First if i shut down Windows management instrumentation it stops....checking threads in svchost it shows 6 X RPCRT4.dll!TreadStartRoutine at the top, constantly using cpu.Showing stack for one of these threads it gives me:
Hi.I have got a problem with wmiprvSE, itAs using cpu, alot of cpu and all the time..System details:Windows vista X64 sp1 (fully patched)Asus p5k with a quadcoreProblem:svchost / wmiPrvSE is using CPU all the time 30% (on all cores). Using procmon i can see that itAs proobing registry over and over again. Ex: RegOpenKey: HKLM\System\CurrentControlSet\Control\DeviceClassesIf i Restart wmiPrSE it will do file access:ex:
Topic: svchost / wmiPrvSE.exe using cpu Posted: 04 October 2008 at 3:46pm
Topic Search Topic Options
svchost / wmiPrvSE.exe using cpu - Sysinternals Forums
Комментариев нет:
Отправить комментарий