感谢斑主大师.贴上用process explorer得到的processing runing
所在版块:技术の宅 发贴时间:2005-09-01 22:48

用户信息
复制本帖HTML代码
高亮: 今天贴 X 昨天贴 X 前天贴 X 
Process PID CPU Description Company Name
System Idle Process 0 84.07
Interrupts n/a Hardware Interrupts
DPCs n/a 0.88 Deferred Procedure Calls
System 4
smss.exe 904 Windows NT Session Manager Microsoft Corporation
csrss.exe 992 0.88 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1016 Windows NT Logon Application Microsoft Corporation
services.exe 1060 1.77 Services and Controller app Microsoft Corporation
ibmpmsvc.exe 1284
svchost.exe 1324 Generic Host Process for Win32 Services Microsoft Corporation
1XConfig.exe 3236 8021XConfig Module Intel
wmiprvse.exe 232 WMI Microsoft Corporation
svchost.exe 1416 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1564 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3816 Automatic Updates Microsoft Corporation
EvtEng.exe 1668 EvtEng Module Intel Corporation
S24EvMon.exe 1704 Event Monitor - Supports driver extensions to NIC Driver for wireless adapters. Intel Corporation
WLKEEPER.exe 1748 WLKEEPER Intel® Corporation
svchost.exe 1820 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1948 Generic Host Process for Win32 Services Microsoft Corporation
ccSetMgr.exe 416 Common Client Settings Manager Service Symantec Corporation
ccEvtMgr.exe 440 Common Client Event Manager Service Symantec Corporation
spoolsv.exe 688 Spooler SubSystem App Microsoft Corporation
blackd.exe 820 blackd Internet Security Systems, Inc.
DefWatch.exe 840 Virus Definition Daemon Symantec Corporation
ntrtscan.exe 932 Trend Micro Inc.
BL515.EXE 1308
OfcPfwSvc.exe 984 OfcPfwSvc Trend Micro Inc.
OProtSvc.exe 1364 Ownership protocol service Intel Corporation
QCONSVC.EXE 1528 IBM Access Connections - Service Component. IBM Corp.
RapApp.exe 1676 1.77 appcomply Internet Security Systems, Inc.
RegSrvc.exe 1904 RegSrvc Module Intel Corporation
SavRoam.exe 2008 SAVRoam symantec
svchost.exe 396 Generic Host Process for Win32 Services Microsoft Corporation
Rtvscan.exe 1348 Symantec AntiVirus Symantec Corporation
tmlisten.exe 2112 Trend Micro Inc.
PccNTUpd.exe 2372 Trend Micro Inc.
TpKmpSvc.exe 2272
wdfmgr.exe 2292 Windows User Mode Driver Manager Microsoft Corporation
Vpatch.exe 2324 Virtual Patch Protection System Internet Security Systems, Inc.
lsass.exe 1072 LSA Shell (Export Version) Microsoft Corporation
ZCfgSvc.exe 2900 ZeroCfgSvc MFC Application Intel Corporation
explorer.exe 3176 Windows Explorer Microsoft Corporation
SynTPLpr.exe 3684 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 3760 Synaptics TouchPad Enhancements Synaptics, Inc.
igfxtray.exe 3780 igfxTray Module Intel Corporation
hkcmd.exe 3792 hkcmd Module Intel Corporation
TpShocks.exe 3988 IBM Active Protection System IBM Corp.
TPHKMGR.exe 4000
TPONSCR.exe 896
TpScrex.exe 2056 ThinkPad UltraZoom IBM Corporation
rundll32.exe 4056 Run a DLL as an App Microsoft Corporation
EzEjMnAp.Exe 236 IBM ThinkPad EasyEject Support Application IBM Corp.
ibmmessages.exe 596 ibmmessages IBM
QCTRAY.EXE 764 IBM Access Connections - Taskbar Application. IBM Corp.
QCWLICON.EXE 944 IBM Access Connections - Wireless Status Icon. IBM Corp.
rundll32.exe 1192 Run a DLL as an App Microsoft Corporation
PccNTMon.exe 1516 I/O Monitor Trend Micro Inc.
iFrmewrk.exe 1876 Intel Framework MFC Application Intel Corporation
EOUWiz.exe 2396 Ease Of Use Wizard Application Intel Corporation
tfswctrl.exe 2488 Drive Letter Access Component Sonic Solutions
ccApp.exe 1208 Common Client User Session Symantec Corporation
VPTray.exe 2580 Symantec AntiVirus Symantec Corporation
ctfmon.exe 3508 CTF Loader Microsoft Corporation
msnmsgr.exe 4044 MSN Messenger Microsoft Corporation
DLG.exe 1716 Digital Line Detection BVRP Software
iexplore.exe 2896 Internet Explorer Microsoft Corporation
iexplore.exe 3732 Internet Explorer Microsoft Corporation
iexplore.exe 3256 Internet Explorer Microsoft Corporation
procexp.exe 3292 10.62 Sysinternals Process Explorer Sysinternals

Process: wmiprvse.exe Pid: 232

Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM
File \Device\WMIDataDevice
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\system32
Key HKLM
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKU\S-1-5-20_CLASSES
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
Key HKCR
Key HKU\S-1-5-20_CLASSES
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKCR
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Port \RPC Control\OLEE41DBB9743004CB1A5E3046B12B1
Section \BaseNamedObjects\__R_000000000013_SMem__
Section \BaseNamedObjects\Wmi Provider Sub System Counters
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Thread wmiprvse.exe(232): 2240
Thread wmiprvse.exe(232): 2688
Thread wmiprvse.exe(232): 3996
Thread wmiprvse.exe(232): 3600
Thread wmiprvse.exe(232): 2240
Thread wmiprvse.exe(232): 3200
Thread wmiprvse.exe(232): 3600
Thread wmiprvse.exe(232): 2688
Thread wmiprvse.exe(232): 700
Token NT AUTHORITY\NETWORK SERVICE
Token NT AUTHORITY\SYSTEM
WindowStation \Windows\WindowStations\Service-0x0-3e4$
WindowStation \Windows\WindowStations\Service-0x0-3e4$
.
欢迎来到华新中文网,踊跃发帖是支持我们的最好方法!

 相关帖子 我要回复↙ ↗回到正文
极度痛苦中,求助于各位大师 poi  2005-08-24 23:24 (726 bytes , 608reads )
遇到同样的问题,最后是重装系统,然后装SP2和trend officescan 山水  2005-08-28 14:46 (39 bytes , 229reads )
感谢ING poi  2005-08-29 22:51 (0 bytes , 179reads )
more info needed SmellsLikeTeenSpirit  2005-08-27 12:31 (325 bytes , 256reads )
恕在下实在是菜鸟,弱弱的请求具体地说明. poi  2005-09-01 03:18 (44 bytes , 267reads )
sorry, no chinese input, but here are the steps SmellsLikeTeenSpirit  2005-09-01 09:47 (469 bytes , 227reads )
感谢斑主大师.贴上用process explorer得到的processing runing poi  2005-09-01 22:48 (6347 bytes , 579reads )
嗯, SmellsLikeTeenSpirit  2005-09-02 00:18 (252 bytes , 178reads )
再谢一次 poi  2005-09-02 06:46 (0 bytes , 225reads )
哈哈,系统好象恢复正常了也. poi  2005-09-02 06:45 (99 bytes , 203reads )
hehe, 其实到底是哪一步解决了问题? SmellsLikeTeenSpirit  2005-09-02 22:21 (0 bytes , 206reads )
不太清楚.好象是kill掉BL515.EXE 1308 .目前一切正常. poi  2005-09-03 03:20 (0 bytes , 231reads )
cool SmellsLikeTeenSpirit  2005-09-03 13:22 (0 bytes , 120reads )
已经KILL了 poi  2005-09-02 02:13 (367 bytes , 200reads )
some kernel mode rootkits can even hide from process explorer. 留名  2005-08-30 15:02 (0 bytes , 203reads )
ya i agree SmellsLikeTeenSpirit  2005-08-30 16:52 (27 bytes , 153reads )
各位大师,为什么只有看的,没有回的.请救我于水深火热之中. poi  2005-08-27 00:09 (0 bytes , 158reads )