читать дальше »
===> Found process: services.exe, Pid: 668
===> Found process: svchost.exe, Pid: 848
===> Found process: svchost.exe, Pid: 916
===> Found process: svchost.exe, Pid: 1012
===> Found process: svchost.exe, Pid: 1056
===> Found process: svchost.exe, Pid: 1108
PID = 1108: Source= Time,
Using Kernrate Default Rate of 25000 events/hit
PID = 1056: Source= Time,
Using Kernrate Default Rate of 25000 events/hit
PID = 1012: Source= Time,
Using Kernrate Default Rate of 25000 events/hit
PID = 916: Source= Time,
Using Kernrate Default Rate of 25000 events/hit
PID = 848: Source= Time,
Using Kernrate Default Rate of 25000 events/hit
PID = 668: Source= Time,
Using Kernrate Default Rate of 25000 events/hit
/==============================\
< KERNRATE LOG >
\==============================/
Date: 2008/04/01 Time: 12:21:04
Machine Name: COMP515
Number of Processors: 1
PROCESSOR_ARCHITECTURE: x86
PROCESSOR_LEVEL: 15
PROCESSOR_REVISION: 0209
Physical Memory: 247 MB
Pagefile Total: 745 MB
Virtual Total: 2047 MB
PageFile1: \??\C:\pagefile.sys, 512MB
OS Version: 5.1 Build 2600 Service-Pack: 2.0
WinDir: C:\WINDOWS
Kernrate User-Specified Command Line:
Kernrate_i386_XP.exe -t -n services.exe -n svchost.exe
------------Overall Summary:--------------
P0 K 0:00:01.656 (89.1%) U 0:00:00.203 (10.9%) I 0:00:00.000 ( 0.0%) DPC 0:00:00.031 ( 1.7%) Interrupt 0:00:00.000 ( 0.0%)
Interrupts= 1520, Interrupt Rate= 817/sec.
Total Profile Time = 1859 msec
BytesStart BytesStop BytesDiff.
Available Physical Memory , 105181184, 103989248, -1191936
Available Pagefile(s) , 647688192, 647114752, -573440
Available Virtual , 2131632128, 2131632128, 0
Available Extended Virtual , 0, 0, 0
Total Avg. Rate
Context Switches , 1334, 717/sec.
System Calls , 258009, 138761/sec.
Page Faults , 744, 400/sec.
I/O Read Operations , 31, 17/sec.
I/O Write Operations , 0, 0/sec.
I/O Other Operations , 125, 67/sec.
I/O Read Bytes , 372, 12/ I/O
I/O Write Bytes , 0, 0/ I/O
I/O Other Bytes , 2968, 24/ I/O
--- Process List and Summary At The End of Data Collection ---
Found 20 processes at the start point, 20 processes at the stop point
Percentage in the following table is based on the Elapsed Time
ProcessID, Process Name, Kernel Time, User-Mode Time, Idle Time
0, System Idle Process, 0.00%, 0.00%, ~ 0.00%
4, System, 0.00%, 0.00%
536, smss.exe, 0.00%, 0.00%
600, csrss.exe, 0.00%, 0.00%
624, winlogon.exe, 0.00%, 0.00%
668, services.exe, 1.68%, 0.00%
684, lsass.exe, 0.00%, 0.00%
848, svchost.exe, 0.00%, 0.00%
916, svchost.exe, 0.00%, 0.00%
1012, svchost.exe, 82.35%, 9.24%
1056, svchost.exe, 0.00%, 0.00%
1108, svchost.exe, 0.00%, 0.00%
1404, MDM.EXE, 0.00%, 0.00%
588, explorer.exe, 0.00%, 0.00%
1504, msiexec.exe, 0.00%, 0.00%
1916, hkcmd.exe, 0.00%, 0.00%
1928, ctfmon.exe, 0.00%, 0.00%
1096, procexp.exe, 3.36%, 1.68%
1296, cmd.exe, 0.00%, 0.00%
1604, Kernrate_i386_XP.exe, 0.00%, 0.00%
----------------------------------------------------------------
Results for User Mode Process SVCHOST.EXE (PID = 1108)
User Time = 0.00% of the Elapsed Time
Kernel Time = 0.00% of the Elapsed Time
Total Avg. Rate
Page Faults , 0, 0/sec.
I/O Read Operations , 0, 0/sec.
I/O Write Operations , 0, 0/sec.
I/O Other Operations , 0, 0/sec.
I/O Read Bytes , 0, 0/ I/O
I/O Write Bytes , 0, 0/ I/O
I/O Other Bytes , 0, 0/ I/O
Start-Count Stop-Count Diff.
Threads , 13, 13, 0
Handles , 164, 164, 0
Working Set Bytes , 4022272, 4022272, 0
Virtual Size Bytes , 35794944, 35794944, 0
Paged Pool Bytes , 37528, 37528, 0
Non Paged Pool Bytes , 5952, 5952, 0
Pagefile Bytes , 1560576, 1560576, 0
Private Pages Bytes , 1560576, 1560576, 0
------------------------------------------------------------------
OutputResults: ProcessModuleCount (Including Managed-Code JITs) = 40
Percentage in the following table is based on the Total Hits for this Process
Time - No Hits Recorded
----------------------------------------------------------------
Results for User Mode Process SVCHOST.EXE (PID = 1056)
User Time = 0.00% of the Elapsed Time
Kernel Time = 0.00% of the Elapsed Time
Total Avg. Rate
Page Faults , 0, 0/sec.
I/O Read Operations , 0, 0/sec.
I/O Write Operations , 0, 0/sec.
I/O Other Operations , 0, 0/sec.
I/O Read Bytes , 0, 0/ I/O
I/O Write Bytes , 0, 0/ I/O
I/O Other Bytes , 0, 0/ I/O
Start-Count Stop-Count Diff.
Threads , 6, 6, 0
Handles , 80, 80, 0
Working Set Bytes , 3276800, 3276800, 0
Virtual Size Bytes , 30187520, 30187520, 0
Paged Pool Bytes , 30604, 30604, 0
Non Paged Pool Bytes , 3608, 3608, 0
Pagefile Bytes , 1216512, 1216512, 0
Private Pages Bytes , 1216512, 1216512, 0
------------------------------------------------------------------
OutputResults: ProcessModuleCount (Including Managed-Code JITs) = 30
Percentage in the following table is based on the Total Hits for this Process
Time - No Hits Recorded
----------------------------------------------------------------
Results for User Mode Process SVCHOST.EXE (PID = 1012)
User Time = 9.24% of the Elapsed Time
Kernel Time = 82.35% of the Elapsed Time
Total Avg. Rate
Page Faults , 0, 0/sec.
I/O Read Operations , 0, 0/sec.
I/O Write Operations , 0, 0/sec.
I/O Other Operations , 0, 0/sec.
I/O Read Bytes , 0, 0/ I/O
I/O Write Bytes , 0, 0/ I/O
I/O Other Bytes , 0, 0/ I/O
Start-Count Stop-Count Diff.
Threads , 51, 51, 0
Handles , 1055, 1055, 0
Working Set Bytes , 22360064, 22360064, 0
Virtual Size Bytes , 99487744, 99487744, 0
Paged Pool Bytes , 90660, 90660, 0
Non Paged Pool Bytes , 22592, 22592, 0
Pagefile Bytes , 14843904, 14843904, 0
Private Pages Bytes , 14843904, 14843904, 0
------------------------------------------------------------------
OutputResults: ProcessModuleCount (Including Managed-Code JITs) = 129
Percentage in the following table is based on the Total Hits for this Process
Time 81 hits, 25000 events per hit --------
Module Hits msec %Total Events/Sec
ntdll 69 1844 85 % 935466
mswsock 12 1844 14 % 162689
----------------------------------------------------------------
Results for User Mode Process SVCHOST.EXE (PID = 916)
User Time = 0.00% of the Elapsed Time
Kernel Time = 0.00% of the Elapsed Time
Total Avg. Rate
Page Faults , 0, 0/sec.
I/O Read Operations , 0, 0/sec.
I/O Write Operations , 0, 0/sec.
I/O Other Operations , 0, 0/sec.
I/O Read Bytes , 0, 0/ I/O
I/O Write Bytes , 0, 0/ I/O
I/O Other Bytes , 0, 0/ I/O
Start-Count Stop-Count Diff.
Threads , 10, 10, 0
Handles , 227, 227, 0
Working Set Bytes , 4116480, 4116480, 0
Virtual Size Bytes , 35282944, 35282944, 0
Paged Pool Bytes , 38796, 38796, 0
Non Paged Pool Bytes , 14368, 14368, 0
Pagefile Bytes , 1691648, 1691648, 0
Private Pages Bytes , 1691648, 1691648, 0
------------------------------------------------------------------
OutputResults: ProcessModuleCount (Including Managed-Code JITs) = 38
Percentage in the following table is based on the Total Hits for this Process
Time - No Hits Recorded
----------------------------------------------------------------
Results for User Mode Process SVCHOST.EXE (PID = 848)
User Time = 0.00% of the Elapsed Time
Kernel Time = 0.00% of the Elapsed Time
Total Avg. Rate
Page Faults , 0, 0/sec.
I/O Read Operations , 0, 0/sec.
I/O Write Operations , 0, 0/sec.
I/O Other Operations , 0, 0/sec.
I/O Read Bytes , 0, 0/ I/O
I/O Write Bytes , 0, 0/ I/O
I/O Other Bytes , 0, 0/ I/O
Start-Count Stop-Count Diff.
Threads , 18, 18, 0
Handles , 199, 199, 0
Working Set Bytes , 4849664, 4849664, 0
Virtual Size Bytes , 62177280, 62177280, 0
Paged Pool Bytes , 65048, 65048, 0
Non Paged Pool Bytes , 47664, 47664, 0
Pagefile Bytes , 3035136, 3035136, 0
Private Pages Bytes , 3035136, 3035136, 0
------------------------------------------------------------------
OutputResults: ProcessModuleCount (Including Managed-Code JITs) = 48
Percentage in the following table is based on the Total Hits for this Process
Time - No Hits Recorded
----------------------------------------------------------------
Results for User Mode Process SERVICES.EXE (PID = 668)
User Time = 0.00% of the Elapsed Time
Kernel Time = 1.68% of the Elapsed Time
Total Avg. Rate
Page Faults , 0, 0/sec.
I/O Read Operations , 0, 0/sec.
I/O Write Operations , 0, 0/sec.
I/O Other Operations , 0, 0/sec.
I/O Read Bytes , 0, 0/ I/O
I/O Write Bytes , 0, 0/ I/O
I/O Other Bytes , 0, 0/ I/O
Start-Count Stop-Count Diff.
Threads , 19, 19, 0
Handles , 302, 302, 0
Working Set Bytes , 7499776, 7499776, 0
Virtual Size Bytes , 51802112, 51802112, 0
Paged Pool Bytes , 45768, 45768, 0
Non Paged Pool Bytes , 8240, 8240, 0
Pagefile Bytes , 4517888, 4517888, 0
Private Pages Bytes , 4517888, 4517888, 0
------------------------------------------------------------------
OutputResults: ProcessModuleCount (Including Managed-Code JITs) = 32
Percentage in the following table is based on the Total Hits for this Process
Time 2 hits, 25000 events per hit --------
Module Hits msec %Total Events/Sec
ntdll 1 1844 50 % 13557
services 1 1844 50 % 13557
================================= END OF RUN ==================================
В ProcessExporer в момент всплеска загрузки наибольшую активность проявляют потоки
