locked
exzessiver Festplattenzugriff durch Dienst

    Allgemeine Diskussion

  • Ich habe mal den Process Monitor angeworden und folgende Festplattenzugriffe gefunden:

    15:13:12,7884983	svchost.exe	572	CreateFile	C:\Windows\system32\system32\drivers\pci.sys	PATH NOT FOUND	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms
    15:13:12,7890946	svchost.exe	572	CreateFile	C:\Windows\system32\system32\drivers\pci.sys	PATH NOT FOUND	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms
    15:13:12,7903068	svchost.exe	572	CreateFile	C:\Windows\system\system32\drivers\pci.sys	PATH NOT FOUND	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms
    15:13:12,7908054	svchost.exe	572	CreateFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms, OpenResult: Opened
    15:13:12,7908503	svchost.exe	572	QueryBasicInformationFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	CreationTime: 13.01.2012 22:48:01, LastAccessTime: 13.01.2012 22:48:01, LastWriteTime: 20.11.2010 13:30:06, ChangeTime: 14.01.2012 12:49:15, FileAttributes: A
    15:13:12,7908633	svchost.exe	572	CloseFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	
    15:13:12,7911016	svchost.exe	572	CreateFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms, OpenResult: Opened
    15:13:12,7911508	svchost.exe	572	CreateFileMapping	C:\Windows\System32\drivers\pci.sys	FILE LOCKED WITH ONLY READERS	SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY
    15:13:12,7911615	svchost.exe	572	QueryStandardInformationFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	AllocationSize: 155.648, EndOfFile: 153.984, NumberOfLinks: 1, DeletePending: False, Directory: False
    15:13:12,7911851	svchost.exe	572	CreateFileMapping	C:\Windows\System32\drivers\pci.sys	SUCCESS	SyncType: SyncTypeOther
    15:13:12,7912273	svchost.exe	572	CloseFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	
    15:13:12,7917999	svchost.exe	572	CreateFile	C:\Windows\System32\drivers\de-DE\pci.sys.mui	SUCCESS	Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms, OpenResult: Opened
    15:13:12,7918511	svchost.exe	572	CreateFileMapping	C:\Windows\System32\drivers\de-DE\pci.sys.mui	FILE LOCKED WITH ONLY READERS	SyncType: SyncTypeCreateSection, PageProtection: PAGE_WRITECOPY
    15:13:12,7918621	svchost.exe	572	QueryStandardInformationFile	C:\Windows\System32\drivers\de-DE\pci.sys.mui	SUCCESS	AllocationSize: 8.192, EndOfFile: 8.192, NumberOfLinks: 3, DeletePending: False, Directory: False
    15:13:12,7918877	svchost.exe	572	CreateFileMapping	C:\Windows\System32\drivers\de-DE\pci.sys.mui	SUCCESS	SyncType: SyncTypeOther
    15:13:12,7919704	svchost.exe	572	CloseFile	C:\Windows\System32\drivers\de-DE\pci.sys.mui	SUCCESS	
    
    15:13:12,7924816	svchost.exe	572	CreateFile	C:\Windows\system32\system32\drivers\pci.sys	PATH NOT FOUND	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms
    15:13:12,7926754	svchost.exe	572	CreateFile	C:\Windows\system32\system32\drivers\pci.sys	PATH NOT FOUND	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms
    15:13:12,7929598	svchost.exe	572	CreateFile	C:\Windows\system\system32\drivers\pci.sys	PATH NOT FOUND	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms
    15:13:12,7934115	svchost.exe	572	CreateFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms, OpenResult: Opened
    15:13:12,7934619	svchost.exe	572	QueryBasicInformationFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	CreationTime: 13.01.2012 22:48:01, LastAccessTime: 13.01.2012 22:48:01, LastWriteTime: 20.11.2010 13:30:06, ChangeTime: 14.01.2012 12:49:15, FileAttributes: A
    15:13:12,7934741	svchost.exe	572	CloseFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	
    15:13:12,7937128	svchost.exe	572	CreateFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: jms-PC\jms, OpenResult: Opened
    15:13:12,7937620	svchost.exe	572	CreateFileMapping	C:\Windows\System32\drivers\pci.sys	FILE LOCKED WITH ONLY READERS	SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY
    15:13:12,7937723	svchost.exe	572	QueryStandardInformationFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	AllocationSize: 155.648, EndOfFile: 153.984, NumberOfLinks: 1, DeletePending: False, Directory: False
    15:13:12,7937947	svchost.exe	572	CreateFileMapping	C:\Windows\System32\drivers\pci.sys	SUCCESS	SyncType: SyncTypeOther
    15:13:12,7938341	svchost.exe	572	CloseFile	C:\Windows\System32\drivers\pci.sys	SUCCESS	
    

    Da bearbeitet also ein Prozess im Millisekundentakt ständig die Datei pci.sys und andere. Der Prozess ist wohl der Plug&Play-Dienst, bzw. eventuell auch Power oder DComLaunch.

    Diese Zugriff sehen nicht sehr sinnvoll aus, mir scheint da stimmt etwas nicht.

    Da ich eine SSD-Platte habe, nehme ich mal an, dass das für die Platte auch nicht sehr gut ist.

     

    Samstag, 14. Januar 2012 15:17

Alle Antworten