Sujet Précédent Sujet Suivant

Processeur 100% WMI Provider Host

Fermé
Tano-68 - 6 mars 2018 à 18:41
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 6 mars 2018 à 21:27
Bonjour,
Depuis peu, je me suis rendu compte que mon processeur bloque à 100% avec le processus WMI Provider Host qui varie de sorte à monter mon processeur à 100% tout le temps.

Pensant à un virus, j'ai lancé malwerbytes et avast sans rien trouver.
J'ai ensuite fais les mises à jour windows, mais cela n'a rien changé.

Je viens donc vers vous car je suis un peu perdu pour le moment...

Merci pour votre aide !


A voir également:

2 réponses

Réponse 1 / 2
Tano-68
6 mars 2018 à 18:48
Je rajoute un scan effectué avec WMI Diag :

29113 18:43:03 (0) ** WMIDiag v2.2 started on mardi 6 mars 2018 at 18:34.
29114 18:43:03 (0) **
29115 18:43:03 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007.
29116 18:43:03 (0) **
29117 18:43:03 (0) ** This script is not supported under any Microsoft standard support program or service.
29118 18:43:03 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
29119 18:43:03 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
29120 18:43:03 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
29121 18:43:03 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
29122 18:43:03 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
29123 18:43:03 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
29124 18:43:03 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
29125 18:43:03 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
29126 18:43:03 (0) ** of the possibility of such damages.
29127 18:43:03 (0) **
29128 18:43:03 (0) **
29129 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29130 18:43:03 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
29131 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29132 18:43:03 (0) **
29133 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29134 18:43:03 (0) ** Windows 8.1 - No Service Pack - 64-bit (16299) - User 'MSI-GAETAN\GARRE' on computer 'MSI-GAETAN'.
29135 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29136 18:43:03 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
29137 18:43:03 (0) ** INFO: => 15 possible incorrect shutdown(s) detected on:
29138 18:43:03 (0) ** - Shutdown on 01 November 2017 18:51:10 (GMT-0).
29139 18:43:03 (0) ** - Shutdown on 01 November 2017 20:10:16 (GMT-0).
29140 18:43:03 (0) ** - Shutdown on 05 November 2017 15:11:37 (GMT-0).
29141 18:43:03 (0) ** - Shutdown on 11 November 2017 09:55:22 (GMT-0).
29142 18:43:03 (0) ** - Shutdown on 11 November 2017 20:53:22 (GMT-0).
29143 18:43:03 (0) ** - Shutdown on 11 November 2017 21:23:37 (GMT-0).
29144 18:43:03 (0) ** - Shutdown on 12 November 2017 21:24:18 (GMT-0).
29145 18:43:03 (0) ** - Shutdown on 12 November 2017 22:20:08 (GMT-0).
29146 18:43:03 (0) ** - Shutdown on 13 November 2017 09:22:33 (GMT-0).
29147 18:43:03 (0) ** - Shutdown on 13 November 2017 12:31:38 (GMT-0).
29148 18:43:03 (0) ** - Shutdown on 01 January 2018 13:47:33 (GMT-0).
29149 18:43:03 (0) ** - Shutdown on 14 January 2018 08:54:30 (GMT-0).
29150 18:43:03 (0) ** - Shutdown on 25 January 2018 15:37:11 (GMT-0).
29151 18:43:03 (0) ** - Shutdown on 06 February 2018 16:24:52 (GMT-0).
29152 18:43:03 (0) ** - Shutdown on 07 February 2018 18:26:31 (GMT-0).
29153 18:43:03 (0) **
29154 18:43:03 (0) ** System drive: ....................................................................................................... C: (Disque n° 0 partition n° 1).
29155 18:43:03 (0) ** Drive type: ......................................................................................................... IDE (KINGSTON RBU-SNS8152S3256GG5).
29156 18:43:03 (0) ** There are no missing WMI system files: .............................................................................. OK.
29157 18:43:03 (0) ** There are no missing WMI repository files: .......................................................................... OK.
29158 18:43:03 (0) ** WMI repository state: ............................................................................................... N/A.
29159 18:43:03 (0) ** AFTER running WMIDiag:
29160 18:43:03 (0) ** The WMI repository has a size of: ................................................................................... 73 MB.
29161 18:43:03 (0) ** - Disk free space on 'C:': .......................................................................................... 64454 MB.
29162 18:43:03 (0) ** - INDEX.BTR, 11575296 bytes, 06/03/2018 18:30:58
29163 18:43:03 (0) ** - MAPPING1.MAP, 206208 bytes, 06/03/2018 18:25:36
29164 18:43:03 (0) ** - MAPPING2.MAP, 206208 bytes, 06/03/2018 18:30:58
29165 18:43:03 (0) ** - OBJECTS.DATA, 63995904 bytes, 06/03/2018 18:30:58
29166 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29167 18:43:03 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
29168 18:43:03 (0) ** Windows Firewall Profile: ........................................................................................... PUBLIC.
29169 18:43:03 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
29170 18:43:03 (0) ** => This will prevent any WMI remote connectivity to this computer except
29171 18:43:03 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING:
29172 18:43:03 (0) ** - 'Windows Management Instrumentation (DCOM-In)'
29173 18:43:03 (0) ** - 'Windows Management Instrumentation (WMI-In)'
29174 18:43:03 (0) ** - 'Windows Management Instrumentation (ASync-In)'
29175 18:43:03 (0) ** Verify the reported status for each of these three inbound rules below.
29176 18:43:03 (0) **
29177 18:43:03 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
29178 18:43:03 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
29179 18:43:03 (0) ** - You can adjust the configuration by executing the following command:
29180 18:43:03 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
29181 18:43:03 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
29182 18:43:03 (0) ** You can also enable each individual rule instead of activating the group rule.
29183 18:43:03 (0) **
29184 18:43:03 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
29185 18:43:03 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
29186 18:43:03 (0) ** - You can adjust the configuration of this rule by executing the following command:
29187 18:43:03 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
29188 18:43:03 (0) **
29189 18:43:03 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
29190 18:43:03 (0) ** => This will prevent any WMI inbound connectivity to this machine.
29191 18:43:03 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
29192 18:43:03 (0) ** - You can adjust the configuration of this rule by executing the following command:
29193 18:43:03 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
29194 18:43:03 (0) **
29195 18:43:03 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
29196 18:43:03 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
29197 18:43:03 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
29198 18:43:03 (0) ** - You can adjust the configuration of this rule by executing the following command:
29199 18:43:03 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
29200 18:43:03 (0) **
29201 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29202 18:43:03 (0) ** DCOM Status: ........................................................................................................ OK.
29203 18:43:03 (0) ** WMI registry setup: ................................................................................................. OK.
29204 18:43:03 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
29205 18:43:03 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
29206 18:43:03 (0) ** - Internet Connection Sharing (ICS) (*) (SHAREDACCESS, StartMode='Manual')
29207 18:43:03 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
29208 18:43:03 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
29209 18:43:03 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
29210 18:43:03 (0) ** this can prevent the service/application to work as expected.
29211 18:43:03 (0) **
29212 18:43:03 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
29213 18:43:03 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
29214 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29215 18:43:03 (0) ** WMI service DCOM setup: ............................................................................................. OK.
29216 18:43:03 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 3 WARNING(S)!
29217 18:43:03 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\NETPEERDISTCIM.DLL (\CLSID\{3292A418-BAC2-4BBF-BB07-66A1CB3B8B7D}\InProcServer32)
29218 18:43:03 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\POLICMAN.DLL (\CLSID\{69D76D1B-B12E-4913-8F48-671B90195A2B}\InProcServer32)
29219 18:43:03 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\POLICMAN.DLL (\CLSID\{AAEAE72F-0328-4763-8ECB-23422EDE2DB5}\InProcServer32)
29220 18:43:03 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
29221 18:43:03 (0) ** fail depending on the operation requested.
29222 18:43:03 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.
29223 18:43:03 (0) **
29224 18:43:03 (0) ** WMI ProgID registrations: ........................................................................................... OK.
29225 18:43:03 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
29226 18:43:03 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
29227 18:43:03 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
29228 18:43:03 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
29229 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29230 18:43:03 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
29231 18:43:03 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
29232 18:43:03 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command
29233 18:43:03 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
29234 18:43:03 (0) ** selecting 'Run as Administrator'.
29235 18:43:03 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task
29236 18:43:03 (0) ** in the Task Scheduler within the right security context.
29237 18:43:03 (0) **
29238 18:43:03 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
29239 18:43:03 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
29240 18:43:03 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
29241 18:43:03 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote
29242 18:43:03 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
29243 18:43:03 (0) **
29244 18:43:03 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
29245 18:43:03 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED!
29246 18:43:03 (0) ** - REMOVED ACE:
29247 18:43:03 (0) ** ACEType: &h0
29248 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29249 18:43:03 (0) ** ACEFlags: &h0
29250 18:43:03 (0) ** ACEMask: &h3
29251 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29252 18:43:03 (0) ** DCOM_RIGHT_ACCESS_LOCAL
29253 18:43:03 (0) **
29254 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29255 18:43:03 (0) ** Removing default security will cause some operations to fail!
29256 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29257 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29258 18:43:03 (0) **
29259 18:43:03 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
29260 18:43:03 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
29261 18:43:03 (0) ** - REMOVED ACE:
29262 18:43:03 (0) ** ACEType: &h0
29263 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29264 18:43:03 (0) ** ACEFlags: &h0
29265 18:43:03 (0) ** ACEMask: &h7
29266 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29267 18:43:03 (0) ** DCOM_RIGHT_ACCESS_LOCAL
29268 18:43:03 (0) ** DCOM_RIGHT_ACCESS_REMOTE
29269 18:43:03 (0) **
29270 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29271 18:43:03 (0) ** Removing default security will cause some operations to fail!
29272 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29273 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29274 18:43:03 (0) **
29275 18:43:03 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
29276 18:43:03 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
29277 18:43:03 (0) ** - REMOVED ACE:
29278 18:43:03 (0) ** ACEType: &h0
29279 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29280 18:43:03 (0) ** ACEFlags: &h0
29281 18:43:03 (0) ** ACEMask: &h7
29282 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29283 18:43:03 (0) ** DCOM_RIGHT_ACCESS_LOCAL
29284 18:43:03 (0) ** DCOM_RIGHT_ACCESS_REMOTE
29285 18:43:03 (0) **
29286 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29287 18:43:03 (0) ** Removing default security will cause some operations to fail!
29288 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29289 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29290 18:43:03 (0) **
29291 18:43:03 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
29292 18:43:03 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
29293 18:43:03 (0) ** - REMOVED ACE:
29294 18:43:03 (0) ** ACEType: &h0
29295 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29296 18:43:03 (0) ** ACEFlags: &h0
29297 18:43:03 (0) ** ACEMask: &h1F
29298 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29299 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29300 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29301 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29302 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29303 18:43:03 (0) **
29304 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29305 18:43:03 (0) ** Removing default security will cause some operations to fail!
29306 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29307 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29308 18:43:03 (0) **
29309 18:43:03 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
29310 18:43:03 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
29311 18:43:03 (0) ** - REMOVED ACE:
29312 18:43:03 (0) ** ACEType: &h0
29313 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29314 18:43:03 (0) ** ACEFlags: &h0
29315 18:43:03 (0) ** ACEMask: &h1F
29316 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29317 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29318 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29319 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29320 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29321 18:43:03 (0) **
29322 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29323 18:43:03 (0) ** Removing default security will cause some operations to fail!
29324 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29325 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29326 18:43:03 (0) **
29327 18:43:03 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
29328 18:43:03 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
29329 18:43:03 (0) ** - REMOVED ACE:
29330 18:43:03 (0) ** ACEType: &h0
29331 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29332 18:43:03 (0) ** ACEFlags: &h0
29333 18:43:03 (0) ** ACEMask: &h1F
29334 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29335 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29336 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29337 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29338 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29339 18:43:03 (0) **
29340 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29341 18:43:03 (0) ** Removing default security will cause some operations to fail!
29342 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29343 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29344 18:43:03 (0) **
29345 18:43:03 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
29346 18:43:03 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
29347 18:43:03 (0) ** - REMOVED ACE:
29348 18:43:03 (0) ** ACEType: &h0
29349 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29350 18:43:03 (0) ** ACEFlags: &h0
29351 18:43:03 (0) ** ACEMask: &h1F
29352 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29353 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29354 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29355 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29356 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29357 18:43:03 (0) **
29358 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29359 18:43:03 (0) ** Removing default security will cause some operations to fail!
29360 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29361 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29362 18:43:03 (0) **
29363 18:43:03 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
29364 18:43:03 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
29365 18:43:03 (0) ** - REMOVED ACE:
29366 18:43:03 (0) ** ACEType: &h0
29367 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29368 18:43:03 (0) ** ACEFlags: &h0
29369 18:43:03 (0) ** ACEMask: &h1F
29370 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29371 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29372 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29373 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29374 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29375 18:43:03 (0) **
29376 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29377 18:43:03 (0) ** Removing default security will cause some operations to fail!
29378 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29379 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29380 18:43:03 (0) **
29381 18:43:03 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
29382 18:43:03 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
29383 18:43:03 (0) ** - REMOVED ACE:
29384 18:43:03 (0) ** ACEType: &h0
29385 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29386 18:43:03 (0) ** ACEFlags: &h0
29387 18:43:03 (0) ** ACEMask: &hB
29388 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29389 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29390 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29391 18:43:03 (0) **
29392 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29393 18:43:03 (0) ** Removing default security will cause some operations to fail!
29394 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29395 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29396 18:43:03 (0) **
29397 18:43:03 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
29398 18:43:03 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
29399 18:43:03 (0) ** - REMOVED ACE:
29400 18:43:03 (0) ** ACEType: &h0
29401 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29402 18:43:03 (0) ** ACEFlags: &h0
29403 18:43:03 (0) ** ACEMask: &h1F
29404 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29405 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29406 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29407 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29408 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29409 18:43:03 (0) **
29410 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29411 18:43:03 (0) ** Removing default security will cause some operations to fail!
29412 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29413 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29414 18:43:03 (0) **
29415 18:43:03 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
29416 18:43:03 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
29417 18:43:03 (0) ** - REMOVED ACE:
29418 18:43:03 (0) ** ACEType: &h0
29419 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29420 18:43:03 (0) ** ACEFlags: &h0
29421 18:43:03 (0) ** ACEMask: &h1F
29422 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29423 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29424 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29425 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29426 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29427 18:43:03 (0) **
29428 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29429 18:43:03 (0) ** Removing default security will cause some operations to fail!
29430 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29431 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29432 18:43:03 (0) **
29433 18:43:03 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
29434 18:43:03 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
29435 18:43:03 (0) ** - REMOVED ACE:
29436 18:43:03 (0) ** ACEType: &h0
29437 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29438 18:43:03 (0) ** ACEFlags: &h0
29439 18:43:03 (0) ** ACEMask: &h1F
29440 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29441 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29442 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29443 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29444 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29445 18:43:03 (0) **
29446 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29447 18:43:03 (0) ** Removing default security will cause some operations to fail!
29448 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29449 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29450 18:43:03 (0) **
29451 18:43:03 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
29452 18:43:03 (1) !! ERROR: Default trustee 'NT AUTHORITY\NETWORK SERVICE' has been REMOVED!
29453 18:43:03 (0) ** - REMOVED ACE:
29454 18:43:03 (0) ** ACEType: &h0
29455 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29456 18:43:03 (0) ** ACEFlags: &h0
29457 18:43:03 (0) ** ACEMask: &h1F
29458 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29459 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29460 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29461 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29462 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29463 18:43:03 (0) **
29464 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29465 18:43:03 (0) ** Removing default security will cause some operations to fail!
29466 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29467 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29468 18:43:03 (0) **
29469 18:43:03 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
29470 18:43:03 (1) !! ERROR: Default trustee 'NT AUTHORITY\LOCAL SERVICE' has been REMOVED!
29471 18:43:03 (0) ** - REMOVED ACE:
29472 18:43:03 (0) ** ACEType: &h0
29473 18:43:03 (0) ** ACCESS_ALLOWED_ACE_TYPE
29474 18:43:03 (0) ** ACEFlags: &h0
29475 18:43:03 (0) ** ACEMask: &h1F
29476 18:43:03 (0) ** DCOM_RIGHT_EXECUTE
29477 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
29478 18:43:03 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
29479 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
29480 18:43:03 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
29481 18:43:03 (0) **
29482 18:43:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
29483 18:43:03 (0) ** Removing default security will cause some operations to fail!
29484 18:43:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
29485 18:43:03 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
29486 18:43:03 (0) **
29487 18:43:03 (0) **
29488 18:43:03 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
29489 18:43:03 (0) ** DCOM security error(s) detected: .................................................................................... 14.
29490 18:43:03 (0) ** WMI security warning(s) detected: ................................................................................... 0.
29491 18:43:03 (0) ** WMI security error(s) detected: ..................................................................................... 0.
29492 18:43:03 (0) **
29493 18:43:03 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
29494 18:43:03 (0) ** Overall WMI security status: ........................................................................................ OK.
29495 18:43:03 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
29496 18:43:03 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 1.
29497 18:43:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
29498 18:43:03 (0) ** 'select * from MSFT_SCMEventLogEvent'
29499 18:43:03 (0) **
29500 18:43:03 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
29501 18:43:03 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 8 ERROR(S)!
29502 18:43:03 (0) ** - ROOT/CIMV2/MDM/DMMAP, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29503 18:43:03 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29504 18:43:03 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29505 18:43:03 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29506 18:43:03 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29507 18:43:03 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29508 18:43:03 (0) ** - ROOT/PEH, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29509 18:43:03 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29510 18:43:03 (0) **
29511 18:43:03 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 11 ERROR(S)!
29512 18:43:03 (0) ** - ROOT/CIMV2/MDM/DMMAP, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29513 18:43:03 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29514 18:43:03 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29515 18:43:03 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29516 18:43:03 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29517 18:43:03 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29518 18:43:03 (0) ** - ROOT/PEH, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29519 18:43:03 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29520 18:43:03 (0) ** - Root/nap, 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found.
29521 18:43:03 (0) ** - Root/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29522 18:43:03 (0) ** - Root/aspnet, 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found.
29523 18:43:03 (0) **
29524 18:43:03 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 39 ERROR(S)!
29525 18:43:03 (0) ** - Root, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29526 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29527 18:43:03 (0) ** - ROOT/SUBSCRIPTION, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29528 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29529 18:43:03 (0) ** - ROOT/DEFAULT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29530 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29531 18:43:03 (0) ** - ROOT/CIMV2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29532 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29533 18:43:03 (0) ** - ROOT/CIMV2/MDM, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29534 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29535 18:43:03 (0) ** - ROOT/CIMV2/SECURITY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29536 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29537 18:43:03 (0) ** - ROOT/CIMV2/POWER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29538 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29539 18:43:03 (0) ** - ROOT/CIMV2/APPLICATIONS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29540 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29541 18:43:03 (0) ** - ROOT/CIMV2/APPLICATIONS/GAMES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29542 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29543 18:43:03 (0) ** - ROOT/MSDTC, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29544 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29545 18:43:03 (0) ** - ROOT/CLI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29546 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29547 18:43:03 (0) ** - ROOT/SECURITYCENTER2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29548 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29549 18:43:03 (0) ** - ROOT/RSOP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29550 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29551 18:43:03 (0) ** - ROOT/STANDARDCIMV2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29552 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29553 18:43:03 (0) ** - ROOT/WMI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29554 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29555 18:43:03 (0) ** - ROOT/DIRECTORY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29556 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29557 18:43:03 (0) ** - ROOT/DIRECTORY/LDAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29558 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29559 18:43:03 (0) ** - ROOT/INTEROP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29560 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29561 18:43:03 (0) ** - ROOT/HARDWARE, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29562 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29563 18:43:03 (0) ** - ROOT/SECURITYCENTER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29564 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29565 18:43:03 (0) ** - Root/CIMV2, Win32_FloppyDrive, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29566 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29567 18:43:03 (0) ** - Root/CIMV2, Win32_FloppyController, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29568 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29569 18:43:03 (0) ** - Root/CIMV2, Win32_TerminalService, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29570 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29571 18:43:03 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServicesSession, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29572 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29573 18:43:03 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServicesSession, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29574 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29575 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29576 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29577 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheHostedCacheServerSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29578 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29579 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheNetworkSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29580 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29581 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheContentServerSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29582 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29583 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheClientSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29584 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29585 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheStatus, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29586 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29587 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29588 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29589 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheSecondaryCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29590 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29591 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheDataCacheExtension, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29592 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29593 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCachePrimaryCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29594 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29595 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheDataCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29596 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29597 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheHashCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29598 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29599 18:43:03 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheOrchestrator, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29600 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29601 18:43:03 (0) ** - Root/WMI, Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
29602 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29603 18:43:03 (0) **
29604 18:43:03 (0) ** WMI MOF representations: ............................................................................................ OK.
29605 18:43:03 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
29606 18:43:03 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 11 ERROR(S)!
29607 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'MSFT_NetAdapterSettingData', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29608 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29609 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'CIM_ProtocolEndpoint', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29610 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29611 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'CIM_SecurityAssociationEndpoint', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29612 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29613 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'CIM_IPsecSAEndpoint', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29614 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29615 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'CIM_IKEAction', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29616 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29617 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'MSFT_NetIKEAuthSet', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29618 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29619 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'MSFT_NetIKECryptoSet', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29620 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29621 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'CIM_PolicyRule', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29622 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29623 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'CIM_SARule', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29624 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29625 18:43:03 (0) ** - ROOT/STANDARDCIMV2, InstancesOfAsync, 'MSFT_NetSARule', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29626 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29627 18:43:03 (0) ** - ROOT/WMI, InstancesOfAsync, 'MSMouse', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
29628 18:43:03 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
29629 18:43:03 (0) **
29630 18:43:03 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
29631 18:43:03 (1) !! ERROR: WMI GET VALUE operation errors reported: ..................................................................... 1 ERROR(S)!
29632 18:43:03 (0) ** - Root/CIMV2, Instance: Win32_Service='WSCSVC', Property: Displayname='Centre de sécurité' (Expected default='Security Center').
29633 18:43:03 (0) **
29634 18:43:03 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
29635 18:43:03 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
29636 18:43:03 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
29637 18:43:03 (0) ** WMI static instances retrieved: ..................................................................................... 1904.
29638 18:43:03 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
29639 18:43:03 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
29640 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29641 18:43:03 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
29642 18:43:03 (0) ** DCOM: ............................................................................................................. 0.
29643 18:43:03 (0) ** WINMGMT: .......................................................................................................... 0.
29644 18:43:03 (0) ** WMIADAPTER: ....................................................................................................... 0.
29645 18:43:03 (0) **
29646 18:43:03 (0) ** # of additional Event Log events AFTER WMIDiag execution:
29647 18:43:03 (0) ** DCOM: ............................................................................................................. 0.
29648 18:43:03 (0) ** WINMGMT: .......................................................................................................... 0.
29649 18:43:03 (0) ** WMIADAPTER: ....................................................................................................... 0.
29650 18:43:03 (0) **
29651 18:43:03 (0) ** 48 error(s) 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action
29652 18:43:03 (0) ** => This error is typically due to insufficient or restricted permissions in the examined system.
29653 18:43:03 (0) ** => ENSURE you are a Full Administrator of the examined system, if the WMI provider or the
29654 18:43:03 (0) ** WMI system security do not enforce any restrictions.
29655 18:43:03 (0) **
29656 18:43:03 (0) **
29657 18:43:03 (0) ** 2 error(s) 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found
29658 18:43:03 (0) **
29659 18:43:03 (0) ** 19 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
29660 18:43:03 (0) ** => This error is typically a WMI error. This WMI error is due to:
29661 18:43:03 (0) ** - a missing WMI class definition or object.
29662 18:43:03 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
29663 18:43:03 (0) ** You can correct the missing class definitions by:
29664 18:43:03 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
29665 18:43:03 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
29666 18:43:03 (0) ** (This list can be built on a similar and working WMI Windows installation)
29667 18:43:03 (0) ** The following command line must be used:
29668 18:43:03 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
29669 18:43:03 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
29670 18:43:03 (0) ** with WMI by starting the ADAP process.
29671 18:43:03 (0) ** - a WMI repository corruption.
29672 18:43:03 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
29673 18:43:03 (0) ** to validate the WMI repository operations.
29674 18:43:03 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
29675 18:43:03 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use:
29676 18:43:03 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
29677 18:43:03 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
29678 18:43:03 (0) ** the WMI repository must be reconstructed.
29679 18:43:03 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
29680 18:43:03 (0) ** otherwise some applications may fail after the reconstruction.
29681 18:43:03 (0) ** This can be achieved with the following command:
29682 18:43:03 (0) ** i.e. 'WMIDiag ShowMOFErrors'
29683 18:43:03 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
29684 18:43:03 (0) ** ALL fixes previously mentioned.
29685 18:43:03 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
29686 18:43:03 (0) **
29687 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29688 18:43:03 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 1 KEY(S)!
29689 18:43:03 (2) !! WARNING: Unexpected registry key value:
29690 18:43:03 (0) ** - Current: HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\ImagePath (REG_EXPAND_SZ) -> %systemroot%\system32\svchost.exe -k netsvcs -p
29691 18:43:03 (0) ** - Expected: HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\ImagePath (REG_EXPAND_SZ) -> %systemroot%\system32\svchost.exe -k netsvcs
29692 18:43:03 (0) ** From the command line, the registry configuration can be corrected with the following command:
29693 18:43:03 (0) **
29694 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29695 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29696 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29697 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29698 18:43:03 (0) **
29699 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29700 18:43:03 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
29701 18:43:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
29702 18:43:03 (0) **
29703 18:43:03 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\GARRE\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN8.1_.CLI.RTM.64_MSI-GAETAN_2018.03.06_18.34.10.LOG' for details.
29704 18:43:03 (0) **
29705 18:43:03 (0) ** WMIDiag v2.2 ended on mardi 6 mars 2018 at 18:43 (W:167 E:435 S:1).
0
Réponse 2 / 2
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
6 mars 2018 à 21:27
Salut,

Pour voir ce qui tourne dans un premier temps :

Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).

Télécharge et lance le scan FRST,
Attendre la fin du scan, un message indique que l'analyse est terminée.

Trois rapports FRST seront générés :
  • FRST.txt
  • Shortcut.txt
  • Additionnal.txt


Envoie ces 3 rapports sur le site https://pjjoint.malekal.com/ afin de les partager.
En retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.


0

Discussions similaires

CPU 100% en jeu
Yokoku -
Malekal_morte- -

8 réponses
Durée de Fonctionnement cpu
Theodose3 -
Aubin -

7 réponses
Processeur utilisé a 100% en jeu
Sayko1 -
Kiilla -

11 réponses
Task host windows, c'est quoi ?
mat -
bebegamin59 -

23 réponses
1Go en Mo ou 100 Mo en Go comment convertir
Utilisateur anonyme -
marie -

6 réponses