Хост процесс windows rundll32 грузит процессор

Множество процессов вашего компьютера могут грузить CPU: одни делают это обоснованно, используя его мощность для обеспечения работы ресурсоёмких приложений, другие же впустую нагревают процессор, при этом некоторый софт может быть ещё и вредоносным. Одним из ярких примеров таких процессов является rundll32.exe, причины нагрузки ЦПУ которым, и возможные пути решения подобных ситуаций мы рассмотрим далее в статье.

Почему rundll32.exe нагружает систему

Сам процесс не является изначально шпионским (если не учитывать сбор данных о телеметрии самой Windows) или как-то иначе вредящим. Это системное приложение, отвечающее за несколько функций, связанных с поиском информации в интернете. Когда системе не удаётся найти запрашиваемую информацию в сети или же она подаётся некорректно, тогда приложение не прекращает поиск и начинает искать ещё усерднее, требуя всё больше и больше ресурсов для своей работы. Таково обобщённое описание корня проблем с данным процессом.

Причина 1: Предложение обновления до Windows 10

Чаще всего от нагрузки CPU упомянутым процессом страдают пользователи Windows 7, так как в «семёрке» rundll32 призван связываться с серверами Microsoft, в том числе для обеспечения возможности обновиться до Windows 10. Потому из-за многих сопутствующих причин вроде некачественного интернет-соединения или проблем на серверах компании, некорректных данных настроек процесс может работать неэффективно, впустую нагружая ЦПУ. Путей решения возникшей сложности два: обновление (переход) до Windows 10 и отключение соответствующей службы. Рекомендуем вам обновиться до «десятки», используя стандартные возможности Windows 7, или же сделать это вручную.

Подробнее: Устанавливаем Windows 7 вместо Windows 10

Если же вы не захотите обновляться, есть менее радикальное решение: нужно отключить работу службы, отвечающей за переход с одной версии ОС на другую. Для этого:

1. Откройте «Планировщик заданий» через поиск панели «Пуск». При возможности рекомендуем сделать «Запуск имени администратора» во избежание конфликтов с правами.


Картинка с сайта: lumpics.ru

Читайте также:
Запуск «Планировщика заданий» в ОС Windows 10
«Планировщик заданий» в Windows 7

2. Последовательно щёлкните левой кнопкой мыши по таким строкам: «Библиотека планировщика заданий» > «Windows» > «Application Experience» > «Microsoft Compatibility Appraiser» и вначале нажмите на «Завершить», а потом на «Отключить».


Картинка с сайта: lumpics.ru

3. Возможно, у вас затребуют подтверждение производимых изменений. В таком случае не переживайте и нажмите «Да», так как этот файл не является критически необходимым для ОС.


Картинка с сайта: lumpics.ru

Пусть вас не смущает, что алгоритм показан на примере Виндовс 10, для тех же самых действий в «семёрке» нет никаких существенных отличий и таким образом вы сможете избавиться от нагрузки CPU процессом rundll32.exe.

Читайте также: Изучаем «Планировщик заданий» в Windows 7

Примечание: 14.01.2020 компания Microsoft официально прекращает поддержку Windows 7, а значит, обновления оптимизации и безопасности больше не будут выходить для широкого круга пользователей, что поставит вашу работу под угрозу. В связи с этим обновление будет более рациональным решением в долгосрочной перспективе.

Причина 2: Поиск материалов для игр

Кроме вышеописанного процесса, rundll32 выполняет поиск сопроводительных материалов, таких как картинки и обложки для игр, установленных на вашем ПК, визуально заполняя «Games Explorer», то есть «Обозреватель игр». Поскольку он осуществляет поиск на тех же серверах Microsoft, многие игры попросту не будут найдены (вроде тех же Корсар или других образцов классики), но приложение будет упорно искать, используя всю мощность процессора. Чтобы прекратить бесплодные и ненужные попытки системы обогатить вашу библиотеку, действуйте так:

1. Кликните по кнопке «Пуск», а потом по «Игры».


Картинка с сайта: lumpics.ru

2. В открывшемся окне приложения «Обозреватель игр» перейдите в «Параметры».


Картинка с сайта: lumpics.ru

3. Переведите значение настроек «Обновление игр и новости» на «Не выполнять автоматическую проверку обновлений и новостей в Интернете, эти операции будут проводиться вручную». Дополнительно уберите галочки в «Параметры папки «Игры»» с «Загрузить сведение и картинки для установленных игр» и «Собирать сведения о последних играх», после чего нажмите кнопку «ОК».


Картинка с сайта: lumpics.ru

Для полной уверенности рекомендуем очистить значение строкового параметра «Games», находящегося в папке «ServiceLocation», с помощью системного приложения «Редактор реестра». По умолчанию там находится ссылка на Microsoft Store, и компьютер при переходе на неё начинает поиск сопроводительных материалов. Если её удалить, ПК не сможет обработать задачу, нагружая процессор.

Читайте также: Как открыть редактор реестра в Windows 7

Если вы пользуетесь Internet Explorer, имеет смысл посмотреть, не работает ли браузер в автономном режиме. Порой такой режим возвращает нагрузку через процесс rundll32.

Причина 3: Заражение вредоносными элементами

Как и любые другие системные файлы, rundll32 может быть использован вирусами для своих «тёмных» делишек. При этом сам процесс может быть условно «чистым», а вредоносное ПО захочет мимикрировать под него, ещё больше запутывая пользователя. Для того чтобы определить, стал ли процесс вирусом, или же последний просто присвоил его имя, нужно предпринять комплекс мер. Он включает участие сторонних программ, углублённо манипулирующих реестром, а также лечащих утилит и системных инструментов для восстановления повреждений.

Подробнее: Изучение и удаление процесса rundll32.exe

В рамках данной статьи были рассмотрены решения самых распространённых причин того, почему rundll32.exe грузит процессор, а это может быть как специфическое приложение перехода на Виндовс 10, так и чрезмерное желание системы найти вам сопроводительные материалы для игр, однако не стоит скидывать со счетов и вездесущие вирусы.

Наша группа в TelegramПолезные советы и помощь

Understanding Windows Host Process Rundll32 High CPU Usage

Introduction

The Windows operating system is a complex environment that relies on numerous processes to manage and carry out its various tasks. One such process is rundll32.exe, a legitimate Windows host process responsible for executing functions stored in dynamic link libraries (DLLs). While this process is essential for the smooth functioning of applications and the OS itself, users may occasionally encounter high CPU usage attributed to rundll32.exe. In this extensive article, we will delve into the reasons behind this high CPU usage, how to diagnose the issue, potential solutions, and tips for maintaining optimal system performance.

What is rundll32.exe?

rundll32.exe is a Microsoft Windows program that allows the execution of functions within DLL files. DLLs are libraries that contain reusable code, and rundll32.exe enables users to quickly execute this code from the command line or via scripts. Each instance of rundll32.exe run can execute a different function from a DLL, thereby allowing multiple tasks to occur simultaneously without launching an entire application.

While rundll32.exe is a legitimate process, it can sometimes be exploited by malware or buggy applications, leading to unusual system behavior, including high CPU usage.

Symptoms of High CPU Usage by rundll32.exe

Users may notice various symptoms that indicate high CPU usage due to rundll32.exe:

1. Slow Performance: Applications may respond slowly or freeze altogether.
2. Increased Fan Noise: The computer’s cooling fan may run at high speeds due to the elevated temperatures from increased CPU usage.
3. System Lag: Actions like opening files or switching between applications may be noticeably sluggish.
4. Task Manager Alerts: Monitoring system performance via Task Manager reveals higher-than-normal CPU usage associated with rundll32.exe.

Diagnosing High CPU Usage

To address high CPU usage related to rundll32.exe, it’s essential to first diagnose the underlying cause. Here’s how you can investigate further:

1. Task Manager Analysis:

   • Press Ctrl + Shift + Esc to open Task Manager.
   • Navigate to the ‘Processes’ tab.
   • Look for rundll32.exe and note its CPU usage levels.

2. Identify the Calling DLL:

   • In the Task Manager, right-click on rundll32.exe and select «Open file location» to verify its legitimacy. The file should be located in C:WindowsSystem32.
   • Another method to identify which DLL is being run is to use a more advanced tool like Process Explorer. This tool allows users to drill down into the specific command line that initiated rundll32.exe, providing valuable insight into its activity.

3. Check for Malware:

   • Some malware disguises itself as rundll32.exe. Running a thorough antivirus scan using trusted antivirus software can help detect any imposters.

4. Event Viewer:

   • Reviewing the Event Viewer can provide context about what may have triggered high CPU usage. Look for error notices or warnings around the time you started noticing performance issues.

5. Windows Resource Monitor:

   • The Resource Monitor tool (resmon.exe) gives a detailed overview of CPU consumption, memory usage, disk activity, and network performance, allowing users to identify the potentially problematic process more precisely.

Common Causes of High CPU Usage by rundll32.exe

Understanding the root causes can greatly assist in mitigating the issue. Let’s break down some common reasons:

1. Background Applications: Some third-party applications may leverage rundll32.exe to perform tasks in the background, leading to unusual CPU spikes. Utility software such as printer drivers or third-party security tools may continuously invoke this process.

2. Malware Infection: As previously mentioned, malicious software may masquerade as rundll32.exe, consuming CPU resources. Such infections often lead to unwanted consequences like data theft or system damage.

3. System Corruption: System files can become corrupted, causing processes to behave erratically. Corrupted DLL files can invoke rundll32.exe repeatedly, leading to performance issues.

4. Windows Features or Upgrades: Sometimes, Windows updates may cause rundll32.exe instances to increase its CPU usage, especially if those updates involve features that require enhanced processing power.

5. Specific Software Bugs: Some software programs might have bugs that lead to an infinite loop where rundll32.exe keeps trying to access a resource, thus consuming substantial CPU resources.

Solutions for High CPU Usage

Now that we’ve identified some potential causes, let’s explore steps users can take to resolve high CPU usage linked to rundll32.exe.

1. End the Task:

   • If rundll32.exe is consuming excessive CPU resources, right-click the process in Task Manager and choose «End Task». Note that this action may terminate some programs associated with the DLL in use.

2. Update or Reinstall Drivers:

   • If you suspect driver issues are invoking the process excessively, consider updating or reinstalling relevant drivers (for example, video or printer drivers).

3. Scan for Malware:

   • Perform a full system antivirus scan. Use reputable antivirus software, potentially coupled with specialized malware removal tools like Malwarebytes.

4. Check Windows Updates:

   • Ensure your operating system is up to date. Go to Settings > Update & Security > Windows Update and check for updates.

5. Run System File Checker (SFC):

   • The SFC tool can help repair corrupted system files. Run it by opening Command Prompt as an administrator and typing in sfc /scannow.

6. Perform a Clean Boot:

   • A clean boot narrows down the cause of high CPU usage by starting Windows with a minimal set of drivers and startup programs.
   • To perform a clean boot, type msconfig in the Windows search box, select the System Configuration tool, then go to the Services tab.
   • Check «Hide all Microsoft services», then click «Disable all». Finally, tab into the Startup tab and click «Open Task Manager» to disable all startup items.

7. Reinstall Affected Applications:

   • If you identify which application is causing rundll32.exe to spike in resource usage, consider reinstalling it. Ensure that you back up necessary data before proceeding.

8. Reset Windows:

   • If all else fails, consider resetting Windows as a last resort. Go to Settings > Update & Security > Recovery and select «Reset this PC» to initiate the process.

Prevention and Maintenance Tips

To prevent the issue from recurring and maintain optimal CPU performance on your Windows system, incorporate the following practices:

1. Keep Software Updated:

   • Regularly update your operating system and all installed software to the latest versions, including security patches and driver updates.

2. Limit Background Processes:

   • Be mindful of running applications in the background. Disable unnecessary startup programs to free up system resources.

3. Use Reliable Security Measures:

   • Invest in a trustworthy antivirus solution and keep it updated. Regularly scanning for malware can significantly reduce the presence of infections.

4. Monitor System Performance:

   • Periodically check resource usage through Task Manager or Resource Monitor. Spotting unusual behavior early can simplify troubleshooting.

5. Regular System Maintenance:

   • Perform routine system maintenance, including disk defragmentation and cleanup, to ensure optimal resource allocation throughout your machine.

6. Educate Yourself about Safe Browsing:

   • Many malware infections come from risky downloads and websites. Practice caution when clicking on links or downloading software.

Conclusion

High CPU usage attributed to rundll32.exe can serve as a frustrating hurdle for Windows users, but understanding this process and its underlying causes is central to troubleshooting the issue effectively. By applying diagnostic techniques and exploring solutions, users can mitigate the effects of this performance issue. Moreover, ongoing system maintenance and adhering to safe computing practices help prevent such occurrences in the future. With continued awareness and proactive management, users can maintain a healthy working environment on their Windows systems.

You are no doubt reading this article because you are facing problems of a high disk and CPU usage by those rundll32.exe processes. If you have been using Windows for a long time, you might have noticed that there are indeed millions of .dll processes. The extension DLL stands for Dynamic Link Library. They are used to store some common application logic which is in turn accessed by various other applications.

There is no way to directly launch a DLL file. The rundll32.exe is simply used to launch the functionality stored in shared .dll files. Do note that sometimes some malware infect machines by creating an alias of rundll32. You should scan your computer and check for any discrepancies.

Solution 1: Disabling items from Task Scheduler

If you are experiencing problems right after installing a Windows 10, it is possible that some Windows processes are causing the rundll32.exe to consume so much CPU and Disk usage. This was the case for the majority of the users but if it doesn’t work for you, you can always revert back the changes anytime using the same method.

1. Press Windows + S to launch the search bar and type “administrative tools” in the dialogue box. Open the first relevant application which comes forth.

1. Browse through the shortcuts and open “Task Scheduler”.

Картинка с сайта: appuals.com

1. Now navigate to the following file path using left navigation pane on the window.

Task Scheduler Library > Microsoft > Windows > Customer Experience Improvement

1. On the right side, you will see three items in this schedule. Click on “Consolidator” to open its properties. Navigate to the triggers tab. Here you will see a trigger which triggers the service every once in a while. Click it and select “Edit”.
   

   Картинка с сайта: appuals.com

1. Once the trigger properties are opened, navigate down to the advanced settings and uncheck the box “Enabled”. Click Ok to save changes and exit.
   

   Картинка с сайта: appuals.com

1. Now come back to the list of items. Right-click them one by one and select “Disabled” in each case. The name of the items are:

Consolidator

KernelCeip Task

UsbCeip

1. Close the scheduler, restart your computer and check if the usage got fixed.

Solution 2: Disabling Telemetry Services

Part of Microsoft’s user experience program is to gather data from your system and compare it to PC’s. This will then locate any discrepancies/changes which will be used to improve the user experience in the future. This feature is also known to cause several high disk/CPU usage problems. We can try disabling it and check if the problem still persists.

1. Press Windows + R to launch the Run application. Type “services.msc” in the dialogue box and press Enter.
2. After the services windows pop up, search for “Connected User Experience”. Double-click it to open its settings.

Картинка с сайта: appuals.com

1. Click “Stop” underneath service status. Then select “Startup type” and set the option to Disabled. Once you are done making changes, press Ok and exit.

1. Restart your computer and check if the problem got solved.

Solution 3: Renaming aienv.dll

aienv.dll is a library file of the Application Experience Inventory in Windows. It is a non-system process and originates from software/application installed on your computer. Many users reported that stopping the service or renaming it caused their issue of disk/CPU usage to get fixed. We can try the same. Follow this method at your own risk, it is advised that you create a Windows restore point in case anything goes wrong.

1. Open Windows Explorer and navigate to the following file path:

C:\Windows\System32

You can also copy the above address, press Windows + R, paste the address and press Enter to navigate to the location directly.

1. Once in the folder, search for “aeinv.dll”. You can also use the search bar present at the top right side of the screen.

Картинка с сайта: appuals.com

1. Once you have located the file, right-click it and select rename. Rename the file to “oldaeinv.dll”. Windows might require permission to rename this file. Make sure you are logged in as an administrator and click “Continue”.

1. If you are still having problems renaming the file, you can change ownership of the file. This will grant you rights to amend/rename it.
2. After renaming it, restart your computer and check your disk/CPU usage.

Solution 4: Uninstalling Google App Engine

Google App Engine is a web framework for developing/hosting web applications in Google-managed data centers. This application offers automatic scaling for web applications as the number of requests for the application increases. It has multiple supported languages such as Java, Ruby, Python and other JVM languages.

Many users reported that after the installation of Google App Engine, their disk/CPU usage increased dramatically through the process of rundll32.exe. You can try uninstalling the application and check if the problem still persists.

1. Press Windows + R, type “control panel” in the dialogue box and press Enter.
2. Once in the control panel, select the category of “Uninstall a program” under the heading of “Programs”.

1. Locate “Google App Engine”, right-click it and select “uninstall”.

1. After the uninstallation, restart your computer and check if the problem got solved. If it didn’t and you are still facing high CPU/disk usage, feel free to install the application back.

Solution 5: Checking through Process Explorer

Process Explorer is a tool by Microsoft which shows you information regarding which DLL’s have been opened/loaded along with all the details about which parent process started it. It gives you information regarding the resources consumed, CPU usage etc. We can try checking for processes using rundll32.exe and troubleshoot why they are using it.

1. Download Process Explorer from the official Microsoft website.
2. Once you have unzipped the package in an accessible directory, launch it. You will be greeted by a number of processes along with their details. Click on “File” at the top left and select “Show Details for All Processes”. You might require administrator privileges to perform this operation

1. Now locate the process “rundll32.exe”, right-click it and select Properties. Navigate to the Image tab. Here you will see the culprit i.e. which process is using the executable.

Картинка с сайта: appuals.com

1. Do a little digging and locate the application/service. You can easily disable as service using “services.msc” or uninstall an application like we did before.

Solution 6: Uninstalling Lenovo Dependency Package

If you are running a Lenovo, you must check if the uninstallation of Lenovo Dependency Package solves your problem. It is a set of services/drivers installed on a Lenovo machine to help the Metro application “Lenovo Settings”. By itself, the dependency package doesn’t do anything. As a precaution, create a restore point for your Windows before performing this solution.

1. Press Windows + R, type “control panel” in the dialogue box and press Enter.
2. Once in the control panel, select the category of “Uninstall a program” under the heading of “Programs”.

1. Locate “Lenovo Dependency Package”, right-click it and select “uninstall”.

1. After the uninstallation, restart your computer and check if the problem got solved. If it didn’t and you are still facing high CPU/disk usage, feel free to install the application back.

Solution 7: Disabling Inventory Collector

Inventory Collector is a tool by Microsoft which helps you examine your organization’s computers, identify the installed applications, devices, and system information, in order to collect a catalog of information. You can view this data using the Application Compatibility Manager. If you don’t use this feature, we can try disabling it and check if it brings any luck to our problem.

1. Press Windows + R, type “gpedit.msc” in the dialogue box and press Enter. This will launch the Group Policy Editor of your computer.
2. Once in the editor, navigate to the following path”

Computer Configuration > Administrative Templates > Windows Components > Application Compatibility

1. On the right side of the screen, you will see an entry “Turn off Inventory Collector”. Double-click it to open its properties.

Картинка с сайта: appuals.com

1. Once in the properties, select “Enabled”. Press Ok to save changes and exit. Restart your computer and check if the problem got fixed.

Solution 8: Amending ProgramDataUpdater

Many users reported that the task “ProgramDataUpdater” belonging to the category of Application Experience by Microsoft was causing high CPU/Disk usage on their computer. We have two options: either we can disable the task permanently or we can change the settings so the task gets automatically killed if it processes for more than a minute. We will guide you on how to disable the task completely first.

1. Press Windows + S to launch the search bar and type “task scheduler” in the dialogue box. Open the first result which comes forth.

1. Once in the scheduler, navigate to the following file path:

Microsoft > Windows > Application Experience

1. Once in the folder, you will see three entries on your right. Right click on “ProgramDataUpdater” and select Disabled.

1. Restart your computer and check if the problem at hand got solved.

Now we cover on how to set a time limit as discussed above. You can either set the limit or disable the task permanently as mentioned above.

1. Right-click on “ProgramDataUploader” and select “Properties”.

1. Navigate to the Settings tab. Make sure that the checkbox “Stop the task if it runs longer than” is checked. Edit the value in front of it and type “1 minute”. Press OK to save changes and exit.

Картинка с сайта: appuals.com

1. Restart your computer for the changes to be implemented and check if your disk/CPU usage got better. If it didn’t, feel free to revert the changes.

Solution 9: Booting in Safe Mode

By using the safe mode, we can determine whether the problem is due to any applications or the problem lies in the operating system. If the machine works perfectly in safe mode and the disk/CPU usage is normal, it means that some external application or service is causing the problem as all of these is disabled in safe mode.

1. Follow the instructions on our article on how to boot your computer in safe mode.
2. Once booted in the safe mode, open your task manager (by press Windows + R and typing “taskmgr”). Check if the disk usage and CPU usage are normal.

If there were no problems detected in the Safe mode, then you should perform a clean boot and determine which application/service is causing you the problem. If the problem still occurs in safe mode, it means the problem is with the operating system.This boot allows your PC to turn on with a minimal set of drivers and programs. Only the essential ones are enabled while all the other services are disabled.

1. Press Windows + R to launch the Run application. Type “msconfig” in the dialogue box and press Enter.

Картинка с сайта: appuals.com

1. Navigate to the Services tab present at the top of the screen. Check the line which says “Hide all Microsoft services”. Once you click this, all Microsoft related services will be disabled leaving behind all the third-party services.
2. Now click the “Disable all” button present at the near bottom at the left side of the window. All the third-party services will now be disabled.
3. Click Apply to save changes and exit.

Картинка с сайта: appuals.com

1. Now navigate to the Startup tab and click the option of “Open Task Manager”. You will be redirected to the task manager where all the applications/services which run when your computer starts will be listed.

Картинка с сайта: appuals.com

1. Select each service one by one and click “Disable” at the bottom right side of the window.

Картинка с сайта: appuals.com

1. Now restart your computer and check if the high CPU/Disk usage persists. If it does, it means there was an external program which was causing the problem. Search through your installed programs and determine which application is causing your problems. You can also run Microsoft Security Scanner to check for Malware or any other threat causing problems to your computer.

Solution 10: Restoring Windows from Restore Point (Only if the problem doesn’t get fixed in Safe Mode)

If the problem still persists in Safe Mode (Solution 9), we can try restoring your Windows to a previous restore point you created. Save all your work correctly and backup any important data. Do note that all the changes to your system configurations after the last restore point will be removed.

1. Press Windows + S to launch the start menu’s search bar. Type “restore” in the dialogue box and select the first program which comes in the result.

1. One in the restore settings, press System Restore present at the beginning of the window under the tab of System Protection.

Картинка с сайта: appuals.com

1. Now a wizard will open navigating you through all the steps to restore your system. Press Next and proceed with all the further instructions.

1. Now select the restore point from the list of options available. If you have more than one system restore points, they will be listed here.

Картинка с сайта: appuals.com

1. Now windows will confirm your actions for the last time before it starts the system restore process. Save all your work and backup important files just in case and proceed with the process.

You can learn more about system restore to gain more knowledge about what it does and what are the processes involved.

Добрый день.

Используем Kaspersky ES 11.9.0.351 + Агент администрирования, Kaspersky Security Center 13.2

На всех ПК с windows 10 21H2 (сборка 19044, 1806) идет нагрузка на ЦП с Rundll32 (скриншот 1). После удаления ES и перезагрузки, процесс исчезает. Агент  при этом установлен и не трогается.

На ПК с win 7 такой проблемы не наблюдается.

В итоге скорее всего проблему. При включении компьютера в сети, появляется в мониторинге активных приложений tmp файл(скриншота 2). Гугл говорит что это вирус Trojan.PWS.Steam.20607 https://vms.drweb.ru/virus/?i=24692849 . Распространился он у  кого стоит windows 10, server 2016. На других пк  не замечено. Если включить пк без сети, tmp файла нету. После включения в сети, он появляется. Гасится служба снятием задачи. Появляется после перезагрузки.  Каждый раз новый tmp файл

Есть предположение что в планировщике заданий что то весит. Но поиск пока безуспешный. В автозагрузке ничего не найдено. В livecd через dr web cureit и в ручную поиском тоже ниче не найдено.

Где то наверное в админке можно сделать чтоб поля были активными, но не пойму где. Правила приложения и последовательность запуска. скрин 3

1. Какие логи и какие отчеты еще предоставить для полной инфы? (откуда)

2. Куда копать и как вылечить. 

Картинка с сайта: forum.kasperskyclub.ru

Картинка с сайта: forum.kasperskyclub.ru

Картинка с сайта: forum.kasperskyclub.ru

CollectionLog-2022.07.14-12.48.zip