瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 新买的电脑,老是出现关机倒计时,Sservices.exe遇到问题需要关闭窗口
昏昏2009 - 2009-4-10 11:33:00
公司刚配置的办公电脑,每次使用一段时间(1-2小时左右)就会弹出Sservices.exe遇到问题需要关闭窗口,点调试、发送错误报告、不发送都会出现倒计时关机窗口。显示关机是由NT AUTHORITY\SYS引起的,消息:系统处理程序C:\WINDOWS\system32\services.exe意外终止,状态码为-1。系统现在将关机,并重新启动。
  补丁都已经打过了,用360也没有查出病毒来!!!!
  请高手指点!!!

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
帅哥阿福 - 2009-4-10 11:35:00
扫SRENG日志发这论坛来
下载SRENG2.6版工具:http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作,看这贴2楼:http://bbs.ikaka.com/showtopic-8442813.aspx
昏昏2009 - 2009-4-10 11:37:00
谢谢老大!
昏昏2009 - 2009-4-10 11:56:00
是把扫描报告发到这里来吗?
夲號ヱ被ジ盜 - 2009-4-10 12:37:00
在倒计时
开始-运行
输入
shutdown -a
蓝屏吗?
昏昏2009 - 2009-4-10 12:37:00
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RTHDCPL><RTHDCPL.EXE>  [Realtek Semiconductor Corp.]
    <Alcmtr><ALCMTR.EXE>  [Realtek Semiconductor Corp.]
    <360Safebox><"C:\Program Files\360\360safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><C:\Program Files\360\360Safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>  [(Verified)"Trend Micro, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\耐克球~1.SCR>  [Acme Photo Software]
昏昏2009 - 2009-4-10 12:38:00
不蓝屏,输入shutdown -a后过一会又出来了,不治本啊!
帅哥阿福 - 2009-4-10 12:41:00
日志作为附件发上来,不要粘贴。
要不你累,别人看着也累。
昏昏2009 - 2009-4-10 12:45:00
请给予检查!

附件: SREngLOG.log
夲號ヱ被ジ盜 - 2009-4-10 12:50:00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]

C:\WINDOWS\system32\nview.dll发上来
昏昏2009 - 2009-4-10 12:51:00
刚刚用阿福推荐的这个工具在"启动项目"-注册表中删除了一些没有版本号的文件!!!不知妥否,请阿福指正.
昏昏2009 - 2009-4-10 12:53:00
我发的这个附件你看可以不,你说的我看不懂啊!
夲號ヱ被ジ盜 - 2009-4-10 13:00:00
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
用这个能杀出什么东西?(这不是卡巴)
360只是个安全工具不是杀软
昏昏2009 - 2009-4-10 13:46:00
分析出原因了吗
昏昏2009 - 2009-4-10 14:20:00
:default8: :default8: :default8: :default8: :default8: :default8: :default8: :default8: :default8: :default8:
帅哥阿福 - 2009-4-10 14:44:00


引用:
原帖由 昏昏2009 于 2009-4-10 12:51:00 发表
刚刚用阿福推荐的这个工具在"启动项目"-注册表中删除了一些没有版本号的文件!!!不知妥否,请阿福指正.


具体是什么文件,最好发上来。
理论上没有签名或者签名为</NA>的都是可以清除的。
昏昏2009 - 2009-4-10 15:05:00
阿福,从我的日志报告中看出什么问题了没有啊,还是出现关机提示啊,烦!
帅哥阿福 - 2009-4-10 15:41:00
看不出有什么可疑进程。
services.exe原因倒计时关机,原来是阻击波问题,现在不晓得还管不管用。
安装KB905746;KB893756;KB899591补丁。
另外装上瑞星个人防火墙。
昏昏2009 - 2009-4-10 15:42:00
谢谢!
1
查看完整版本: 新买的电脑,老是出现关机倒计时,Sservices.exe遇到问题需要关闭窗口
© 2000 - 2025 Rising Corp. Ltd.