急求高手帮忙...
情况如题...
每天晚上7：30左右 跳出一个类似冲击波的框框 说services.exe意外终止，状态码为 -1073741819  倒计时60秒后重启...
以下是日志...
(不知道这个是不是日志)




[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)

日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 20:49:02, on 2007-10-30
操作系统: Windows XP SP2 (WinNT 5.01.2600)
启动模式: 正常

正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwstub.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\WebThunder\WebThunder.exe
F:\HA_HijackThisv2_PP\HiJackThis_v2.exe

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - E:\Program Files\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - 扩展右键菜单项: 使用Web迅雷下载 - E:\Program Files\WebThunder\GetUrl.htm
O8 - 扩展右键菜单项: 使用Web迅雷下载全部链接 - E:\Program Files\WebThunder\GetAllUrl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: 发送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 发送至 OneNote(amp;E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: 启动WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0C0E4CD2-59DF-48EF-8904-1A168D9A09B0} (ZSv1 Control) - http://maila.zj.com/FTPClient/QuarkFTPClient_gb.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193481522703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193131470078
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D4D140C-6035-459E-9AAF-5F485DF7CEC5}: NameServer = 202.101.172.35 202.101.172.47
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

启动列表报告， 2007-10-30, 下午 08:55:32
启动列表版本: 1.52.2
启动位置: F:\HA_HijackThisv2_PP\HiJackThis_v2.EXE
已检测到: Windows XP SP2 (WinNT 5.01.2600)
已检测到: Internet Explorer v7.00 (7.00.6000.16544)
* 使用默认选项
* 显示次要部分
==================================================

正在运行的进程:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwstub.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\WebThunder\WebThunder.exe
F:\HA_HijackThisv2_PP\HiJackThis_v2.exe

--------------------------------------------------

检查 Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

注册表自动运行条目:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Microsoft Pinyin IME Migration = C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
runeip = "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
RfwMain = "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
RavTask = "C:\Program Files\Rising\Rav\RavTask.exe" -system
PCSuiteTrayApplication = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

--------------------------------------------------

注册表自动运行条目:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

文件相关条目 -  .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\notepad.exe %1

--------------------------------------------------

列举激活设置残余路径:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

读取/运行键从C:\WINDOWS\WIN.INI:

load=*INI 部分未找到*
run=*INI 部分未找到*

读取/运行注册表键:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*没有发现注册表值*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*没有发现注册表值*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*没有发现注册表键*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*没有发现注册表键*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*没有发现注册表值*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*没有发现注册表值*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*没有发现注册表键*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*没有发现注册表键*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*没有发现注册表值*
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell 和屏幕保护程序关键来自C:\WINDOWS\SYSTEM.INI:

Shell=*INI 部分未找到*
SCRNSAVE.EXE=*INI 部分未找到*
drivers=*INI 部分未找到*

Shell 和屏幕保护注册表键:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\京剧脸~1.SCR
drivers=*没有发现注册表值*

策略 Shell 键:

HKCU\..\Policies: Shell=*没有发现注册表值*
HKLM\..\Policies: Shell=*没有发现注册表值*

--------------------------------------------------

检查 EXPLORER.EXE 实例:               

C:\WINDOWS\Explorer.exe: 存在！

C:\Explorer.exe: 不存在
C:\WINDOWS\Explorer\Explorer.exe: 不存在
C:\WINDOWS\System\Explorer.exe: 不存在
C:\WINDOWS\System32\Explorer.exe: 不存在
C:\WINDOWS\Command\Explorer.exe: 不存在
C:\WINDOWS\Fonts\Explorer.exe: 不存在

--------------------------------------------------

检查超级隐藏 Extensions:

.lnk: 隐藏！ (快捷方式图标: 有)
.pif: 隐藏！ (快捷方式图标: 有)
.exe: 没有隐藏
.com: 没有隐藏
.bat: 没有隐藏
.hta: 没有隐藏
.scr: 没有隐藏
.shs: 隐藏！
.shb: 隐藏！
.vbs: 没有隐藏
.vbe: 没有隐藏
.wsh: 没有隐藏
.scf: 隐藏！ (快捷方式图标: 没有！)
.url: 隐藏！ (快捷方式图标: 有)
.js: 没有隐藏
.jse: 没有隐藏

--------------------------------------------------

列举浏览器助手对象:

WebThunderBHO - E:\Program Files\WebThunder\WebThunderBHO_Now.dll - {00000AAA-A363-466E-BEF5-9BB68697AA7F}
(未命名) - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

--------------------------------------------------

列举下载程序文件:

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=58813

[ZSv1 Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ftp-gb.ocx
CODEBASE = http://maila.zj.com/FTPClient/QuarkFTPClient_gb.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193481522703

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193131470078

--------------------------------------------------

列举 Windows NT/2000/XP 服务

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HookUrl: \??\C:\Program Files\Rising\Rfw\HookUrl.sys (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Rising Proxy  Service: c:\program files\rising\rfw\rfwproxy.exe (autostart)
Rising Personal Firewall Service: c:\program files\rising\rfw\rfwsrv.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Rising Process Communication Center: "C:\Program Files\Rising\Rav\CCenter.exe" (autostart)
Rising RealTime Monitor: "C:\PROGRAM FILES\RISING\RAV\Ravmond.exe" (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
自动更新: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

列举 Windows NT 登录/登出脚本:
*没有能运行的脚本设置*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_iu14D2N.tmp|||C

--------------------------------------------------

列举 ShellServiceObjectDelayLoad 项目:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------

自个儿顶 - -//

下载arswp(Windows清理助手)清理下
http://www.arswp.com/download/arswp/arswp.rar
若无法解决

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREngPS.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改