winlogon.exe和msvcrt.dll 出错的问题

ayacn

最近经常系统会弹出一个对话框，说“winlogon.exe”出错还是什么的，然后一点确定就会蓝屏，显示硬件错误。后来不去理它，把它放在一边，过了5-10分钟之后Explorer.exe就会报错，错误模块 msvcrt.dll。上网看了一下，对照一看并不像是有病毒的样子。杀软用的正版NOD32...XP系统，破解以后通过微软验证。

系统错误日志：
描述:
错误应用程序 explorer.exe，版本 6.0.2900.2180，错误模块 msvcrt.dll，版本 7.0.2600.2180，错误地址 0x0000df9f。

有关更多信息，请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。
数据:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 65 78 70   ure  exp
0018: 6c 6f 72 65 72 2e 65 78   lorer.ex
0020: 65 20 36 2e 30 2e 32 39   e 6.0.29
0028: 30 30 2e 32 31 38 30 20   00.2180
0030: 69 6e 20 6d 73 76 63 72   in msvcr
0038: 74 2e 64 6c 6c 20 37 2e   t.dll 7.
0040: 30 2e 32 36 30 30 2e 32   0.2600.2
0048: 31 38 30 20 61 74 20 6f   180 at o
0050: 66 66 73 65 74 20 30 30   ffset 00
0058: 30 30 64 66 39 66 0d 0a   00df9f..

ayacn

2楼给出 HijackThis 的扫描日志





日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 12:24:50, on 2007-7-3
操作系统: Windows XP SP2 (WinNT 5.01.2600)
启动模式: 正常

正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\nt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\cFos\cFosDNT.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UPHClean\uphclean.exe
G:\eMule\emule.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\浙商证券天网2003\LiveUpdate.exe
C:\Program Files\Maxthon2\Maxthon.exe
D:\My Documents\Software\系统相关\HiJackThis_v2.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (未命名) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (没有文件)
O4 - HKLM\..\Run: [GTaskbar] D:\GTaskbar\Redraw.exe
O4 - HKLM\..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe
O4 - HKLM\..\Run: [nt] C:\Program Files\Microsoft IntelliPoint\nt.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\cFos\cFosDNT.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - 扩展右键菜单项: &Lookup in Bookshelf - res://C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\bsdef.dll/#1001
O8 - 扩展右键菜单项: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - 扩展右键菜单项: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - 扩展右键菜单项: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - 扩展右键菜单项: 使用迅雷下载 - D:\My Documents\Software\网络相关\Thunder\Program\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - D:\My Documents\Software\网络相关\Thunder\Program\getallurl.htm
O9 - Extra button: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: 写入博客 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 写入博客 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,0831,02
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} - http://download.synacast.com/market/weblive/install.CAB
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.jh.zj.cn/plugin/PowerPlr.ocx
O16 - DPF: {30CADB40-6FD7-433F-BF0D-4827CA7B5BDF} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/1b37/uploader2.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yamxbin.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wind ... e.cab?1142051036750
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} - https://password.qq.com/download/qqedit.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22E0} (CPrivacyEditCtrl Object) - https://account.qq.com/tenedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85241784-1711-4924-AD87-714445880CA2}: NameServer = 60.191.244.5 60.191.244.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C91F29A-D418-4F2F-A9F5-887B3E353C7F}: NameServer = 202.116.160.33,202.116.160.41
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - (没有文件)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
文件结束 - 6695 字节

luyi123

不知道楼主这个是原版xp sp2镜像还是类似番茄花园什么的？如果是番茄花园，请安装原版xp sp2
最简单最快速的方法就是重装
或者用故障恢复台恢复安装光盘里的文件，不过比较复杂，新手弄容易出错

ayacn

不是番茄的...因为信不过番茄

至于重装，暂时不想考虑，毕竟太多东西要备份了

love77

用WinPE的盘启动, 把这两个文件给删掉, 然后从Windows安装盘extract出来.

柏含

我也应该试试

ayacn

之前用过sfc命令...ms作用不大

JayZ

LZ这段时间的系统还是会出现Winlogon.exe和msvcrt.dll的问题吗？
出错对话框点击了之后是不是铁定会蓝屏？

ayacn

出错对话框点击了之后是铁定会蓝屏.

不过似乎问题不在这两个文件上，尝试将COM+ System Application服务设置为手动,Universal Plug and Play Device Host设置为禁用就没有再出问题了 .好奇怪啊...

JayZ

没有问题就好.^^