none
Windows Server 2008 每天下午7点整自动关机 RRS feed

  • 问题

  • 有工程师在吗,求助。

    环境:

    系统:Windows Server  Standard Service Pack2

    硬件:IBM X3650 M4

    故障:每天下午7点自动关机

    之前由于机房原因无法提供空调,所以设置过每天晚上9点自动关机的一个“计划任务”。现机房已经可以全天提供空调,所以无需要每天自动关机任务了,所以我就打开“计划任务”在里边把之前做过的任务删除了,但从那以后发现每天早上过来本台服务器还是关机状态。经查看日志发现每天的关机时间为下午7点(不是我设置的9点)。

    注:期间未安装过任务软件与驱动等。

    以下是关机关后各种日志:

    Application:

    Information 9/12/2014 8:11:12 AM Microsoft-Windows-EventSystem 4625 None The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds.  The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.
    Information 9/12/2014 8:11:12 AM Microsoft-Windows-Security-Licensing-SLC 900 None "The Software Licensing service is starting.
    "
    Information 9/12/2014 8:11:12 AM Microsoft-Windows-User Profiles Service 1531 None "The User Profile Service has started successfully. 

    "
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-CertificateServicesClient 2 None Certificate Services Client has been stopped.
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-Security-Licensing-SLC 901 None "The Software Licensing service is stopping.
    "
    Information 9/11/2014 7:00:05 PM MSSQL$MICROSOFT##SSEE 17147 (2) SQL Server is terminating because of a system shutdown. This is an informational message only. No user action is required.
    Information 9/11/2014 7:00:05 PM MSSQL$KAV_CS_ADMIN_KIT 17147 (2) SQL Server is terminating because of a system shutdown. This is an informational message only. No user action is required.
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-CertificateServicesClient 2 None Certificate Services Client has been stopped.
    Warning 9/11/2014 7:00:02 PM Microsoft-Windows-User Profiles Service 1530 None "Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

     DETAIL -
     1 user registry handles leaked from \Registry\User\S-1-5-21-3089481489-35528188-2763025094-500:
    Process 1112 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3089481489-35528188-2763025094-500\Printers\DevModePerUser
    "
    Information 9/11/2014 7:00:02 PM Desktop Window Manager 9009 None The Desktop Window Manager has exited with code (0x40010004)

    System

    Information 9/12/2014 8:10:23 AM Tcpip 4201 None The system detected that network adapter Loopback Pseudo-Interface 1 was connected to the network, and has initiated normal operation.
    Warning 9/12/2014 8:10:23 AM storflt 5 None The Virtual Storage Filter Driver is disabled through the registry. It is inactive for all disk drives.
    Information 9/12/2014 8:11:11 AM EventLog 6013 None The system uptime is 51 seconds.
    Information 9/12/2014 8:11:11 AM EventLog 6005 None The Event log service was started.
    Information 9/12/2014 8:11:11 AM EventLog 6009 None Microsoft (R) Windows (R) 6.00. 6002 Service Pack 2 Multiprocessor Free.
    Information 9/12/2014 8:10:23 AM Tcpip 4201 None The system detected that network adapter Loopback Pseudo-Interface 1 was connected to the network, and has initiated normal operation.
    Information 9/11/2014 7:00:06 PM EventLog 6006 None The Event log service was stopped.
    Information 9/11/2014 7:00:05 PM Service Control Manager 7036 None The Kaspersky Endpoint Security Service service entered the stopped state.
    Information 9/11/2014 7:00:05 PM Service Control Manager 7036 None The Group Policy Client service entered the stopped state.
    Information 9/11/2014 7:00:05 PM Service Control Manager 7036 None The Windows Update service entered the stopped state.
    Information 9/11/2014 7:00:01 PM Service Control Manager 7036 None The SKPoweroffService service entered the stopped state.
    Information 9/11/2014 7:00:01 PM USER32 1074 None "The process wininit.exe (127.0.0.1) has initiated the power off of computer FSVR2 on behalf of user NT AUTHORITY\SYSTEM for the following reason: Legacy API shutdown
     Reason Code: 0x80070000
     Shutdown Type: power off
     Comment: "
    Information 9/11/2014 7:00:00 PM Service Control Manager 7036 None The SKPoweroffService service entered the running state.
    Information 9/11/2014 6:24:00 PM Service Control Manager 7036 None The Adobe Flash Player Update Service service entered the stopped state.
    Information 9/11/2014 6:24:00 PM Service Control Manager 7036 None The Adobe Flash Player Update Service service entered the running state.

    DFS

    Additional Information:
    Volume: 9A33AD17-880D-4D63-8F9A-8D5E36433944"
    Information 9/12/2014 8:12:10 AM DFSR 1206 None The DFS Replication service successfully contacted domain controller DC.cits.xxx.XX to access configuration information.
    Information 9/12/2014 8:11:59 AM DFSR 6102 None The DFS Replication service has successfully registered the WMI provider.
    Information 9/12/2014 8:11:49 AM DFSR 1314 None "The DFS Replication service successfully configured the debug log files.
     
    Additional Information:
    Debug Log File Path: C:\Windows\debug"
    Information 9/12/2014 8:11:43 AM DFSR 1004 None The DFS Replication service has started.
    Information 9/12/2014 8:11:43 AM DFSR 1002 None The DFS Replication service is starting.
    Information 9/11/2014 7:00:05 PM DFSR 1006 None The DFS Replication service is stopping.
    Error 9/11/2014 2:19:13 PM DFSR 4004 None "The DFS Replication service stopped replication on the replicated folder at local path D:\IJP-DEPO.


    Additional Information:
    Error: 2 (The system cannot find the file specified.)
    Additional context of the error:  
    Replicated Folder Name: IJP_Share
    Replicated Folder ID: CBA3C394-8DA6-41E4-82DA-18F3642CF1E8
    Replication Group Name: cits.canon.com.cn\ijpshare\ijp_share
    Replication Group ID: 0FF8D291-A5FA-4BB2-9098-EB5C64418D30
    Member ID: 9AAB3FDF-5264-491B-A4AB-47ADA47346B8"
    Error 9/11/2014 10:19:12 AM DFSR 4004 None "The DFS Replication service stopped replication on the replicated folder at local path D:\IJP-DEPO.

    Taskscheduler

    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 118 Task triggered by computer startup "Task Scheduler launched ""{1FBC8188-56D7-4005-9561-DD9816F9F292}""  instance of task ""\Microsoft\Windows\MUI\LPRemove""  due to system startup."
    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 118 Task triggered by computer startup "Task Scheduler launched ""{E754C063-2417-4F55-BC9E-1AF8475F777C}""  instance of task ""\Microsoft\Windows\CertificateServicesClient\SystemTask""  due to system startup."
    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 118 Task triggered by computer startup "Task Scheduler launched ""{A134FD60-B3C7-463B-B48D-F71E26A970A3}""  instance of task ""\Microsoft\Windows\RAC\RACAgent""  due to system startup."
    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 400 Service started Task Scheduler service has started.
    Information 9/12/2014 8:11:13 AM Microsoft-Windows-TaskScheduler 700 Compatibility module started Task Scheduler service started Task Compatibility module.
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-18:NT AUTHORITY\System:Service:""  process."
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 301 Task engine properly shut down "Task Scheduler is shutting down Task Engine ""S-1-5-18:NT AUTHORITY\System:Service:"""
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 111 Task terminated "Task Scheduler terminated ""{B12B6DA7-90BC-4370-9742-5A0A6F605307}""  instance of the ""\Microsoft\Windows\CertificateServicesClient\SystemTask""  task."
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 330 Task stopping due to user request "Task Scheduler stopped instance ""{B12B6DA7-90BC-4370-9742-5A0A6F605307}""  of task ""\Microsoft\Windows\CertificateServicesClient\SystemTask""  as request by user ""CITS\FSVR2$"" ."
    Information 9/11/2014 7:00:05 PM Microsoft-Windows-TaskScheduler 402 Service is shutting down Task Scheduler service is shutting down.
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-21-3089481489-35528188-2763025094-500:CITS\administrator:Interactive:[2]""  process."
    Warning 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 126 Task restarted on failure "Task Scheduler failed to execute task ""\Microsoft\Windows\CertificateServicesClient\UserTask"" . Attempting to restart. Additional Data: Error Value: 2147943467."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-21-3089481489-35528188-2763025094-500:CITS\administrator:Interactive:[2]""  process."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 301 Task engine properly shut down "Task Scheduler is shutting down Task Engine ""S-1-5-21-3089481489-35528188-2763025094-500:CITS\administrator:Interactive:[2]"""
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 111 Task terminated "Task Scheduler terminated ""{3579D5E7-3276-4304-93EF-F8B0E916A326}""  instance of the ""\Microsoft\Windows\Multimedia\SystemSoundsService""  task."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 111 Task terminated "Task Scheduler terminated ""{E5554C83-1DF9-4B5B-81EF-AE2FC41583BE}""  instance of the ""\Microsoft\Windows\TextServicesFramework\MsCtfMonitor""  task."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 111 Task terminated "Task Scheduler terminated ""{483D3E57-CAFE-49C8-B848-6E7520508941}""  instance of the ""\Microsoft\Windows\CertificateServicesClient\UserTask""  task."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 330 Task stopping due to user request "Task Scheduler stopped instance ""{483D3E57-CAFE-49C8-B848-6E7520508941}""  of task ""\Microsoft\Windows\CertificateServicesClient\UserTask""  as request by user ""CITS\administrator"" ."
    Information 9/11/2014 7:00:01 PM Microsoft-Windows-TaskScheduler 330 Task stopping due to user request "Task Scheduler stopped instance ""{3579D5E7-3276-4304-93EF-F8B0E916A326}""  of task ""\Microsoft\Windows\Multimedia\SystemSoundsService""  as request by user ""CITS\administrator"" ."
    Information 9/11/2014 Microsoft-Windows-TaskScheduler 330 Task stopping due to user request "Task Scheduler stopped instance ""{E5554C83-1DF9-4B5B-81EF-AE2FC41583BE}""  of task ""\Microsoft\Windows\TextServicesFramework\MsCtfMonitor""  as request by user ""CITS\administrator"" ."
    Information 9/11/2014 6:34:42 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-19:NT AUTHORITY\LocalService:Service:""  process."
    Information 9/11/2014 6:34:42 PM Microsoft-Windows-TaskScheduler 318 Task engine properly shut down "Task Scheduler shutdown Task Engine ""S-1-5-19:NT AUTHORITY\LocalService:Service:""  process."
    Information 9/11/2014 6:34:42 PM Microsoft-Windows-TaskScheduler 301 Task engine properly shut down "Task Scheduler is shutting down Task Engine ""S-1-5-19:NT AUTHORITY\LocalService:Service:"""

    计划任务中,只看到Windows客户体验计划一项有个时间是19:00,其它都无这个时间的任务。

    “计划任务”中无自定义任务

     

    以上是与关机时间相关的一些日志,请高手帮我查看一下倒底是什么原因造成的。

    2014年9月16日 2:34

全部回复

  • 建議再用 autorun 檢查一下.

    Autoruns for Windows v12.03
    http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

    另外檢查一下是否為外部機器進行的遠程關機.


    Folding@Home

    2014年9月16日 11:40
  • 你好!

    另外从你的shutdown日志里我看到了event id 1074表明关机是因为“Legacy API shutdown”,这表明关机有可能是因为服务器里的Process调用旧的API函数用来请求shutdown,有可能是software调用了shutdown的命令。
    为了进一步调查问题,你可以审查服务器里的process和service,哪些是需要Admin权限的并为他们新建专门的账号。

    Best Regards,

    Anna Wang

    2014年9月17日 2:59
    版主
  • 您好,以下是我抓出来的系统信息,请帮我看一下,具体是哪个影响的:

    Services  服务
    [Adobe Flash Player Update Service / AdobeFlashPlayerUpdateSvc][Stopped/Manual Start]
      <C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe><Adobe Systems Incorporated>
    [Application Experience / AeLookupSvc][Running/Auto Start]
      <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\aelupsvc.dll><Microsoft Corporation>
    [Kaspersky Endpoint Security Service / avp][Running/Auto Start]
      <"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe" -r><Kaspersky Lab ZAO>
    [Base Filtering Engine / BFE][Running/Auto Start]
      <C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork-->%SystemRoot%\System32\bfe.dll><Microsoft Corporation>
    [Background Intelligent Transfer Service / BITS][Running/Auto Start]
      <C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\qmgr.dll><Microsoft Corporation>
    [Computer Browser / Browser][Stopped/Disabled]
      <C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\browser.dll><Microsoft Corporation>
    [Certificate Propagation / CertPropSvc][Running/Manual Start]
      <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\certprop.dll><Microsoft Corporation>
    [Offline Files / CscService][Stopped/Disabled]
      <C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\cscsvc.dll><Microsoft Corporation>
    [DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
      <C:\Windows\system32\svchost.exe -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
    [Kaspersky Activation Proxy / klactprx][Running/Auto Start]
      <D:\Kaspersky\klactprx.exe ><Kaspersky Lab ZAO>
    [Kaspersky Lab Administration Server / kladminserver][Running/Auto Start]
      <D:\Kaspersky\klserver.exe ><Kaspersky Lab ZAO>
    [Kaspersky Lab Network Agent / klnagent][Running/Auto Start]
      <D:\Kaspersky\klnagent.exe ><Kaspersky Lab ZAO>
    [Kaspersky Lab Web Server / klwebsrv][Running/Auto Start]
      <D:\Kaspersky\klcsweb.exe ><Kaspersky Lab ZAO>
    [Kaspersky Security Network proxy server / ksnproxy][Stopped/Manual Start]
      <D:\Kaspersky\ksnproxy.exe ><Kaspersky Lab ZAO>
    [KtmRm for Distributed Transaction Coordinator / KtmRm][Running/Auto Start]
      <C:\Windows\System32\svchost.exe -k NetworkService-->%systemroot%\system32\msdtckrm.dll><Microsoft Corporation>
    [Server / LanmanServer][Running/Auto Start]
      <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\srvsvc.dll><Microsoft Corporation>
    [Workstation / LanmanWorkstation][Running/Auto Start]
      <C:\Windows\System32\svchost.exe -k LocalService-->%SystemRoot%\System32\wkssvc.dll><Microsoft Corporation>
    [Link-Layer Topology Discovery Mapper / lltdsvc][Stopped/Manual Start]
      <C:\Windows\System32\svchost.exe -k LocalService-->%SystemRoot%\System32\lltdsvc.dll><Microsoft Corporation>
    [TCP/IP NetBIOS Helper / lmhosts][Running/Auto Start]
      <C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted-->%SystemRoot%\System32\lmhsvc.dll><Microsoft Corporation>
    [Multimedia Class Scheduler / MMCSS][Stopped/Manual Start]
      <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\mmcss.dll><Microsoft Corporation>
    [Windows Firewall / MpsSvc][Running/Auto Start]
      <C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork-->%SystemRoot%\system32\mpssvc.dll><Microsoft Corporation>
    ==================================

    Running Processes  正在运行的进程
    [PID: 1688 / NETWORK SERVICE][C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe]  [Microsoft Corporation, 2005.090.4035.00]
    [PID: 3108 / SYSTEM][D:\Kaspersky\klcsweb.exe]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcstr2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcsstd2.dll]  [Kaspersky Lab ZAO, 10.0.3375.0]
        [D:\Kaspersky\klcsrt2.dll]  [STLport Consulting, Inc., 5.2.1]
        [D:\Kaspersky\KLLIBEAY.dll]  [The OpenSSL Project, http://www.openssl.org/, 10.0.0.1]
        [D:\Kaspersky\KLSSLEAY.dll]  [The OpenSSL Project, http://www.openssl.org/, 10.0.0.1]
        [D:\Kaspersky\klcskca2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klsecur2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
    [PID: 1348 / SYSTEM][D:\Kaspersky\klactprx.exe]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcsrt2.dll]  [STLport Consulting, Inc., 5.2.1]
        [D:\Kaspersky\klcstr2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcsstd2.dll]  [Kaspersky Lab ZAO, 10.0.3375.0]
        [D:\Kaspersky\KLLIBEAY.dll]  [The OpenSSL Project, http://www.openssl.org/, 10.0.0.1]
        [D:\Kaspersky\KLSSLEAY.dll]  [The OpenSSL Project, http://www.openssl.org/, 10.0.0.1]
        [D:\Kaspersky\klcskca2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcurl.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klsecur2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
    [PID: 1964 / SYSTEM][D:\Kaspersky\klnagent.exe]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcsrt2.dll]  [STLport Consulting, Inc., 5.2.1]
        [D:\Kaspersky\klcsstd2.dll]  [Kaspersky Lab ZAO, 10.0.3375.0]
        [D:\Kaspersky\KLLIBEAY.dll]  [The OpenSSL Project, http://www.openssl.org/, 10.0.0.1]
        [D:\Kaspersky\fssync.dll]  [Kaspersky Lab, 8.1.0.6 built by: WinDDK]
        [D:\Kaspersky\klcsnagt.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcsagt.dll]  [Kaspersky Lab ZAO, 10.0.3375.0]
        [D:\Kaspersky\klcstr2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\KLSSLEAY.dll]  [The OpenSSL Project, http://www.openssl.org/, 10.0.0.1]
        [D:\Kaspersky\klcskca2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klsecur2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcssa.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\cleanapi.dll]  [Kaspersky Lab ZAO, 8.0.(172).0]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\AVPCon.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [D:\Kaspersky\klcsstd.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\prremote.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\prloader.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\service.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\nfio.ppl]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\winreg.ppl]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\app_core_legacy.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\key_value_storage.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\updater_meta.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\crypto_provider.dll]  [Kaspersky Lab ZAO, 1.0.0.316]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\am_meta.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\ac_meta.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\app_core_meta.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\platform_metainfo.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\modify_installation_task.ppl]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\ksn_meta.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\eka_meta.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\klifpp_meta.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\instrumental_meta.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\storage.dll]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\pxstub.ppl]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\params.ppl]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\thpimpl.ppl]  [Kaspersky Lab ZAO, 10.1.0.867]
        [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\report.ppl]  [Kaspersky Lab ZAO, 10.1.0.867]
    [PID: 1372 / Administrator][D:\Kaspersky\klserver.exe]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcsrt2.dll]  [STLport Consulting, Inc., 5.2.1]
        [D:\Kaspersky\klcsstd2.dll]  [Kaspersky Lab ZAO, 10.0.3375.0]
        [D:\Kaspersky\KLLIBEAY.dll]  [The OpenSSL Project, http://www.openssl.org/, 10.0.0.1]
        [D:\Kaspersky\klcssrv.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcsagt.dll]  [Kaspersky Lab ZAO, 10.0.3375.0]
        [D:\Kaspersky\klcstr2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\KLSSLEAY.dll]  [The OpenSSL Project, http://www.openssl.org/, 10.0.0.1]
        [D:\Kaspersky\klcskca2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcssrvp2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcurl.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klcssa.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\klsecur2.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\kldb_mssql.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
        [D:\Kaspersky\KLMailer.dll]  [Kaspersky Lab ZAO, 10.0.3361.0]
    [PID: 5968 / administrator][C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]  [Oracle Corporation, 2.1.67.1]
    [PID: 3564 / administrator][C:\Users\administrator.CITS\Desktop\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
    [PID: 5324 / administrator][C:\Users\administrator.CITS\Desktop\sreng2\SRE4f7db891.EXE]  [Smallfrogs Studio, 2.8.4.1331]
    ==================================
    File Associations  文件关联
    .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE  OK. ["%1" %*]
    .COM  OK. ["%1" %*]
    .PIF  OK. ["%1" %*]
    .REG  OK. [regedit.exe "%1"]
    .BAT  OK. ["%1" %*]
    .SCR  OK. ["%1" /S]
    .CHM  OK. ["%SystemRoot%\hh.exe" %1]
    .HLP  OK. [%SystemRoot%\winhlp32.exe %1]
    .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
    .JS   Error. [C:\Windows\SysWOW64\WScript.exe "%1" %*]
    .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
    ==================================
    Winsock Provider
    N/A
    ==================================
    Autorun.Inf
    N/A
    ==================================
    HOSTS File
    127.0.0.1       localhost
    ::1             localhost
    ==================================
    Process Privileges Scan
    N/A
    ==================================
    Scheduled Tasks  计划任务(全是系统自带)
    [Enabled] \\Adobe Flash Player Updater
            C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    [Disabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
            N/A
    [Enabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
            N/A
    [Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
            BthUdTask.exe $(Arg0)
    [Disabled] \Microsoft\Windows\CertificateServicesClient\SystemTask
            N/A
    [Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
            N/A
    [Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
            N/A
    [Disabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
            %SystemRoot%\System32\wsqmcons.exe
    [Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant
            %windir%\system32\ceipdata.exe
    [Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector
            %windir%\system32\ceiprole.exe
    [Enabled] \Microsoft\Windows\Defrag\ScheduledDefrag
            %windir%\system32\defrag.exe -c -i -g
    [Enabled] \Microsoft\Windows\MUI\LPRemove
            %windir%\system32\lpremove.exe
    [Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
            N/A
    [Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
            N/A
    [Enabled] \Microsoft\Windows\Server Manager\ServerManager
            %windir%\system32\ServerManagerLauncher.exe
    [Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
            rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
    [Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
            rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
    [Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
            sc.exe config upnphost start= auto
    [Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
            %windir%\system32\wermgr.exe -queuereporting
    [Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
            %windir%\system32\gatherWiredInfo.vbs
    ==================================

    2014年9月17日 5:19
  • 应该不会有外部的机器去关机,而且是每天的7点这么准时来远程关机。

    2014年9月17日 5:25