zoukankan      html  css  js  c++  java

  • 遭遇EventSystem服务问题

    现象:

      SEP11的系统栏图标消失,尝试启动时提示0x8007042c错误,一下服务无法启动

      Symantec Management Client(提示无法启动)

      System Event Notification Service(提示服务已删除,实际是存在的)

    解决过程:

      1.尝试卸载并重新安装SEP11,无效,现象依旧。

      2.通过google,追溯到了System Event Notification Service无法启动的解决办法是在安全模式下运行netsh windsock reset catalog,尝试后无效。

      3.修复LSP的方法也是无效的。

      4.继续搜索,找到了问题的根源是EventSystem(COM+ Event System)服务,查看服务管理器发现这个服务竟然不存在,网上有朋友提供了修复这个问题的方法,导入相关的注册表信息,尝试导入并重启后一切恢复正常。

    分析原因:

      机器早些天曾感染U盘病毒,最近则经常收到局域网内“检测到 [SID: 20386] MS RPCSS Attack”的提示。某种原因导致EventSystem服务被删除,依赖它的相关服务无法正常启动,通过导入注册表信息恢复后问题。

    附恢复EventSystem服务的注册表信息(保存为reg文件,导入即可):

    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventSystem]
"DisplayName"="@comres.dll,-2450"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"Description"="@comres.dll,-2451"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,e8,03,00,00,01,00,00,00,88,13,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventSystem\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnLoadOnStop"=dword:00000001

    验证环境:Windows7 U 32位简体中文版

    解决方法来源,可参考:http://fpangchina.blog.163.com/blog/static/2680084720106494954529/
  • 相关阅读:
    2017寒假作业二 汇总随笔
    2017寒假作业一
    UVA 1601 POJ 3523 The Morning after Halloween 【双向BFS】【A*】 (好题)
    UVA 10570 Meeting with Aliens 【枚举+结论题】
    UVA 1614 Hell on the Markets 【贪心+结论题】
    UVA 10603 Fill【BFS】
    Codevs 1288 埃及分数 【IDA*】
    UVA 11212 Editing a Book 【IDA*】
    UVA 11624 Fire! 【特殊BFS】
    UVA 1599 Ideal Path 【两次BFS+贪心】 (好题)
  • 原文地址:https://www.cnblogs.com/mandrake/p/1874963.html
Copyright © 2011-2022 走看看