【难题】求帮助！如何修复WIN7的F8安全模式？扫描日志已经上

dotscan

怀疑是软件冲突

另外还要注意 异常的右键加载项  这也可能导致explorer.exe崩溃

syuknight

扫描日志最后部分

==================================
文件关联
.TXT  Error. [C:\Windows\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  Error. [C:\Windows\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
iKu Smart Network LSP over MSAFD Tcpip [TCP/IP]
    C:\Windows\system32\ikutm.dll(youku.com, iKu Smart Network Module)
iKu Smart Network LSP over MSAFD Tcpip [UDP/IP]
    C:\Windows\system32\ikutm.dll(youku.com, iKu Smart Network Module)
iKu Smart Network LSP
    C:\Windows\system32\ikutm.dll(youku.com, iKu Smart Network Module)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 activate.adobe.com

==================================
进程特权扫描
N/A

==================================
计划任务
[已启用] \\360开机加速延迟启动任务计划
        D:\应用软件\360安全卫士\SoftMgr\360speedld.exe -delayrun
[已启用] \\AdobeAAMUpdater-1.0-WIN-K6N1Q3KQ723-Administrator
        C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
[已禁用] \\ASC4_AutoCare
        C:\Program Files\IObit\Advanced SystemCare 4\AutoCare.exe /autorun
[已禁用] \\GoogleUpdateTaskUserS-1-5-21-2023436130-2724082344-61639673-500Core
        C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe /c
[已禁用] \\GoogleUpdateTaskUserS-1-5-21-2023436130-2724082344-61639673-500UA
        C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
[已启用] \\RealUpgradeScheduledTaskS-1-5-21-2023436130-2724082344-61639673-500
        C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
[已禁用] \\SogouImeMgr
        D:\应用软件\搜狗拼~1\SOGOUI~1\520~1.537\SGTool.exe --appid=pinyinrepair /S
[已禁用] \\TuneUpUtilities_Task_BkGndMaintenance2011
        C:\Program Files\TuneUp Utilities 2011\OneClick.exe $(Arg0)
[已启用] \\{18FCB0EA-6AD8-470D-B2FE-CA399E2D5EB9}
        C:\Windows\system32\pcalua.exe -a G:\Half-Life_2.EXE -d G:\
[已禁用] \\魔方2
        D:\应用软件\魔方\TweakCube2\TweakCube.exe /tray
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
        N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
        N/A
[已禁用] \Microsoft\Windows\AppID\PolicyConverter
        %windir%\system32\appidpolicyconverter.exe
[已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
        %windir%\system32\appidcertstorecheck.exe
[已启用] \Microsoft\Windows\Application Experience\AitAgent
        aitagent
[已启用] \Microsoft\Windows\Application Experience\ProgramDataUpdater
        %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
[已启用] \Microsoft\Windows\Autochk\Proxy
        %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
[已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
        BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
        N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
        N/A
[已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
        N/A
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
        %SystemRoot%\System32\wsqmcons.exe
[已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
        %windir%\system32\defrag.exe -c
[已启用] \Microsoft\Windows\Location\Notifications
        %windir%\System32\LocationNotifications.exe
[已启用] \Microsoft\Windows\Maintenance\WinSAT
        N/A
[已禁用] \Microsoft\Windows\Media Center\ActivateWindowsSearch
        %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
[已禁用] \Microsoft\Windows\Media Center\ConfigureInternetTimeService
        %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
[已禁用] \Microsoft\Windows\Media Center\DispatchRecoveryTasks
        %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\ehDRMInit
        %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[已禁用] \Microsoft\Windows\Media Center\InstallPlayReady
        %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\mcupdate
        %SystemRoot%\ehome\mcupdate $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\mcupdate_scheduled
        %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
[已禁用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\OCURActivate
        %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[已禁用] \Microsoft\Windows\Media Center\OCURDiscovery
        %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\PBDADiscovery
        %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PBDADiscoveryW1
        %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PBDADiscoveryW2
        %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PeriodicScanRetry
        %windir%\ehome\MCUpdate.exe -pscn 0
[已禁用] \Microsoft\Windows\Media Center\PvrRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\PvrRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\PvrScheduleTask
        %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\PvrScheduleTask
        %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\RecordingRestart
        %SystemRoot%\ehome\ehrec /RestartRecording
[已禁用] \Microsoft\Windows\Media Center\RegisterSearch
        %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
[已禁用] \Microsoft\Windows\Media Center\ReindexSearchRoot
        %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
[已禁用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
        %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已禁用] \Microsoft\Windows\Media Center\StartRecording
        %SystemRoot%\ehome\ehrec /StartRecording
[已禁用] \Microsoft\Windows\Media Center\UpdateRecordPath
        %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[已启用] \Microsoft\Windows\MobilePC\HotStart
        N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
        %windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
        N/A
[已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo
        %windir%\system32\gatherNetworkInfo.vbs
[已禁用] \Microsoft\Windows\Offline Files\Background Synchronization
        N/A
[已禁用] \Microsoft\Windows\Offline Files\Logon Synchronization
        N/A
[已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
        %SystemRoot%\System32\powercfg.exe -energy -auto
[已启用] \Microsoft\Windows\Ras\MobilityManager
        N/A
[已禁用] \Microsoft\Windows\SideShow\AutoWake
        N/A
[已启用] \Microsoft\Windows\SideShow\GadgetManager
        N/A
[已禁用] \Microsoft\Windows\SideShow\SessionAgent
        N/A
[已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
        N/A
[已启用] \Microsoft\Windows\SystemRestore\SR
        %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
        %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
        %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime
        %windir%\system32\sc.exe start w32time task_started
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
        sc.exe config upnphost start= auto
[已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask
        N/A
[已启用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
        "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
[已启用] \Microsoft\Windows\WindowsBackup\ConfigNotification
        %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
[已启用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader
        N/A
[已启用] \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
        N/A

==================================
Windows 安全更新检查
KB972813,  西班牙语语言包 - Windows 7 (KB972813)
KB972813,  希腊语语言包 - Windows 7 (KB972813)
KB972813,  立陶宛语语言包 - Windows 7 (KB972813)
KB972813,  阿拉伯语语言包 - Windows 7 (KB972813)
KB972813,  瑞典语语言包 - Windows 7 (KB972813)
KB972813,  德语语言包 - Windows 7 (KB972813)
KB972813,  斯洛伐克语语言包 - Windows 7 (KB972813)
KB972813,  乌克兰语语言包 - Windows 7 (KB972813)
KB972813,  繁体中文语言包 - Windows 7 (KB972813)
KB972813,  挪威语语言包 - Windows 7 (KB972813)
KB972813,  爱沙尼亚语语言包 - Windows 7 (KB972813)
KB972813,  捷克语语言包 - Windows 7 (KB972813)
KB972813,  斯洛文尼亚语语言包 - Windows 7 (KB972813)
KB972813,  日语语言包 - Windows 7 (KB972813)
KB972813,  法语语言包 - Windows 7 (KB972813)
KB972813,  英语语言包 - Windows 7 (KB972813)
KB972813,  罗马尼亚语语言包 - Windows 7 (KB972813)
KB972813,  波兰语语言包 - Windows 7 (KB972813)
KB972813,  泰语语言包 - Windows 7 (KB972813)
KB972813,  保加利亚语语言包 - Windows 7 (KB972813)
KB972813,  俄语语言包 - Windows 7 (KB972813)
KB972813,  克罗地亚语语言包 - Windows 7 (KB972813)
KB972813,  塞尔维亚语（拉丁语）语言包 - Windows 7 (KB972813)
KB972813,  葡萄牙语（葡萄牙）语言包 - Windows 7 (KB972813)
KB972813,  朝鲜语语言包 - Windows 7 (KB972813)
KB972813,  意大利语语言包 - Windows 7 (KB972813)
KB972813,  匈牙利语语言包 - Windows 7 (KB972813)
KB972813,  土耳其语语言包 - Windows 7 (KB972813)
KB972813,  丹麦语语言包 - Windows 7 (KB972813)
KB972813,  芬兰语语言包 - Windows 7 (KB972813)
KB972813,  拉脱维亚语语言包 - Windows 7 (KB972813)
KB972813,  希伯来语语言包 - Windows 7 (KB972813)
KB972813,  荷兰语语言包 - Windows 7 (KB972813)
KB972813,  葡萄牙语（巴西）语言包 - Windows 7 (KB972813)
KB2520039,  Windows Live 软件包 2011 的更新 (KB 2520039)
KB976932,  Windows 7 Service Pack 1 (KB976932)
KB2446708,  用于 Windows XP、Windows Server 2003、Windows Vista、Windows 7、Windows Server 2008 x86 的 Microsoft .NET Framework 4 安全更新程序 (KB2446708) MS11-028
KB2508958,  Microsoft Office 2007 system 更新 (KB2508958)
KB2509470,  Microsoft Office Outlook 2007 更新 (KB2509470)
KB2510061,  Microsoft Office InfoPath 2007 安全更新 (KB2510061) MS11-049
KB2478663,  用于 Windows XP、Windows Server 2003、Windows Vista、Windows 7、Windows Server 2008 x86 的 Microsoft .NET Framework 4 安全更新程序 (KB2478663) MS11-039
KB2538243,  Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package 的安全更新 (KB2538243) MS11-025
KB890830,  Windows 恶意软件删除工具 - 2011 年 6 月 (KB890830)

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

syuknight

zhou0197 发表于 2011-6-26 21:45
之前没有系统还原点？先试试金山急救箱，不行的话尝试找一个相同版本文件替换那个驱动……最好用sreng扫描 ...

无意义回复都弄好了，扫描日志已经上传，非常感谢你

zhou0197

syuknight 发表于 2011-6-27 19:15
无意义回复都弄好了，扫描日志已经上传，非常感谢你

1.日志很奇怪，所有系统进程的公司和版本都没有了，或许系统真的出现了什么问题……
2.c:\windows\system32\drivers\hostnt.sys这个驱动有人说是什么采集卡之类的？是不是你安装的？
3.驱动项有大量的xaudio，是什么？建议删除！
4.用sreng删除所有xaudio驱动项之后，尝试一下金山急救箱。

wty9076

用PowerToolV3.8的修复安全模式试试 http://bbs.kafan.cn/thread-675415-1-1.html