瑞星卡卡安全论坛
孤狼野豹 - 2007-2-14 10:43:00
昨天同事的机子出问题 U盘双击显示拒绝访问 去网上搜了下 发现是autorun.inf病毒作怪 按照网上的方法杀 发现隐藏文件不能显示 在文件夹选项里把显示隐藏文件夹打开 应用确定后马上又变回不显示 又去网上搜 按照网上的方法做了以下操作:
1、老方法 把以下
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
用记事本保存为reg文件 双击导入 无效
2、进入注册表 将HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL下的CheckValue子键的十六进制键值从0改为1。关闭注册表 无效
3、网上看到说“将CheckedValue键值修改为1。若还是没有用,隐藏文件还是没有显示,仔细观察发现病毒它有更狠的招数:它在修改注册表达到隐藏文件目的之后,为了稳妥起见,把本来有效的DWORD值CheckedValue删除掉,新建了一个无效的字符串值CheckedValue,并且把键值改为0(如图)!这样你以为把0改为1就会万事大吉,可是故障依旧如此!也就难怪出现以上的现象了。正确的方法是:先检查CheckedValue的类型是否为REG_DWORD,如果不是则删掉“李鬼”CheckedValue(例如在本“案例”中,应该把类型为REG_SZ的CheckedValue删除)。然后单击右键“新建”--〉“Dword值”,并命名为CheckedValue,然后修改它的键值为1,这样就可以选择“显示所有隐藏文件”。”
按照上面操作 根本就删除不掉CheckedValue 一删除刷新了马上自动建 自己也建不了新的值 会提示该值已存在 无效
4、看到有人说了这样一句:“无法删除键值的问题。 点右键,选权限。添加 everyone的完全控制权限就可以了。” 没弄明白 我试了下 我用的是ADMIN的帐户 权限上肯定是完全控制的啊
无奈啊 现在谁都不敢把U盘插到我那个同事的机子上了 可怜···
求助下大家 还有谁遇到过这种问题吗 能帮我解决下 感激不尽 谢谢!
新版小欧 - 2007-2-14 10:48:00
你最好是先杀毒,升级最新.这样你才能修改注册表的项.
你的系统应该是还在运行病毒程序,按网上的那些方法是可以恢复正常的.因为系统的这个功能在注册表中就这么一项.
扫个日志放上来看看
http://www.kztechs.com/sreng/sreng2.zip 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
孤狼野豹 - 2007-2-14 10:56:00
ok 日志马上贴上 因为是我同事的电脑 我得去装一下
他的电脑是内网 装的是MACKAFEE的杀软
tankk - 2007-2-14 11:05:00
病毒显然还在! 你不杀,怎么能修改成功呢??
现在先看看是什么家伙了
孤狼野豹 - 2007-2-14 11:08:00
刚刚拿我的U盘去他机子上装 拿回来就感染了病毒 郁闷
双击U盘拒绝访问 搜索找到一个隐藏文件 如图
附件:
8271572007214105837.bmp
孤狼野豹 - 2007-2-14 11:09:00
[CODE]
2007-02-14,10:52:02
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.]
<ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE> [Network Associates, Inc.]
<Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"> [Network Associates, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Royale.exe"> [Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield][Running/Auto Start]
<"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager][Running/Auto Start]
<"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AliIde / AliIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[NaiAvFilter1 / NaiAvFilter1][Running/Manual Start]
<system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1][Running/System Start]
<system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
[EntDrv51 / EntDrv51][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EntDrv51.sys><Network Associates, Inc>
孤狼野豹 - 2007-2-14 11:09:00
==================================
浏览器加载项
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 584][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 720][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 872][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 952][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1068][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1120][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1180][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[PID: 1484][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2249]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.955]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Network Associates\VirusScan\shext.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll] [Network Associates, Inc., 8.0.0.912]
[PID: 1556][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\ZLhp1020.DLL] [Zenographics, Inc., 5, 53, 3723, 0]
[C:\WINDOWS\system32\ZLM.dll] [Zenographics, Inc., 5, 50, 1416, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[PID: 1776][C:\WINDOWS\system32\soundmix.exe] [N/A, N/A]
[PID: 1800][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.2249]
[PID: 1820][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.2249]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.2249]
[PID: 1828][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.1.1.159]
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.1.1.159]
[C:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.1.1.159]
[C:\Program Files\Network Associates\Common Framework\NaiSign.dll] [Network Associates, Inc., 3.1.0.197]
[C:\Program Files\Network Associates\Common Framework\0409\UpdRes.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.1.1.184]
[PID: 1880][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe] [Network Associates, Inc., 2.0.275.0]
[PID: 1896][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\Graphics.dll] [Network Associates, Inc., 8.0.0.912]
[PID: 1892][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe] [Hewlett-Packard, 2, 0, 1, 26]
[PID: 1924][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\nailog.dll] [Network Associates, Inc., 3.1.1.159]
[C:\Program Files\Network Associates\Common Framework\naXML.dll] [Network Associates, Inc., 3.1.1.159]
[C:\Program Files\Network Associates\Common Framework\NaiSign.dll] [Network Associates, Inc., 3.1.0.197]
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] [Network Associates, Inc., 3.1.1.159]
[C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\Logging.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\InternetManager.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\naInet.dll] [Network Associates, Inc., 3.1.1.159]
[C:\Program Files\Network Associates\Common Framework\UserSpace.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\Management.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\Scheduler.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\Agent.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\naSPIPE.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\ListenServer.dll] [Network Associates, Inc., 3.1.1.184]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
孤狼野豹 - 2007-2-14 11:10:00
[PID: 900][C:\Program Files\Network Associates\VirusScan\Mcshield.exe] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\FTL.Dll] [Network Associates, Inc., 8.0.0.135]
[C:\Program Files\Network Associates\VirusScan\naiann.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\NaEventU.DLL] [Network Associates, Inc., 8.0.0.342]
[C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll] [Network Associates, Inc., 8.0.0.342]
[C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL] [McAfee, Inc., 5.1.00]
[C:\Program Files\Network Associates\VirusScan\EntSrv.Dll] [Network Associates, Inc, 8.0.0.277]
[PID: 936][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\SHUTIL.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naiwmain.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\naicondl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll] [McAfee, Inc., 8.0.0.152]
[C:\Program Files\Network Associates\VirusScan\BBCpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\coptcpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\EmCfgCpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\SEmalRes.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\RES04\Product.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\nvpcpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\ftcfg.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\OASCpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\vsodscpl.dll] [Network Associates, Inc., 8.0.0.912]
[C:\Program Files\Network Associates\VirusScan\ftl.dll] [Network Associates, Inc., 8.0.0.135]
[C:\Program Files\Network Associates\VirusScan\vsupdcpl.dll] [Network Associates, Inc., 8.0.0.912]
[PID: 1052][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe] [Network Associates, Inc., 3.1.1.184]
[C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll] [Network Associates, Inc., 3.1.1.159]
[C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll] [Network Associates, Inc., 3.1.1.159]
[C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll] [Network Associates, Inc., 3.1.1.159]
[C:\PROGRA~1\NETWOR~1\COMMON~1\NaiSign.dll] [Network Associates, Inc., 3.1.0.197]
[C:\PROGRA~1\NETWOR~1\COMMON~1\0409\AgentRes.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\AgentPlugin.dll] [Network Associates, Inc., 3.1.1.184]
[C:\Program Files\Network Associates\Common Framework\NAGSHR32.DLL] [Network Associates, Inc., 3.1.1.159]
[C:\Program Files\Network Associates\VirusScan\VsPlugin.dll] [Network Associates, Inc., 8.0.0.912]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[C:\Program Files\Network Associates\Common Framework\PCRPlug.dll] [Network Associates, Inc., 3.1.1.184]
[PID: 1624][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 2128][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][C:\CW400\zw\zw_app.exe] [N/A, N/A]
[C:\CW400\zw\PBVM70.dll] [Sybase Inc., 7.0.3.10077]
[C:\CW400\zw\libjcc.dll] [N/A, N/A]
[C:\CW400\zw\powerprn.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] [Zenographics, Inc., 5.60.709.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL] [Zenographics, Inc., 5, 60, 2629, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll] [Zenographics, Inc., 5, 60, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] [Zenographics, Inc., 6, 1, 524, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll] [Zenographics, Inc., 6, 1, 520, 1]
[C:\CW400\zw\pbdwe70.dll] [Sybase Inc., 7.0.3.10077]
[C:\CW400\zw\pbws32.dll] [N/A, N/A]
[C:\CW400\zw\MyGetMac.dll] [N/A, N/A]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL] [Zenographics, Inc., 0, 3, 3508, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\CW400\zw\zlib.dll] [N/A, 1.1.2]
[PID: 1504][C:\CW400\CA\CaClient\CAClient.exe] [N/A, N/A]
[C:\CW400\CA\CaClient\SSLEAY32.dll] [N/A, N/A]
[C:\CW400\CA\CaClient\LIBEAY32.dll] [N/A, N/A]
[PID: 3080][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[C:\Program Files\Network Associates\VirusScan\scriptproxy.dll] [Network Associates, Inc., 8.0.0.955]
[C:\Program Files\Network Associates\VirusScan\mytilus.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll] [Network Associates, Inc., 8.0.0.251]
[C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll] [McAfee, Inc., 5.1.00]
[C:\WINDOWS\system32\macromed\flash\Flash.ocx] [Macromedia, Inc., 7,0,19,0]
[PID: 1200][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] [Microsoft Corporation, 11.0.6359]
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] [Zenographics, Inc., 5.60.709.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL] [Zenographics, Inc., 5, 60, 2629, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll] [Zenographics, Inc., 5, 60, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] [Zenographics, Inc., 6, 1, 524, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll] [Zenographics, Inc., 6, 1, 520, 1]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL] [Zenographics, Inc., 0, 3, 3508, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[PID: 3940][C:\Documents and Settings\Administrator\桌面\sreng\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. [soundmix "%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
有问请答复 - 2007-2-14 11:11:00
http://free.ys168.com/?enuo8979其他目录,有个显示隐藏文件的注册表文件,下载后导入注册表
新版小欧 - 2007-2-14 11:13:00
.EXE Error. [soundmix "%1" %*]
汗~~~这个被修改了,问题严重了.
孤狼野豹 - 2007-2-14 11:18:00
| 引用: |
【有问请答复的贴子】http://free.ys168.com/?enuo8979其他目录,有个显示隐藏文件的注册表文件,下载后导入注册表
……………… |
显示隐藏文件的注册表文件 不就是我上面提到的那个吗
孤狼野豹 - 2007-2-14 11:24:00
| 引用: |
【新版小欧的贴子】.EXE Error. [soundmix "%1" %*]
汗~~~这个被修改了,问题严重了.
……………… |
我也看到了 那怎么办 难道又要重装系统吗
dodo66 - 2007-2-14 11:25:00
可疑
[C:\WINDOWS\system32\EntApi.dll] [Network Associates, Inc, 8.0.0.277]
dodo66 - 2007-2-14 11:27:00
[PID: 688][C:\CW400\zw\zw_app.exe] [N/A, N/A]
[C:\CW400\zw\PBVM70.dll] [Sybase Inc., 7.0.3.10077]
[C:\CW400\zw\libjcc.dll] [N/A, N/A]
[C:\CW400\zw\powerprn.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] [Zenographics, Inc., 5.60.709.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL] [Zenographics, Inc., 5, 60, 2629, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll] [Zenographics, Inc., 5, 60, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] [Zenographics, Inc., 6, 1, 524, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll] [Zenographics, Inc., 6, 1, 520, 1]
[C:\CW400\zw\pbdwe70.dll] [Sybase Inc., 7.0.3.10077]
[C:\CW400\zw\pbws32.dll] [N/A, N/A]
[C:\CW400\zw\MyGetMac.dll] [N/A, N/A]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL] [Zenographics, Inc., 0, 3, 3508, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\CW400\zw\zlib.dll] [N/A, 1.1.2]
[PID: 1504][C:\CW400\CA\CaClient\CAClient.exe] [N/A, N/A]
[C:\CW400\CA\CaClient\SSLEAY32.dll] [N/A, N/A]
[C:\CW400\CA\CaClient\LIBEAY32.dll] [N/A, N/A]
???
???
UFO不幸外人 - 2007-2-14 11:28:00
把下面的语句复制下来放在reg文件里面(建立记事本文件,修改扩展名为.reg),双击运行导入注册表中,问题即可解决。
REGEDIT4
(空一行)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
方法看看,别看楼上的,那个是一个正常文件
修复这个 我http://forum.ikaka.com/topic.asp?board=28&artid=8267923帖子里面有修复方法
删除 那个文件soundmix.exe
新版小欧 - 2007-2-14 11:31:00
如果没有重要文件,我是建议重装.
不过我的方法是,你先用瑞星的注册表恢复工具,记得在该机上使用时先要改后缀成com再使用.修改文件关联EXE
再在带网络安全模式下试安装瑞星或其它杀软升级并杀毒.我对你系统是中了什么病毒要不定,所以只能用这个办法了.
忘记名字?晕! - 2007-2-14 11:34:00
我晕啊,你有备份注册表嘛,没有吧??要不就现杀杀毒,再到网上下1个超级兔子,然后再在安全模式下整一整,再说拉~~
孤狼野豹 - 2007-2-14 12:10:00
先谢谢各位的帮忙了
| 引用: |
【UFO不幸外人的贴子】把下面的语句复制下来放在reg文件里面(建立记事本文件,修改扩展名为.reg),双击运行导入注册表中,问题即可解决。
REGEDIT4
(空一行)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
方法看看,别看楼上的,那个是一个正常文件
修复这个 我http://forum.ikaka.com/topic.asp?board=28&artid=8267923帖子里面有修复方法
删除 那个文件soundmix.exe
……………… |
这个方法我试了 没有用 照样是一改隐藏文件 它又自动改回来
重装系统也不行 这个病毒在每个跟目录下都有 只要一开D盘啊E盘啊 马上就又恢复了
现在又有个同事的电脑感染了 说了刚刚插了个U盘就这样了 搞的现在没人敢用U盘
看了下手工检测的文章
“看其余项目
第一个要看的就是autorun.inf这个项目,如果某个盘有此文件,或者每个盘都有,那么就说明你的计算机中了病毒,处理方法很多,这里介绍几种。当然处理的时候,要保证系统中没有病毒运行了。
第一种:利用WinRAR。具体方法:打开所感染的硬盘,删除对应文件。说明不会感染计算机,方便实用。
第二种:利用资源管理器。具体方法:在打开显示隐藏文件和系统文件的前提下,利用资源管理器,在资源管理器左面选择感染的盘符,右面删除对应文件。说明对于某些病毒又感染的危险。
第三种:……
前提是“当然处理的时候,要保证系统中没有病毒运行了。”
怎么保证系统中没有病毒运行?
最后发泄一下 郁闷死了 这个病毒是谁写的 烂××的
晓笑8东风 - 2007-2-14 12:20:00
重装系统之前 先在DOS下 用ATTRIB -R -H -S 删掉D,E,F,其它盘下面的隐藏文件..然后再安装系统
神秘的黑洞 - 2007-2-14 14:51:00
以下是“微软”官方解决方法,楼主可以采用其中的一部分(建议在安全模式下使用以下方法):
http://support.microsoft.com/kb/555640/zh-cn
重要说明:本文包含有关修改注册表的信息。修改注册表之前,一定要先进行备份,并且一定要知道在发生问题时如何还原注册表。有关如何备份、还原和编辑注册表的信息,请单击下面的文章编号,以查看Microsoft 知识库中相应的文章:
256986 (http://support.microsoft.com/kb/256986/zh-cn/)Microsoft Windows 注册表说明
警告:注册表编辑器使用不当可导致严重问题,可能需要重新安装操作系统。Microsoft 不能保证您可以解决因注册表编辑器使用不当而导致的问题。使用注册表编辑器需要您自担风险。
要解决本文描述的问题,请按照下列替代步骤操作
• 单击开始,单击运行,在打开框中键入notepad,然后单击确定。
• 将代码复制并粘贴到记事本中。
• 单击记事本的文件,单击另存为。
• 在另存为对话框中,在文件名框中键入Advanced.reg,保存类型列表中选择所有文件,然后单击保存。
• 双击Advanced.reg文件,完成注册表键值导入。
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"TaskbarSizeMove"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder]"Type"="group""Text"="@shell32.dll,-30498""Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\ 48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\ 00"HelpID"="shell.hlp#51140" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState]"Type"="checkbox""Text"="@shell32.dll,-30506""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="ClassicViewState""CheckedValue"=dword:00000000"UncheckedValue"=dword:00000001"DefaultValue"=dword:00000000"HelpID"="shell.hlp#51076" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer]"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideMyComputerIcons""Text"="@shell32.dll,-30497""Type"="checkbox""ValueName"="{21EC2020-3AEA-1069-A2DD-08002B30309D}""CheckedValue"=dword:00000000"UncheckedValue"=dword:00000001"DefaultValue"=dword:00000001"HKeyRoot"=dword:80000001"HelpID"="shell.hlp#51150" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess]"Type"="checkbox""Text"="@shell32.dll,-30507""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="SeparateProcess""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"DefaultValue"=dword:00000000"HelpID"="shell.hlp#51079" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess]@="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache]"Type"="checkbox""Text"="@shell32.dll,-30517""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="DisableThumbnailCache""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"DefaultValue"=dword:00000000"HelpID"="shell.hlp#51155" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip]"Type"="checkbox""Text"="@shell32.dll,-30514""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="FolderContentsInfoTip""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"DefaultValue"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree]"Type"="checkbox""Text"="@shell32.dll,-30511""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="FriendlyTree""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"HelpID"="shell.hlp#51149""DefaultValue"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]"Text"="@shell32.dll,-30499""Type"="group""Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\ 48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\ 00"HelpID"="shell.hlp#51131" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""Text"="@shell32.dll,-30501""Type"="radio""CheckedValue"=dword:00000002"ValueName"="Hidden""DefaultValue"=dword:00000002"HKeyRoot"=dword:80000001"HelpID"="shell.hlp#51104" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""Text"="@shell32.dll,-30500""Type"="radio""CheckedValue"=dword:00000001"ValueName"="Hidden""DefaultValue"=dword:00000002"HKeyRoot"=dword:80000001"HelpID"="shell.hlp#51105" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]"Type"="checkbox""Text"="@shell32.dll,-30503""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="HideFileExt""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"DefaultValue"=dword:00000001"HelpID"="shell.hlp#51101" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler]"Type"="checkbox""Text"="@shell32.dll,-30509""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="NoNetCrawling""CheckedValue"=dword:00000000"UncheckedValue"=dword:00000001"DefaultValue"=dword:00000000"HelpID"="shell.hlp#51147" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling]@="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers]"Type"="checkbox""Text"="@shell32.dll,-30513""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="PersistBrowsers""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"HelpID"="shell.hlp#51152""DefaultValue"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor]"Type"="checkbox""Text"="@shell32.dll,-30512""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="ShowCompColor""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"DefaultValue"=dword:00000001"HelpID"="shell.hlp#51130" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath]"Type"="checkbox""Text"="@shell32.dll,-30504""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState""ValueName"="FullPath""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"DefaultValue"=dword:00000000"HelpID"="shell.hlp#51100" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress]"Type"="checkbox""Text"="@shell32.dll,-30505""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CabinetState""ValueName"="FullPathAddress""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"DefaultValue"=dword:00000001"HelpID"="shell.hlp#51107" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip]"Type"="checkbox""Text"="@shell32.dll,-30502""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="ShowInfoTip""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"DefaultValue"=dword:00000001"HelpID"="shell.hlp#51102" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing]"Type"="checkbox""Text"="@shell32.dll,-30518""HKeyRoot"=dword:80000002"RegPath"="System\\CurrentControlSet\\Control\\LSA""ValueName"="ForceGuest""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"HelpID"="shell.hlp#51154""DefaultValue"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]"Type"="checkbox""Text"="@shell32.dll,-30508""WarningIfNotDefault"="@shell32.dll,-28964""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="ShowSuperHidden""CheckedValue"=dword:00000000"UncheckedValue"=dword:00000001"DefaultValue"=dword:00000000"HelpID"="shell.hlp#51103" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]@="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets]"Text"="管理 Web 页和文件夹对""Type"="group""Bitmap"="C:\\WINDOWS\\system32\\\\SHELL32.DLL,4""HelpID"="TBD" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO]"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer""Text"="作为单一文件显示和管理对""Type"="radio""CheckedValue"=dword:00000000"ValueName"="NoFileFolderConnection""DefaultValue"=dword:00000000"HKeyRoot"=dword:80000001"HelpID"="TBD" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE]"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer""Text"="显示两部分但是作为单一文件进行管理""Type"="radio""CheckedValue"=dword:00000002"ValueName"="NoFileFolderConnection""DefaultValue"=dword:00000000"HKeyRoot"=dword:80000001"HelpID"="TBD" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE]"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer""Text"="显示两部分并分别进行管理""Type"="radio""CheckedValue"=dword:00000001"ValueName"="NoFileFolderConnection""DefaultValue"=dword:00000000"HKeyRoot"=dword:80000001"HelpID"="TBD" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade]"Type"="checkbox""Text"="@shell32.dll,-30510""HKeyRoot"=dword:80000001"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced""ValueName"="WebViewBarricade""CheckedValue"=dword:00000001"UncheckedValue"=dword:00000000"HelpID"="shell.hlp#51148""DefaultValue"=dword:00000000
回到顶端
MORE INFORMATION
故障重现
在注册表编辑器中,找到并删除以下分支
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
这样"文件夹选项"中"查看"选项卡的"高级项目"部分将没有任何内容。
警告:删除前请妥善备份,并确保您已经掌握了恢复的正确方法。
同时,"高级项目"部分也可能存在部分选项丢失或设置无法生效的问题,例如:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
此注册表分支丢失,将造成"高级项目"中"隐藏文件和文件夹"选项丢失。
===汗!怎么贴上来这么乱,楼主还是直接从微软网站上复制吧!
1
© 2000 - 2026 Rising Corp. Ltd.