昨天同事的机子出问题  U盘双击显示拒绝访问  去网上搜了下  发现是autorun.inf病毒作怪  按照网上的方法杀  发现隐藏文件不能显示  在文件夹选项里把显示隐藏文件夹打开  应用确定后马上又变回不显示  又去网上搜    按照网上的方法做了以下操作：

1、老方法  把以下
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
用记事本保存为reg文件  双击导入  无效

2、进入注册表 将HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL下的CheckValue子键的十六进制键值从0改为1。关闭注册表    无效

3、网上看到说“将CheckedValue键值修改为1。若还是没有用，隐藏文件还是没有显示，仔细观察发现病毒它有更狠的招数：它在修改注册表达到隐藏文件目的之后，为了稳妥起见，把本来有效的DWORD值CheckedValue删除掉，新建了一个无效的字符串值CheckedValue，并且把键值改为0（如图）！这样你以为把0改为1就会万事大吉，可是故障依旧如此！也就难怪出现以上的现象了。正确的方法是：先检查CheckedValue的类型是否为REG_DWORD，如果不是则删掉“李鬼”CheckedValue（例如在本“案例”中，应该把类型为REG_SZ的CheckedValue删除）。然后单击右键“新建”--〉“Dword值”，并命名为CheckedValue，然后修改它的键值为1，这样就可以选择“显示所有隐藏文件”。”

按照上面操作  根本就删除不掉CheckedValue  一删除刷新了马上自动建  自己也建不了新的值  会提示该值已存在  无效


4、看到有人说了这样一句：“无法删除键值的问题。 点右键，选权限。添加 everyone的完全控制权限就可以了。”  没弄明白  我试了下  我用的是ADMIN的帐户  权限上肯定是完全控制的啊


无奈啊  现在谁都不敢把U盘插到我那个同事的机子上了  可怜···

求助下大家  还有谁遇到过这种问题吗    能帮我解决下  感激不尽  谢谢！

你最好是先杀毒,升级最新.这样你才能修改注册表的项.

你的系统应该是还在运行病毒程序,按网上的那些方法是可以恢复正常的.因为系统的这个功能在注册表中就这么一项.

扫个日志放上来看看

http://www.kztechs.com/sreng/sreng2.zip 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

ok  日志马上贴上  因为是我同事的电脑  我得去装一下
他的电脑是内网  装的是MACKAFEE的杀软

病毒显然还在!  你不杀,怎么能修改成功呢??

现在先看看是什么家伙了

刚刚拿我的U盘去他机子上装  拿回来就感染了病毒  郁闷
双击U盘拒绝访问  搜索找到一个隐藏文件  如图

[CODE]

2007-02-14,10:52:02

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey>  [Network Associates, Inc.]
    <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>  [Network Associates, Inc.]
    <Network Associates Error Reporting Service><"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe">  [Network Associates, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><"\Program Files\Logonui\Royale.exe">  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield][Running/Auto Start]
  <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager][Running/Auto Start]
  <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[NaiAvFilter1 / NaiAvFilter1][Running/Manual Start]
  <system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1][Running/System Start]
  <system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[EntDrv51 / EntDrv51][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EntDrv51.sys><Network Associates, Inc>

==================================
浏览器加载项
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 584][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 720][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 872][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 952][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 1068][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 1120][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 1180][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 1484][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  [Network Associates, Inc., 8.0.0.955]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll]  [McAfee, Inc., 5.1.00]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Network Associates\VirusScan\shext.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll]  [Network Associates, Inc., 8.0.0.912]
[PID: 1556][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\ZLhp1020.DLL]  [Zenographics, Inc., 5, 53, 3723, 0]
    [C:\WINDOWS\system32\ZLM.dll]  [Zenographics, Inc., 5, 50, 1416, 0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
    [C:\WINDOWS\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
    [C:\WINDOWS\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
[PID: 1776][C:\WINDOWS\system32\soundmix.exe]  [N/A, N/A]
[PID: 1800][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2249]
[PID: 1820][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2249]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.2249]
[PID: 1828][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\Program Files\Network Associates\Common Framework\NaiSign.dll]  [Network Associates, Inc., 3.1.0.197]
    [C:\Program Files\Network Associates\Common Framework\0409\UpdRes.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [Network Associates, Inc., 3.1.1.184]
[PID: 1880][C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe]  [Network Associates, Inc., 2.0.275.0]
[PID: 1896][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\naiwmain.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES04\shstat.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES04\Product.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES04\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\RES04\Shutilrc.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\Graphics.dll]  [Network Associates, Inc., 8.0.0.912]
[PID: 1892][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe]  [Hewlett-Packard, 2, 0, 1, 26]
[PID: 1924][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\Program Files\Network Associates\Common Framework\NaiSign.dll]  [Network Associates, Inc., 3.1.0.197]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\Logging.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\InternetManager.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\naInet.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\Program Files\Network Associates\Common Framework\UserSpace.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\Management.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\Scheduler.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\Agent.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\naSPIPE.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\ListenServer.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]

[PID: 900][C:\Program Files\Network Associates\VirusScan\Mcshield.exe]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\FTL.Dll]  [Network Associates, Inc., 8.0.0.135]
    [C:\Program Files\Network Associates\VirusScan\naiann.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\NaEventU.DLL]  [Network Associates, Inc., 8.0.0.342]
    [C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll]  [Network Associates, Inc., 8.0.0.342]
    [C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL]  [McAfee, Inc., 5.1.00]
    [C:\Program Files\Network Associates\VirusScan\EntSrv.Dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 936][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\naiwmain.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\naicondl.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll]  [McAfee, Inc., 8.0.0.152]
    [C:\Program Files\Network Associates\VirusScan\BBCpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\coptcpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\EmCfgCpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES04\SEmalRes.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES04\Product.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\nvpcpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\ftcfg.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\OASCpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\vsodscpl.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\ftl.dll]  [Network Associates, Inc., 8.0.0.135]
    [C:\Program Files\Network Associates\VirusScan\vsupdcpl.dll]  [Network Associates, Inc., 8.0.0.912]
[PID: 1052][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe]  [Network Associates, Inc., 3.1.1.184]
    [C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll]  [Network Associates, Inc., 3.1.1.159]
    [C:\PROGRA~1\NETWOR~1\COMMON~1\NaiSign.dll]  [Network Associates, Inc., 3.1.0.197]
    [C:\PROGRA~1\NETWOR~1\COMMON~1\0409\AgentRes.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\AgentPlugin.dll]  [Network Associates, Inc., 3.1.1.184]
    [C:\Program Files\Network Associates\Common Framework\NAGSHR32.DLL]  [Network Associates, Inc., 3.1.1.159]
    [C:\Program Files\Network Associates\VirusScan\VsPlugin.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
    [C:\Program Files\Network Associates\Common Framework\PCRPlug.dll]  [Network Associates, Inc., 3.1.1.184]
[PID: 1624][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 2128][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][C:\CW400\zw\zw_app.exe]  [N/A, N/A]
    [C:\CW400\zw\PBVM70.dll]  [Sybase Inc., 7.0.3.10077]
    [C:\CW400\zw\libjcc.dll]  [N/A, N/A]
    [C:\CW400\zw\powerprn.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL]  [Zenographics, Inc., 5.60.709.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL]  [Zenographics, Inc., 5, 60, 2629, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll]  [Zenographics, Inc., 5, 60, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL]  [Zenographics, Inc., 6, 1, 524, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll]  [Zenographics, Inc., 6, 1, 520, 1]
    [C:\CW400\zw\pbdwe70.dll]  [Sybase Inc., 7.0.3.10077]
    [C:\CW400\zw\pbws32.dll]  [N/A, N/A]
    [C:\CW400\zw\MyGetMac.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL]  [Zenographics, Inc., 0, 3, 3508, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
    [C:\CW400\zw\zlib.dll]  [N/A, 1.1.2]
[PID: 1504][C:\CW400\CA\CaClient\CAClient.exe]  [N/A, N/A]
    [C:\CW400\CA\CaClient\SSLEAY32.dll]  [N/A, N/A]
    [C:\CW400\CA\CaClient\LIBEAY32.dll]  [N/A, N/A]
[PID: 3080][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  [Network Associates, Inc., 8.0.0.955]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res04\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Common Files\Network Associates\Engine\mcscan32.dll]  [McAfee, Inc., 5.1.00]
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  [Macromedia, Inc., 7,0,19,0]
[PID: 1200][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  [Microsoft Corporation, 11.0.6359]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL]  [Zenographics, Inc., 5.60.709.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL]  [Zenographics, Inc., 5, 60, 2629, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll]  [Zenographics, Inc., 5, 60, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL]  [Zenographics, Inc., 6, 1, 524, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll]  [Zenographics, Inc., 6, 1, 520, 1]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL]  [Zenographics, Inc., 0, 3, 3508, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
[PID: 3940][C:\Documents and Settings\Administrator\桌面\sreng\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  Error. [soundmix "%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

http://free.ys168.com/?enuo8979其他目录，有个显示隐藏文件的注册表文件，下载后导入注册表

.EXE Error. [soundmix "%1" %*]


汗~~~这个被修改了,问题严重了.