不能显示隐藏文件,在文件夹选项中设置“显示所有文件”后会自动跳回“不显示隐藏文件”,现在已经没有办法显示全部文件了,隐藏文件都看不了了,有没有办法啊,晚上中过病毒,隐藏受保护的文件夹的选项的勾可以去掉,但也不会显示出来,也失效了,怎么办啊,救命版主


开始，运行，输入regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL，把CheckedValue改为1


改了。还是没用。
我把瑞星听诊信息传给你看一下。

未知家族病毒分析
扫描结果:
C:\WINDOWS\LSASS.EXE --> 与 Trojan.PSW.LMir 70%相似.
C:\WINDOWS\SYSTEM\ALGESTEIEBS.EXE --> 与 Trojan.PSW.FodOnline 60%相似.
C:\WINDOWS\SYSTEM\ALGESTEIYES.EXE --> 与 Trojan.PSW.FodOnline 60%相似.


系统活动进程
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ALGESTEIEBS.EXE
C:\WINDOWS\SYSTEM\ALGESTEIYES.EXE
C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\LSASS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8PIZ896V\RSDETECT[1].EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ToP = C:\WINDOWS\LSASS.EXE
internat.exe = INTERNAT.EXE
ScanRegistry = C:\WINDOWS\SCANREGW.EXE /AUTORUN
TaskMonitor = C:\WINDOWS\TASKMON.EXE
PCHealth = C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -S
SystemTray = SYSTRAY.EXE
LoadPowerProfile = RUNDLL32.EXE POWRPROF.DLL,LOADCURRENTPWRSCHEME
C-Media Mixer = C:\PROGRAM FILES\PCI AUDIO APPLICATIONS\MIXER.EXE /STARTUP
Syetwlyls = C:\WINDOWS\SYSTEM\ALGESTEIEBS.EXE
Syetwlysh = C:\WINDOWS\SYSTEM\ALGESTEIYES.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = RUNDLL32.EXE POWRPROF.DLL,LOADCURRENTPWRSCHEME
SchedulingAgent = MSTASK.EXE
*StateMgr = C:\WINDOWS\SYSTEM\RESTORE\STATEMGR.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

IE - BHO

Winsock SPI
MS.w95.spi.osp = C:\WINDOWS\SYSTEM\MSWSOSP.DLL
MS.w95.spi.tcp = C:\WINDOWS\SYSTEM\MSAFD.DLL
MS.w95.spi.udp = C:\WINDOWS\SYSTEM\MSAFD.DLL
MS.w95.spi.raw = C:\WINDOWS\SYSTEM\MSAFD.DLL
MS.w95.spi.rsvptcp = C:\WINDOWS\SYSTEM\RSVPSP.DLL
MS.w95.spi.rsvpudp = C:\WINDOWS\SYSTEM\RSVPSP.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
rt = C:\WINDOWS\SYSTEM32\DRIVERS\RT.SYS
WDMFS = C:\WINDOWS\SYSTEM32\DRIVERS\WDMFS.SYS
ATMARPC = C:\WINDOWS\SYSTEM\ATMARPC.SYS


[B]大哥：
    刚按你如下的意见搞了半天一点也没用啊？
到底这么回事啊？其中（3、删除木马文件（见附图））
我没看到图啊？ 



 
  ME的系统应该没有C:\WINDOWS\LSASS.exe的进程
你试着用第三方的管理器终止它看。

如果真是病毒，你看以下的帖子

http://forum.ikaka.com/topic.asp?board=28&artid=7828861


木马Trojan.Agent.awa的手工查杀流程：

2、结束木马进程C:\windows\LSASS.EXE。（请到www.27814939.ys168.com下载诺顿进程管理器终止C:\windows\LSASS.EXE的进程）
3、删除木马文件（见附图）
4、重启。清理注册表：
先将RegFix或SREng的后缀改为.com 或.bat，再运行之。（恢复HKEY_CLASSES_ROOT\.exe的键值）。（或到C:\WINDOWS找到regedit.exe，将其它改名为regedit.com）
展开：HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.exe\" %1"
展开：HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
将@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.exe\" %1"
展开：HKEY_CLASSES_ROOT\ftp\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.exe\" %1"
展开HKEY_CLASSES_ROOT\htmlfile\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.com\" -nohome"改为@="\"C:\\Program Files\\Internet Explorer\\INTEXPLORE.exe\" -nohome"
展开HKEY_CLASSES_ROOT\.exe
删除WindowFiles
展开HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microsoft Soft Debuger\Settings
删除"GUID"="{BI5AP8-6K55T9-8LJY6K-64M1EC-LTW624}"
展开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
删除Top
展开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
删除wextract_cleanup0

HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 22:32:21, on 2006-7-25
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ALGESTEIYES.EXE
C:\WINDOWS\SYSTEM\ALGESTEIEBS.EXE
C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE
C:\WINDOWS\LSASS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SUPER RABBIT\MAGICSET\MAGICSET.EXE
C:\WINDOWS\FLY\新建文件夹\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX01.458\HIJACKTHIS.EXE

O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [Syetwlyls] C:\WINDOWS\SYSTEM\algesteiebs.exe
O4 - HKLM\..\Run: [Syetwlysh] C:\WINDOWS\SYSTEM\algesteiyes.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Outlook Express.lnk
O4 - Startup: Windows Media Player.lnk
O4 - Startup: Internet Explorer.lnk
O4 - Startup: Microsoft Access.lnk
O4 - Startup: Microsoft Excel.lnk
O4 - Startup: Microsoft FrontPage.lnk
O4 - Startup: Microsoft Outlook.lnk
O4 - Startup: Microsoft PowerPoint.lnk
O4 - Startup: Microsoft Word.lnk
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\PROGRAM FILES\TENCENT\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm
O9 - Extra button: QQ (HKLM)
O15 - Trusted Zone: gytest.stats.gov.cn
O15 - Trusted Zone: http://zhbtest.stats.gov.cn
O15 - Trusted Zone: http://gytest.stats.gov.cn
O15 - Trusted Zone: http://gjra.stats.gov.cn
O15 - Trusted Zone: https://zhbtestssl.stats.gov.cn:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38921.4991203704
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1