Vista,XP双系统中重装XP后双启动菜单不见的解决.doc

病毒症状：explorer核心启动中附带有木马C:WINDOWSKesenjanganSosial注册表被锁、文件夹选项消失等等。病毒添加启动项：开始程序启动 Empty.pifBron-Spizaetus C:WINDOWSShellNewRakyatKelaparan.exeTok-CirrhatusTok-Cirrhatus-969 C:Documents and SettingsUsersLocal SettingsApplication Databr2961on.exe (数字有可能不是2961)病毒文件：C:Documents and Settings用户名Application Data和C:Documents and Settings用户名Local SettingsApplication Data中有大量病毒程序，比如csrss.exe、inetinfo.exe、winlogon.exe、services.exe、smss.exe、 lsass.exe、svchost.exe、Bron.tok-17-x.exe(x为数字)、以及带有“Bron tok”名字的文件，Users是指每一个用户名。 准备工具：最新版木马杀客或者恶意软件清理助手。杀毒步骤：1、进安全模式，用木马杀客或者恶意软件清理助手结束所有带有Application Data路径的进程。C:Documents and Settings用户名LocalSettingsApplicationDatacsrss.exeC:Documents and Settings用户名LocalSettingsApplicationDatainetinfo.exeC:Documents and Settings用户名LocalSettingsApplicationDataservices.exeC:Documents and Settings用户名LocalSettingsApplicationDatasmss.exeC:Documents and Settings用户名LocalSettingsApplicationDatasvchost.exeC:Documents and Settings用户名LocalSettingsApplicationDatalsass.exeC:Documents and Settings用户名LocalSettingsApplicationDatawinlogon.exe2、在记事本里面输入以下内容(如果禁止了右键，我们可以从“文件”这里新建一个)：dim wshset wsh=wscript.createobject(wscript.shell)wsh.regwrite HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled,wsh.regwrite HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools,0wsh.popup (已经成功解开注册表)另存为1.vbs或者1.vbe 运行这个文件，注册表就解开了。3、文件夹选项消失，无法显示隐藏文件、扩展名解决方法，用记事本写以下内容：Windows Registry Editor Version 5.00HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLRegPath=SoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedText=shell32.dll,-30500Type=radioCheckedValue=dword:00000001ValueName=HiddenDefaultValue=dword:00000002HKeyRoot=dword:80000001HelpID=shell.hlp#51105另存为2.reg文件然后双击运行这个文件。4、恢复显示“文件夹选项”，以便查看隐藏文件即文件扩展名：运行gpedit.msc按回车启动“组策略”，展开用户配置管理模板系统，找到“阻止访问注册表编辑工具”，右键单击将它禁止。同时将 “阻止访问命令提示符”也禁止。回到“管理模板”，展开windows组件windows资源管理器，找到“工具菜单删除文件夹选项菜单”，选择已禁用即可。5、开始运行输入regedit确定进入注册表修改HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon为HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon修改HKLMSYSTEMCurrentControlSetControlSafeBootAlternateShell = cmd-brontok.exe为HKLMSYSTEMCurrentControlSetControlSafeBootAlternateShell = cmd.exe修改HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionexploreradvancedHidden=0为HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionexploreradvancedHidden=1修改HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionexploreradvancedShowSuperHidden = 0为HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionexploreradvancedShowSuperHidden = 1修改HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionexploreradvancedHideFileExt=1为HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionexploreradvancedHideFileExt=0修改HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFolderOptions1 为HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFolderOptions0 以上数值请对照仔细修改，如果正确则不用修改删除如下自启动项：HKLMsoftwaremicrosoftwindowscurrentversionrunBron-Spizaetus = C:WINDOWSShellNewRakyatKelaparan.exeHKCUsoftwaremicrosoftwindowscurrentversionrunTok-Cirrhatus-1464 = C:Documents and Settings用户名Local SettingsApplication Databr3951on.exe HKCUsoftwaremicrosoftwindowscurrentversionrunTok-Cirrhatus = HKLMSoftWareMicrosoftWindowsCurrentVersionWinlogonShellBron-Spizaetus=C:WINDOWSShellNewRakyatKelaparan.exe6、注册表中搜索含有“Bron”“Tok-Cirrhatus” 字符的所有项目，然后删除，保存退出。7、删除如下文件：C:Documents and Settings用户名LocalSettingsApplicationDatacsrss.exeC:Documents and Settings用户名LocalSettingsApplicationDatainetinfo.exeC:Documents and Settings用户名LocalSettingsApplicationDataservices.exeC:Documents and Settings用户名LocalSettingsApplicationDatasmss.exeC:Documents and Settings用户名LocalSettingsApplicationDatasvchost.exeC:Documents and Settings用户名LocalSettingsApplicationDatalsass.exeC:Documents and Settings用户名LocalSettingsApplicationDatawinlogon.exeC:Documents and Settings用户名Local SettingsApplication Databr3951on.exeC:Documents and Settings用户名开始菜单程序启动empty.pifC:Documents and Settings用户名TemplatesWowT C:WINDOWSSystem32用户名ssetting.exeC:WINDOWSSystem32cmd-brontok.exeC:WINDOWSKesenjanganSosial.exeC:WINDOWSShellNewRakyatKelap