电脑的病毒会感染u盘吗

当然了，，有很多这样的病毒 比如：：U盘病毒csscv.exe,elRecvr.exe,eiRecvr.exe,wdfmgr.exe发信人: broadman (君子直道而行), 信区: Virus标 题: 大家帮我看看我遇到的怪诞问题，快搞死我了发信站: 水木社区 (Mon Dec 11 13:42:01 2006), 站内问题非常怪：1、在我的电脑中打开U盘，结果一定打开的是“我的文档”，反复几次都这样；2、上本试验是的局域启困网，输入:\\10.0.66.114，结果打开的是“我的打印机”；3、我发现每个盘下面一个EXPLORE.EXE;4、在C:\WINDOWS\Temp目录下，疯狂地产生一写垃圾文件，名字为AcrXX.tmp，还是顺序编号的，文件大小为1~6M不等，有时候每分钟产生3、4个，有时候半小时产生一个；5、机器明显变慢了很多。我把扫描的log附上，请各位帮我解决病毒。--不求每天过得精彩，但求每天过得清晰君不密则失臣，臣不密则失身，几事不密则成灾※ 来源:·水木社区 http://newsmth.net·[FROM: 166.111.248.118]附件: SREngLOG.log (24KB)二、问题的分析发信人: teyqiu (天下无毒 http://hi.baidu.com/teyqiu), 信区: Virus标 题: Re: 大家帮我看看我遇到的怪诞问题，快搞死我了发信站: 水木社区 (Mon Dec 11 13:53:26 2006), 站内1 杀毒前关闭系统还原：右键 我的电脑 ，属性，系统还原，在所有驱动器上关闭系统还原手尺 打勾即可。 清除IE的临时文件：打开IE 点工具-->Internet选项 : Internet临时文件，点“删除文件”按钮 ，将 删除所有脱机内容 打勾，点确定删除。以下的操作都要求安全模式下进行。[安全模式？重启电脑时按住F8 选择进入安全模式]--------------------------------------------------------------2 SRENG删除如下各项 方法 http://hi.baidu.com/teyqiu/blog/item/f706213fc52346ec54e72351.html启动项目 -->注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [] [Microsoft Corporation]启动项目 -->服务-->Win32服务应用程序[InstallDriver Service / ISDS] <"C:\WINDOWS\system32\csscv.exe">[Extended Windows Security / Microsoft Extended Windows Security] <"悄薯念C:\WINDOWS\elRecvr.exe">[Windows Windows Sheduler / Microsoft Windows Scheduled Tasker] <"C:\WINDOWS\eiRecvr.exe">[Extended Windows Security System / Microsoft Windows Security System] <"C:\WINDOWS\ewRecvr.exe">[Microsoft Windows Volume Copy / Microsoft Windows Volume Copy] <"C:\WINDOWS\wbRecv.exe">[MS Office Updater Service / MS Office Updater Service] <"C:\WINDOWS\msrvs32.exe">[Windows Kernel Services / Windows Kernel Services] <"C:\WINDOWS\winlogon.exe">[Microsoft Languages Service / Windows Languages Service] <"C:\WINDOWS\csrss.exe">[Microsoft Windows Protection / Windows Protection Service] <"C:\WINDOWS\winlogon.exe">[Microsoft Windows Spool Service / Windows Spool Service] <"C:\WINDOWS\wdfmgr.exe">[Microsoft Windows Spooler Service / Windows Spooler Service] <"C:\WINDOWS\services.exe">手动删除如上涉及的文件[PID: 3592][C:\WINDOWS\winlogon.exe] [PID: 3656][C:\WINDOWS\csrss.exe] [PID: 3708][C:\WINDOWS\winlogon.exe] [PID: 3772][C:\WINDOWS\wdfmgr.exe] [PID: 3812][C:\WINDOWS\services.exe] [PID: 2552][C:\WINDOWS\wbRecv.exe] 用专杀工具清除各盘目录下的autorun.infhttp://www.newsmth.net/bbscon.php?bid=78&id=260489 最后，重启后用 WINDOWS清理助手清理 参考http://post.baidu.com/f?kz=149133630三、反馈waiting...附录：日志2006-12-11,13:29:28System Repair Engineer 2.0.21.505 (2.0 RC 2)Smallfrogs (http://www.KZTechs.com)Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中： 所有的启动项目（包括注册表、启动文件夹、服务等） 浏览器加载项 正在运行的进程（包括进程模块信息） 文件关联启动项目注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [IBM] [Microsoft Corporation] [] <"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation] <"C:\Program Files\Microsoft Office Communicator\Communicator.exe"> [Microsoft Corporation] [] [Microsoft Corporation][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] [Microsoft Corporation] [Microsoft Corporation] [S3 Graphics, Inc.] [IBM Corporation] [ATI Technologies, Inc.] [Microsoft Corporation] [] [] [IBM Corp.] [IBM Corporation] [IBM Corp.] [Agere Systems] [ATI Technologies, Inc.] <> [] [IBM] [Microsoft Corporation] [] <"C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME] [天网] <; "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.] <"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] [kingsoft] <"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [Symantec Corporation] <"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM> [FinePrint Software, LLC] [FUJI PHOTO FILM CO., LTD.] [NMGameX] [] [Microsoft Corporation] [IBM Corp.][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [Microsoft Corporation] [Microsoft Corporation][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [Microsoft Corporation][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] []==================================启动文件夹[Adobe Acrobat Speed Launcher] [Microsoft Office] [Service Manager] [金山词霸 2005] ==================================服务[Adobe LM Service / Adobe LM Service] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe">[AFD Networking Support Enviroment / AFD Networking Support Enviroment TCP IP Protocol Driver] <"C:\WINDOWS\netdde.exe">[Adobe LT Service / ALTS] <"C:\WINDOWS\system32\msasvc.exe">[Ati HotKey Poller / Ati HotKey Poller] [Symantec Event Manager / ccEvtMgr] <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe">[Symantec Password Validation / ccPwdSvc] <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe">[Symantec Settings Manager / ccSetMgr] <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe">[IBM PM Service / IBMPMSVC] [InstallDriver Service / ISDS] <"C:\WINDOWS\system32\csscv.exe">[Extended Windows Security / Microsoft Extended Windows Security] <"C:\WINDOWS\elRecvr.exe">[Windows Windows Sheduler / Microsoft Windows Scheduled Tasker] <"C:\WINDOWS\eiRecvr.exe">[Extended Windows Security System / Microsoft Windows Security System] <"C:\WINDOWS\ewRecvr.exe">[Microsoft Windows Volume Copy / Microsoft Windows Volume Copy] <"C:\WINDOWS\wbRecv.exe">[MS Office Updater Service / MS Office Updater Service] <"C:\WINDOWS\msrvs32.exe">[QCONSVC / QCONSVC] [RegSrvc / RegSrvc] [Remote Packet Capture Protocol v.0 (experimental) / rpcapd] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini">[Spectrum24 Event Monitor / S24EventMonitor] [Socket Proxy Client / Socket Proxy Client] <>[Symantec Core LC / Symantec Core LC] [IBM KCU Service / TpKmpSVC] [Windows Kernel Services / Windows Kernel Services] <"C:\WINDOWS\winlogon.exe">[Microsoft Languages Service / Windows Languages Service] <"C:\WINDOWS\csrss.exe">[Microsoft Windows Protection / Windows Protection Service] <"C:\WINDOWS\winlogon.exe">[Microsoft Windows Spool Service / Windows Spool Service] <"C:\WINDOWS\wdfmgr.exe">[Microsoft Windows Spooler Service / Windows Spooler Service] <"C:\WINDOWS\services.exe">==================================浏览器加载项[Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [IDDTInitObj Class] {15DDE989-CD45-4561-BF99-D22C0D5C2B74} [KillObj Class] {66C28884-4E5D-494B-80C9-CAA27528FD6D} [ST] {9394EDE7-C8B5-483E-8773-474BF36AF6E4} [IeCatch2 Class] {A5366673-E8CA-11D3-9CD9-0090271D075B} [AcroIEToolbarHelper Class] {AE7CD045-E861-484f-8273-0445EE161910} [MSNToolBandBHO] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [免费精彩视频超流畅在线观看] {022C4009-5283-4365-97BF-144054B40E2E} [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [金山卓越] {8DE0FCD4-5EB5-11D3-AD25-00002100131B} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>[FlashGet] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [金山毒霸网站] {e1fc9760-7b95-49cd-80b9-8c9e41017b93} [在线查毒] {f58d36c3-40be-4418-a786-d8fbe3eb3554} [新浪点点通] {F60C7D81-8471-4D40-AAFE-56D318F34C2D} [] {974AD624-EA50-4831-A6C0-3040F6665396} [新浪点点通阅读器] {F0646DC8-58CD-4C64-8F6B-525043914685} [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} [金山毒霸] {A9BE2902-C447-420A-BB7F-A5DE921E6138} [MSN] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [新浪点点通] {F60C7D81-8471-4D40-AAFE-56D318F34C2D} [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [iSipCore Class] {0538C945-424E-45AE-B5D0-191E903F596E} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [pCastPanel Class] {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} [Convert link target to Adobe PDF] [Convert link target to existing PDF] [Convert selected links to Adobe PDF] [Convert selected links to existing PDF] [Convert selection to Adobe PDF] [Convert selection to existing PDF] [Convert to Adobe PDF] [Convert to existing PDF] [使用彩信超级自写发送到手机] [使用新浪下载助手下载] [使用网际快车下载] [使用网际快车下载全部链接] [发送图片到手机(&M)] [在Foxmail中添加该RSS频道/频道组] [导出到 Microsoft Excel(&x)] [收藏此页到新浪ViVi] [新浪搜索] ==================================正在运行的进程[PID: 836][\SystemRoot\System32\smss.exe] <5.1.2600.1106 (xpsp1.020828-1920)>[PID: 912][\??\C:\WINDOWS\system32\csrss.exe] <5.1.2600.0 (xpclient.010817-1148)>[PID: 936][\??\C:\WINDOWS\system32\winlogon.exe] <5.1.2600.1557 (xpsp2_gdr.040517-1325)> [C:\WINDOWS\system32\Ati2evxx.dll] [PID: 980][C:\WINDOWS\system32\services.exe] <5.1.2600.0 (xpclient.010817-1148)>[PID: 992][C:\WINDOWS\system32\lsass.exe] <5.1.2600.1106 (xpsp1.020828-1920)>[PID: 1148][C:\WINDOWS\System32\Ati2evxx.exe] [PID: 1176][C:\WINDOWS\system32\svchost.exe] <5.1.2600.0 (xpclient.010817-1148)>[PID: 1332][C:\WINDOWS\System32\svchost.exe] <5.1.2600.0 (xpclient.010817-1148)>[PID: 1376][C:\WINDOWS\System32\S24EvMon.exe] <4, 1, 0, 3>[PID: 1636][C:\WINDOWS\System32\svchost.exe] <5.1.2600.0 (xpclient.010817-1148)>[PID: 1696][C:\WINDOWS\System32\svchost.exe] <5.1.2600.0 (xpclient.010817-1148)>[PID: 1952][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] <103.0.1.26> [C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <103.0.1.26> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <103.0.1.26>[PID: 1980][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] <103.0.1.26> [C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <103.0.1.26> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <103.0.1.26> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL] <103.0.1.26> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] <103.0.1.26>[PID: 228][C:\WINDOWS\system32\spoolsv.exe] <5.1.2600.1699 (xpsp2.050610-1533)> [C:\WINDOWS\System32\AdobePDF.dll] <7.0.0.00> [C:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll] <7.0.5.2005092300> [C:\WINDOWS\system32\fpmon5.dll] <5.45> [C:\WINDOWS\system32\fpres532.dll] <5.45>[PID: 1440][C:\WINDOWS\system32\Ati2evxx.exe] [PID: 1484][C:\WINDOWS\System32\EXPLORER.EXE] <6.2900.2180>[PID: 1504][C:\WINDOWS\Explorer.EXE] <6.00.2800.1106 (xpsp1.020828-1920)> [C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] <1, 0, 0, 0> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <7.0.0.0> [C:\KAV6\KAVEXT.DLL] <2002, 5, 24, 6> [C:\Program Files\WinRAR\rarext.dll] [C:\Program Files\UltraEdit\ue32ctmn.dll] <><1.0> [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] <7.0.5.2005092300\0> [C:\Program Files\Adobe\Acrobat 7.0\Distillr\ADIST32.dll] <7.0.5.0> [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <7.0.5.2005092300> [C:\PROGRA~1\FlashGet\jccatch.dll] <1, 1, 4, 0>[PID: 1852][C:\WINDOWS\System32\tp4serv.exe] <3.10> [C:\WINDOWS\System32\tp4uires.dll] [PID: 1904][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe] [C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll] [C:\WINDOWS\System32\Oemdspif.dll] <6.14.0010>[PID: 336][C:\WINDOWS\AGRSMMSG.exe] <2.1.31 2.1.31 06/27/2003 08:53:31>[PID: 376][C:\Program Files\IBM\Messages By IBM\ibmmessages.exe] <1.105> [C:\WINDOWS\System32\AIBMRUNL.dll] [C:\Program Files\Support.com\bin\tglib.dll] <5,8,149,0> [C:\Program