在HKEY_LOCAL_MACHINE 下的CheckedValue键值一直是0 无法修改， 我试过删除 然后重建的方法，发现：1、如果建慢了，会自动创建一个值为0的CheckedValue；2、就算自己创建了CheckedValue并把值改为1， 几秒之后又变回0了 。 ================================================================ 下面的东西更让我抹汗`` =========================================================== API HOOK RVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7A90B25) RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7A90D67) RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7A90F0B) RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7A90C49) RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF7A90E8F) ================================== 

heckedValue是隐藏文件的注册表项请你先用杀毒软件在安全模式下扫描很有可能中了木马最好能发日志上来

很熟,但忘了是什么病毒了,它会修改文件夹选项的功能,(无法显示系统文件和隐藏文件)

这是病毒没有被清除,所以会自动被病毒修改.先升级杀软扫描再改吧.

刚才发了个日志太长了还要审核，我分开重新发。谢谢大家捧场啦。PS：我用的是卡巴 病毒库是最新的，一直查不出毒来。==============================================================启动项目注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<"D:\Program Files\毒杀\kbsj\avp.exe"> [Kaspersky Lab]
[(Verified)Microsoft Windows Hardware Compatibility Publisher][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Publisher]
[(Verified)Microsoft Windows Publisher]
[(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
[Kaspersky Lab]==================================启动文件夹N/A==================================服务[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start] <"D:\Program Files\毒杀\kbsj\avp.exe" -r>
[F1ABE58C / F1ABE58C][Stopped/Auto Start]
[Human Interface Device Access / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
==================================驱动程序[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
[cctapd1 / cctapd16][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\cctapd16.sys>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
[HSF_DP / HSF_DP][Running/Manual Start]
[kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys>
[klif / klif][Running/System Start] <\??\C:\WINDOWS\system32\drivers\klif.sys>
[mdmxsdk / mdmxsdk][Running/Auto Start]
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
[npkcrypt / npkcrypt][Running/Auto Start] <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys>
[npkycryp / npkycryp][Stopped/Manual Start] <\??\D:\Program Files\Tencent\QQ\npkycryp.sys>
[nv / nv][Running/Manual Start]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
[Secdrv / Secdrv][Stopped/Manual Start]
[SIS AGP Bus Filter / sisagp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sisagp.sys>
[TSP / TSP][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\klif.sys>
[ucmwnip / ucmwnipw][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\ucmwnipw.sys>
[winachsf / winachsf][Running/Manual Start]
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]


==================================浏览器加载项[ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233}
[BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283}
[Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6}
[启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
[浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A}
[Web反病毒保护] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
[番茄花园] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F}
[QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b}
[Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683}
[MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9}
[EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844}


==================================浏览器加载项[ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233}
[BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283}
[Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6}
[启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
[浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A}
[Web反病毒保护] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
[番茄花园] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F}
[QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b}
[Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683}
[MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9}
[EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844}
[ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233}
[ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A}
[MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9}
[IeHelper Class] {0D42E1BD-09DD-4873-A826-9C7E793EB7B6}
[Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95}
[HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>[DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83}
[BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}
[EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844}


[Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6}
[Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>[Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2}
[Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283}
[Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6}
[RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062}
[Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389}
[SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>[Microsoft DirectAnimation Control] {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D}
[RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36}
[AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127}
[AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127}
[VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127}
[VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127}
[RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
[Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000}
[&使用BitComet下载]
[&使用BitComet下载全部链接]
[&使用BitComet下载本页视频]
[上传到QQ网络硬盘]
[使用迅雷下载]
[使用迅雷下载全部链接]
[添加到QQ自定义面板]
[添加到QQ表情]
[用QQ彩信发送该图片]


[Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6}
[Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>[Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2}
[Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283}
[Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6}
[RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062}
[Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389}
[SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>[Microsoft DirectAnimation Control] {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D}
[RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36}
[AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127}
[AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127}
[VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127}
[VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127}
[RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}


[Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000}
[&使用BitComet下载]
[&使用BitComet下载全部链接]
[&使用BitComet下载本页视频]
[上传到QQ网络硬盘]
[使用迅雷下载]
[使用迅雷下载全部链接]
[添加到QQ自定义面板]
[添加到QQ表情]
[用QQ彩信发送该图片]
==================================

正在运行的进程[PID: 576][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 640][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 1424][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.7777] [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.7777] [C:\WINDOWS\system32\nvshell.dll] [NVIDIA Corporation, 6.14.10.10531] [d:\Program Files\Unlocker\UnlockerCOM.dll] [N/A, ] [D:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20] [d:\Program Files\WinRAR\rarext.dll] [N/A, ] [D:\Program Files\毒杀\kbsj\shellex.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\毒杀\kbsj\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4] [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 2] [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4][PID: 980][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)][PID: 1304][D:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0] [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\QQHelperDll.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [Tencent, 7, 0, 101, 80] [D:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [D:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1] [D:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218] [D:\Program Files\Tencent\QQ\QQAPI.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4] [D:\Program Files\Tencent\QQ\HostingMgr.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\CameraDll.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\LoginCtrl.dll] [N/A, ] [D:\Program Files\Tencent\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1] [D:\Program Files\Tencent\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1] [D:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]

[D:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ] [D:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ] [D:\Program Files\Tencent\QQ\NewSkin.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\MailSummary.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\QQAllInOne.dll] [N/A, ] [D:\Program Files\Tencent\QQ\GroupLive.dll] [N/A, ] [D:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1] [D:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Tencent\QQ\QQSpace.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426] [C:\WINDOWS\system32\msdmo.dll] [, ] [D:\Program Files\毒杀\kbsj\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\Tencent\QQ\QQGroupMng.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160] [D:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ] [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1] [D:\Program Files\Tencent\QQ\PhoneAPI.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [D:\Program Files\Tencent\QQ\QQPet.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ] [D:\Program Files\Tencent\QQ\CommercesMng.dll] [, 1, 0, 0, 1] [D:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2] [D:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280] [D:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ] [D:\Program Files\Tencent\QQ\ImageOle.dll] [TODO:
, 1.0.0.1] [D:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [D:\Program Files\Tencent\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5] [D:\Program Files\Tencent\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 8, 81][PID: 1396][D:\Program Files\Tencent\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8] [D:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4][PID: 1604][D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 6, 2, 300] [D:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 21] [D:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 85] [D:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031] [D:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 15, 2, 85] [D:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 26] [D:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 8] [D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 0, 3] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [D:\Program Files\毒杀\kbsj\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 17] [D:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 0, 8, 30]

[D:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1.0.0.10] [D:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 12] [D:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 1, 46] [D:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 20] [D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 15] [D:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 1, 3, 58] [D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll] [XunLei, 1, 2, 0, 10] [D:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 9] [d:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed09.dll] [　, 3, 3, 0, 80] [D:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 13, 2, 61] [D:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 8] [D:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0] [D:\Program Files\毒杀\kbsj\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [D:\Program Files\毒杀\kbsj\klscav.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\毒杀\kbsj\pr_remote.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\毒杀\kbsj\prloader.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\毒杀\kbsj\prkernel.ppl] [Kaspersky Lab, 6.0.0.304] [d:\program files\毒杀\kbsj\params.ppl] [Kaspersky Lab, 6.0.0.299] [d:\program files\毒杀\kbsj\pxstub.ppl] [Kaspersky Lab, 6.0.0.299] [d:\program files\毒杀\kbsj\tempfile.ppl] [Kaspersky Lab, 6.0.0.299] [d:\program files\毒杀\kbsj\nfio.ppl] [Kaspersky Lab, 6.0.0.299] [d:\program files\毒杀\kbsj\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll] [XunLei, 1, 2, 0, 11] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 8][PID: 256][D:\Program Files\毒杀\报告\SREng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806] [D:\Program Files\毒杀\kbsj\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [D:\Program Files\毒杀\报告\SREng2\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]==================================

文件关联.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].EXE OK. ["%1" %*].COM OK. ["%1" %*].PIF OK. ["%1" %*].REG OK. [regedit.exe "%1"].BAT OK. ["%1" %*].SCR OK. ["%1" /S].CHM OK. ["C:\WINDOWS\hh.exe" %1].HLP OK. [%SystemRoot%\system32\winhlp32.exe %1].INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*].JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*].LNK OK. [{00021401-0000-0000-C000-000000000046}]==================================Winsock 提供者N/A==================================Autorun.infN/A==================================HOSTS 文件127.0.0.1 localhost==================================API HOOKRVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7A90B25)RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7A90D67)RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7A90F0B)RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF7A90C49)RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF7A90E8F)==================================隐藏进程N/A==================================[/CODE]

==================================浏览器加载项[ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233}
[BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283}
[Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6}
[启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
[浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A}
[Web反病毒保护] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
[番茄花园] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F}
[QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b}
[Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683}
[MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9}
[EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844}
[ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233}
[ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A}
[MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9}
[IeHelper Class] {0D42E1BD-09DD-4873-A826-9C7E793EB7B6}
[Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95}
[HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>[DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83}
[BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[Thunder Agent Class]

[番茄花园] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F}
[QQ]

?这个怎么了？

分析日志是件比较痛苦的事情

把那个老被改的注册表键值拉到主动防御的注册表键控的监控列表中，看看是谁在修改它鄙人比较菜，看日志实在有些吃力，不妨活用现成的工具，顺藤摸瓜