操作 时间 进程名称 数值名称 旧值 新值 修改 2008-12-13 13:19:05 H:\新建文件夹.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM\DISABLETASKMGR 0 1 创建 2008-12-13 13:19:08 H:\新建文件夹.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 创建 2008-12-13 13:19:08 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 创建 2008-12-13 13:19:09 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SVCHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 创建 2008-12-13 13:19:09 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 修改 2008-12-13 13:19:13 H:\新建文件夹.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 13:19:14 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 13:19:14 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SVCHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 13:19:16 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 13:19:16 H:\新建文件夹.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 修改 2008-12-13 13:19:16 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 修改 2008-12-13 13:19:16 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SVCHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 修改 2008-12-13 13:19:16 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 修改 2008-12-13 13:19:25 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM\DISABLETASKMGR 0 1 删 除 2008-12-13 13:19:31 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\ALTERNATESHELL 0 0 修改 2008-12-13 13:22:30 C:\WINDOWS\SYSTEM32\IGFXPERS.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM\DISABLETASKMGR 0 1 创建 2008-12-13 13:22:30 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 创建 2008-12-13 13:22:31 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SVCHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 创建 2008-12-13 13:22:32 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 修改 2008-12-13 13:22:32 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 13:22:32 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SVCHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 13:22:32 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 13:22:32 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SVCHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 修改 2008-12-13 13:22:32 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 修改 2008-12-13 13:22:32 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 删 除 2008-12-13 13:22:35 C:\WINDOWS\SYSTEM32\IGFXPERS.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\ALTERNATESHELL 0 0 创建 2008-12-13 16:11:57 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 创建 2008-12-13 16:12:03 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SVCHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 创建 2008-12-13 16:12:11 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CTFMON.EXE\ 创建 2008-12-13 16:12:14 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TASKMGR.EXE\ 修改 2008-12-13 16:12:14 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SVCHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 16:12:14 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 16:12:14 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SVCHOST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 修改 2008-12-13 16:12:14 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 0 C:\WINDOWS\system\KEYBOARD.exe 修改 2008-12-13 16:12:14 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\SYSTEM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 修改 2008-12-13 16:12:14 C:\WINDOWS\SYSTEM32\DLLCACHE\RECYCLER.{645FF040-5081-101B-9F08-00AA002F954E}\GLOBAL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\SYS 0 C:\WINDOWS\Fonts\Fonts.exe 修改 2008-12-13 16:53:21 D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL EXPLORER.EXE Explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\YY 0 d:\Program Files\duowan\yy\Start.exe 修改 2008-12-13 20:35:58 D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL EXPLORER.EXE Explorer.exe 修改 2008-12-13 21:29:27 D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL EXPLORER.EXE Explorer.exe 修改 2008-12-13 22:09:53 C:\WINDOWS\REGEDIT.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\新值 #1 0 修改 2008-12-13 22:10:07 C:\WINDOWS\REGEDIT.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CTFMON.EXE 0 修改 2008-12-13 22:10:56 C:\WINDOWS\REGEDIT.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CTFMON.EXE c:\windows\system32\ctfmon.exe 修改 2008-12-13 22:12:09 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSCONFIG 0 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto 修改 2008-12-13 22:12:20 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\CTFMON.EXE 0 c:\windows\system32\ctfmon.exe 修改 2008-12-13 22:14:26 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MSCONFIG 0 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto 修改 2008-12-13 22:24:26 D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL EXPLORER.EXE Explorer.exe 修改 2008-12-13 22:29:21 D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL EXPLORER.EXE Explorer.exe 修改 2008-12-14 09:35:37 D:\PROGRAM FILES\TENCENT\QQ\QQ.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SHELL EXPLORER.EXE Explorer.exe