操作 时间 进程名称 数值名称 旧值 新值 修改 2009-02-17 16:50:16 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-17 16:25:12 D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\BOOTEXECUTEautocheck autochk * autocheck autochk * 修改 2009-02-17 16:25:12 D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\BOOTEXECUTEautocheck autochk * autocheck autochk * 修改 2009-02-17 11:00:21 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-17 10:42:12 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-17 10:32:34 E:\1B110C43E01D87FD72726244\UPDATE\UPDATE.EXE HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\SHELL\OPENHOMEPAGE\COMMAND\"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files\Internet Explorer\iexplore.exe" 修改 2009-02-17 10:11:58 E:\CD8A527E9BD8549E08902B065993\UPDATE\UPDATE.EXE HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\SHELL\OPENHOMEPAGE\COMMAND\"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files\Internet Explorer\iexplore.exe" 修改 2009-02-16 21:59:22 C:\DOCUME~1\ADMINI~1.CHI\LOCALS~1\TEMP\IXP000.TMP\SETUP_WM.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MP10_ENSUREFILEVER C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions 安装驱动 2009-02-16 20:42:45 E:\2DCF950B5DCD0A937392F5DF7737\UPDATE\UPDATE.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUDFPF 安装驱动 2009-02-16 20:42:29 E:\2DCF950B5DCD0A937392F5DF7737\UPDATE\UPDATE.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUDFRD 修改 2009-02-16 10:40:37 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-16 10:40:16 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-16 10:37:54 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-15 20:07:43 E:\SRE9DEB0738.EXE HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND\ C:\WINDOWS\notepad.exe %1 %SystemRoot%\system32\NOTEPAD.EXE %1 修改 2009-02-15 20:07:11 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-15 20:06:37 C:\DOCUME~1\ADMINI~1.CHI\LOCALS~1\TEMP\SRE7.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-15 20:05:41 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-15 20:02:58 K:\SETUP.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PPHIDPAD D:\WINPENJR\Win32\pphidpad.exe 修改 2009-02-15 11:03:23 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEabout:blank http://www.hao123.com/ 修改 2009-02-15 08:48:06 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-15 08:39:16 D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\BOOTEXECUTEautocheck autochk * autocheck autochk * 修改 2009-02-15 08:39:16 D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\BOOTEXECUTEautocheck autochk * autocheck autochk * 修改 2009-02-15 02:31:50 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-15 02:21:40 D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\BOOTEXECUTEautocheck autochk * autocheck autochk * 修改 2009-02-15 02:21:39 D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 修改 2009-02-15 02:21:39 D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 修改 2009-02-15 02:21:39 D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\BOOTEXECUTEautocheck autochk * autocheck autochk * 修改 2009-02-15 02:18:25 D:\PROGRAM FILES\360SAFE\360SAFE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLSkmon.dll about:blank 修改 2009-02-15 02:18:22 D:\PROGRAM FILES\360SAFE\360SAFE.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.baidu.com/ about:blank 修改 2009-02-15 02:11:13 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-15 01:49:09 E:\SRE9DEB0738.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-02-15 01:17:36 E:\SRE9DEB0738.EXE HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND\ C:\WINDOWS\notepad.exe %1 %SystemRoot%\system32\NOTEPAD.EXE %1 修改 2009-02-15 00:31:07 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.hao123.com/ http://www.baidu.com/ 修改 2009-02-14 23:05:12 D:\TDDOWNLOAD\UTGAME43_SETUP03.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NMGAMEX_AUTORUN C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa 安装驱动 2009-02-14 22:53:14 D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\360PROCMON 修改 2009-02-14 22:40:40 D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.kuku123.com/ http://www.hao123.com/ 修改 2009-02-14 22:04:35 D:\TDDOWNLOAD\360SAFE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360SAFETRAY D:\Program Files\360safe\safemon\360tray.exe /start 安装驱动 2009-02-14 22:04:19 C:\PROGRAM FILES\360SAFEBOX\SAFEBOXTRAY.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SAFEBOXKRNL 修改 2009-02-14 22:04:16 D:\PROGRAM FILES\360SAFE\BOXMOD.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360SAFEBOX "C:\Program Files\360Safebox\safeboxTray.exe" /r