操作 时间 进程名称 数值名称 旧值 新值 修改 2009-10-14 11:38:50 C:\WINDOWS\EXPLORER.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://06000.cn/alei.htm http://www.2345.com/?294 修改 2009-10-14 11:38:42 C:\WINDOWS\EXPLORER.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.google.com/ http://www.2345.com/?294 修改 2009-10-14 08:00:40 C:\WINDOWS\EXPLORER.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.2345.com/?294 http://06000.cn/alei.htm 修改 2009-10-14 07:54:39 C:\WINDOWS\EXPLORER.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.google.com/ http://www.2345.com/?294 修改 2009-10-13 16:06:18 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.2345.com/?294 http://www.google.com/ 修改 2009-10-13 16:05:39 C:\WINDOWS\EXPLORER.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEabout:blank http://www.2345.com/?294 修改 2009-10-13 16:05:39 C:\WINDOWS\EXPLORER.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.google.com/ http://www.2345.com/?294 修改 2009-10-13 15:59:35 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www2.1616.net/ http://www.google.com/ 安装驱动 2009-10-12 08:10:38 D:\el\c\TOOLS\ICESWORD\ICESWORD.COM HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISDRV122 修改 2009-10-09 14:00:37 C:\WINDOWS\EXPLORER.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.google.com/ http://00333.cn/alei.htm 安装驱动 2009-10-09 13:46:39 C:\PROGRAM FILES\FILEMON\FILEMON.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FILEMON701 安装驱动 2009-10-09 13:46:34 C:\PROGRAM FILES\FILEMON\FILEMON.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FILEMON701 修改 2009-10-09 13:21:06 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.2345.com/?294 http://www.google.com/ 修改 2009-10-09 13:02:26 C:\WINDOWS\EXPLORER.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEabout:blank http://www.2345.com/?294 修改 2009-10-09 13:02:20 C:\WINDOWS\EXPLORER.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.google.com/ http://www.2345.com/?294 修改 2009-10-09 10:31:14 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.xngq.com/baidu/startpage http://www.google.com/ 修改 2009-10-09 10:27:33 C:\PROGRAM FILES\DAEMON TOOLS LITE\DAEMON TOOLS SMART INSTALLER.EXEHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.google.com/ http://www.xngq.com/baidu/startpage 修改 2009-10-09 10:27:28 C:\DOCUME~1\CW-CZG\LOCALS~1\TEMP\IS-29LNQ.TMP\DAEMON4304-LITE.EXEHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DAEMON TOOLS LITE C:\Program Files\Daemon Tools Lite\daemon.exe -autorun 修改 2009-10-08 15:27:13 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEabout:blank http://www.google.com/ 修改 2009-10-08 15:20:57 C:\PROGRAM FILES\ARSWP3\ARSWP3.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLSkmon.dll 修改 2009-10-08 15:20:57 C:\PROGRAM FILES\ARSWP3\ARSWP3.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\SYSTEM 修改 2009-10-08 15:20:54 C:\PROGRAM FILES\ARSWP3\ARSWP3.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM\DISABLETASKMGR0 0 修改 2009-10-08 15:20:50 C:\PROGRAM FILES\ARSWP3\ARSWP3.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://go.microsoft.com/fwlink/?LinkId=69157 about:blank 修改 2009-10-08 15:20:48 C:\PROGRAM FILES\ARSWP3\ARSWP3.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGEhttp://www.google.com/ about:blank 安装驱动 2009-10-08 15:20:02 C:\PROGRAM FILES\ARSWP3\ARSWP3.EXE HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATPKRNL 修改 2009-10-08 14:01:19 D:\el\c\TOOLS\SRENG2\SREF9461006.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-10-08 13:29:30 D:\el\c\TOOLS\SRENG2\SREF9461006.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS kmon.dll 修改 2009-10-08 13:24:20 D:\el\c\TOOLS\SRENG2\SREF9461006.EXE HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND\ C:\WINDOWS\notepad.exe %1 %SystemRoot%\system32\NOTEPAD.EXE %1