进程名称路径数值名称数值数据操作日期操作方式操作结果
\??\C:\WINDOWS\system32\winlogon.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCElknfs2007-07-01 13:54修改同意修改
\??\C:\WINDOWS\system32\winlogon.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCElknfs2007-07-01 14:08修改同意修改
\??\C:\WINDOWS\system32\winlogon.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCElknfs2007-07-01 14:35修改同意修改
E:\软件\杀毒\360safe\360Safe.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWSload2007-07-01 14:41删除同意修改
E:\软件\杀毒\360safe\360Safe.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWSload2007-07-01 14:41删除同意修改
\??\C:\WINDOWS\system32\winlogon.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCElknfs2007-07-03 14:26修改同意修改
\??\C:\WINDOWS\system32\winlogon.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCElknfs2007-07-03 15:08修改同意修改
\??\C:\WINDOWS\system32\winlogon.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCElknfs2007-07-03 15:30修改同意修改
E:\转存\DubaTool_AV_Killer\DubaTool_AV_Killer.COMHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMDisableRegistryTools2007-07-03 15:54修改同意修改
E:\转存\DubaTool_AV_Killer\DubaTool_AV_Killer.COMHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMDisableTaskMgr2007-07-03 15:54修改同意修改
D:\Program Files\Kingsoft\KSysCleaner\KASMain.EXEHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEKASTaskD:\Program Files\Kingsoft\KSysCleaner\KASTask.EXE2007-07-24 10:16修改同意修改
E:\软件\杀毒\360safe\360Safe.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWSload2007-07-24 10:17删除同意修改
C:\WINDOWS\system32\services.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNATIModeChangeAti2mdxx.exe2007-07-24 14:17修改同意修改
G:\VGA\ATI\NET32\dotnetfx.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEwextract_cleanup0rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TEMP\IXP000.TMP\"2007-07-24 14:24修改同意修改
C:\WINDOWS\system32\msiexec.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNATICCC"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"2007-07-24 14:29修改同意修改
C:\WINDOWS\system32\Ati2mdxx.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNATIModeChange2007-07-24 14:35删除同意修改
C:\WINDOWS\system32\Rundll32.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNCTFMON.EXEC:\WINDOWS\system32\CTFMON.EXE2007-07-24 14:54修改同意修改
C:\WINDOWS\system32\CTFMON.EXEHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNctfmon.exeC:\WINDOWS\system32\ctfmon.exe2007-07-24 15:12修改同意修改
C:\WINDOWS\system32\rundll32.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSMSERIALC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe2007-07-24 15:14修改同意修改
C:\WINDOWS\system32\REGSVR32.EXEHKEY_CLASSES_ROOT\CHM.FILE\SHELL\OPEN\COMMAND"C:\WINDOWS\hh.exe" %12007-07-24 15:55修改同意修改
C:\WINDOWS\system32\REGSVR32.EXEHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAINSearch Barhttp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm2007-07-24 15:55修改同意修改
D:\Program Files\Kingsoft Antispy\KSA\Patches\office2003-KB934181-FullFile-CHS.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEwextract_cleanup0rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ASUS\LOCALS~1\Temp\IXP000.TMP\"2007-07-24 18:09修改同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORDdefault2007-07-24 18:10添加同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDITdefault2007-07-24 18:10添加同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELLdefault2007-07-24 18:10添加同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDITdefault2007-07-24 18:10添加同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT打开(&O)2007-07-24 18:10修改同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\COMMANDdefault2007-07-24 18:10添加同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\COMMAND"D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde2007-07-24 18:10修改同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\COMMANDcommand2007-07-24 18:10修改同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXECdefault2007-07-24 18:10添加同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC[REM _DDE_Direct][FileOpen("%1")]2007-07-24 18:10修改同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC\APPLICATIONdefault2007-07-24 18:10添加同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC\APPLICATIONWinWord2007-07-24 18:10修改同意修改
D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exeHKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT OFFICE WORD\SHELL\EDIT\DDEEXEC\TOPICdefault
&dot¸Ü¯±ñbbs.ikaka.com4&dot_öætPí