新日志
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E57E39C-D99C-49CC-A8EB-4ADD64FA6308}]
<N/A><C:\WINDOWS\RMPlayer.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AFA26EE8-EEA3-4626-97C9-9CB3ECEA5C7F}]
<N/A><C:\WINDOWS\system32\hellbot.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{b746f5d7-3fce-8413-8413-40df8e602a87}]
<N/A><C:\WINDOWS\system32\gyvrkemuk\svchost.exe /t> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
<IFEO[360rpt.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
<IFEO[360Safe.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<IFEO[360tray.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
<IFEO[adam.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
<IFEO[AgentSvr.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
<IFEO[AppSvc32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
<IFEO[auto.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe]
<IFEO[AutoRun.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
<IFEO[autoruns.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
<IFEO[avgrssvc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
<IFEO[AvMonitor.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
<IFEO[avp.com]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
<IFEO[avp.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe]
<IFEO[boxmod.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
<IFEO[CCenter.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
<IFEO[ccSvcHst.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe]
<IFEO[cross.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe]
<IFEO[DrRtp.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
<IFEO[enc98.EXE]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
<IFEO[FileDsty.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
<IFEO[FTCleanerShell.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe]
<IFEO[guangd.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
<IFEO[HijackThis.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
<IFEO[IceSword.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
<IFEO[iparmo.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
<IFEO[Iparmor.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
<IFEO[isPwdSvc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
<IFEO[kabaload.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
<IFEO[KaScrScn.SCR]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
<IFEO[KASMain.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
<IFEO[KASTask.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
<IFEO[KAV32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
<IFEO[KAVDX.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
<IFEO[KAVPFW.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
<IFEO[KAVSetup.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
<IFEO[KAVStart.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
<IFEO[KISLnchr.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
<IFEO[KMailMon.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
<IFEO[KMFilter.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
<IFEO[KPFW32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
<IFEO[KPFW32X.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe]
<IFEO[KPFWSvc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
<IFEO[KRegEx.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM]
<IFEO[KRepair.COM]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
<IFEO[KsLoader.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
<IFEO[KVCenter.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
<IFEO[KvDetect.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
<IFEO[KvfwMcl.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
<IFEO[KVMonXP.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
<IFEO[KVMonXP_1.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
<IFEO[kvol.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
<IFEO[kvolself.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
<IFEO[KvReport.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
<IFEO[KVSrvXP.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
<IFEO[KVStub.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
<IFEO[kvupload.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
<IFEO[kvwsc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
<IFEO[KvXP.kxp]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
<IFEO[KWatch.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
<IFEO[KWatch9x.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
<IFEO[KWatchX.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe]
<IFEO[loaddll.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
<IFEO[MagicSet.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
<IFEO[mcconsol.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
<IFEO[mmqczj.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
<IFEO[mmsk.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
<IFEO[NAVSetup.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
<IFEO[nod32krn.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
<IFEO[nod32kui.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
<IFEO[PFW.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
<IFEO[PFWLiveUpdate.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
<IFEO[QHSET.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
<IFEO[QQDoctor.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
<IFEO[Ras.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
<IFEO[Rav.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
<IFEO[RavMon.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
<IFEO[RavMonD.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
<IFEO[RavStub.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
<IFEO[RavTask.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
<IFEO[RegClean.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
<IFEO[rfwcfg.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe]
<IFEO[RfwMain.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
<IFEO[rfwProxy.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
<IFEO[rfwsrv.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
<IFEO[RsAgent.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
<IFEO[Rsaupd.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
<IFEO[runiep.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe]
<IFEO[safeboxtray.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
<IFEO[safelive.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
<IFEO[scan32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDGames.exe]
<IFEO[SDGames.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
<IFEO[shcfg32.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ShuiNiu.exe]
<IFEO[ShuiNiu.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)]