瑞星卡卡安全论坛

扫描日志

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

附件: SREngLOG.log

风险
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<PhDesktop><C:\Program Files\Oray\PeanutHull5\PhDesktop.exe>  [(Verified)"Shanghai Bes]
威胁：
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.xe]
    <IFEO[360Safe.xe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <IFEO[adam.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <IFEO[AgentSvr.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aluschedulersvc.exe]
    <IFEO[aluschedulersvc.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <IFEO[AppSvc32.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe]
    <IFEO[ArSwp.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe]
    <IFEO[AST.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe]
    <IFEO[avadmin.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
    <IFEO[avcenter.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe]
    <IFEO[avconfig.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
    <IFEO[avconsol.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgas.exe]
    <IFEO[avgas.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
    <IFEO[avgnt.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <IFEO[avgrssvc.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
    <IFEO[avguard.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <IFEO[AvMonitor.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe]
    <IFEO[avnotify.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <IFEO[avp.com]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe]
    <IFEO[avscan.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsvchst.exe]
    <IFEO[ccsvchst.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]
    <IFEO[EGHOST.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
    <IFEO[ekrn.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.exe]
    <IFEO[Frameworkservice.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.e]
    <IFEO[FTCleanerShell.e]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FWMon.exe]
    <IFEO[FWMon.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe]
    <IFEO[FYFireWall.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe]
    <IFEO[guard.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe]
    <IFEO[guardgui.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <IFEO[HijackThis.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
    <IFEO[iparmo.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
    <IFEO[isPwdSvc.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JMPPWallUI.exe]
    <IFEO[JMPPWallUI.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <IFEO[kabaload.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
    <IFEO[KaScrScn.SCR]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <IFEO[KASTask.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
    <IFEO[KAVDX.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe]
    <IFEO[KAVPF.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
    <IFEO[KAVPFW.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
    <IFEO[KAVSetup.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
    <IFEO[KAVStart.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
    <IFEO[KISLnchr.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
    <IFEO[kissvc.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
    <IFEO[KMailMon.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
    <IFEO[KMFilter.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <IFEO[KPFW32.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
    <IFEO[KPFW32X.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe]
    <IFEO[KPfwSvc.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
    <IFEO[KRegEx.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com]
    <IFEO[KRepair.com]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
    <IFEO[KsLoader.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
    <IFEO[KVCenter.kxp]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
    <IFEO[KvDetect.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
    <IFEO[KvfwMcl.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
    <IFEO[KVMonXP_1.kxp]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
    <IFEO[kvol.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
    <IFEO[kvolself.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvprescan.exe]
    <IFEO[kvprescan.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
    <IFEO[KvReport.kxp]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp]
    <IFEO[KVScan.kxp]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
    <IFEO[KVStub.kxp]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
    <IFEO[kvupload.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
    <IFEO[kvwsc.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp]
    <IFEO[KvXP_1.kxp]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
    <IFEO[KWatch9x.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
    <IFEO[KWatchX.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe]
    <IFEO[licmgr.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe]
    <IFEO[loaddll.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
    <IFEO[MagicSet.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
    <IFEO[mcconsol.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McShield.exe]
    <IFEO[McShield.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
    <IFEO[mmqczj.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
    <IFEO[mmsk.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe]
    <IFEO[naPrdMgr.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
    <IFEO[Navapsvc.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
    <IFEO[Navapw32.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navw32.exe]
    <IFEO[Navw32.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe]
    <IFEO[navwnt.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmapapp.exe]
    <IFEO[nmapapp.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
    <IFEO[nod32.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
    <IFEO[nod32krn.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <IFEO[nod32kui.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe]
    <IFEO[NPFMntor.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OCSCtl.exe]
    <IFEO[OCSCtl.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
    <IFEO[PFW.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.ex]
    <IFEO[PFWLiveUpdate.ex]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
    <IFEO[QHSET.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
    <IFEO[QQDoctor.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
    <IFEO[QQKav.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <IFEO[rfwProxy.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
    <IFEO[rfwstub.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTray.exe]
    <IFEO[RSTray.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
    <IFEO[rstrui.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe]
    <IFEO[safeboxtray.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
    <IFEO[safelive.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <IFEO[scan32.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sfctlcom.exe]
    <IFEO[sfctlcom.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sffnup.exe]
    <IFEO[sffnup.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
    <IFEO[shcfg32.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe]
    <IFEO[shstat.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE]
    <IFEO[SREng.EXE]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <IFEO[symlcsvc.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
    <IFEO[SysSafe.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tbmon.exe]
    <IFEO[Tbmon.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.e]
    <IFEO[TrojanDetector.e]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
    <IFEO[Trojanwall.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
    <IFEO[TrojDie.kxp]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ufseagnt.exe]
    <IFEO[ufseagnt.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ufupdui.exe]
    <IFEO[ufupdui.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
    <IFEO[UIHost.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiStub.exe]
    <IFEO[uiStub.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UlibCfg.exe]
    <IFEO[UlibCfg.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
    <IFEO[UmxAgent.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.ex]
    <IFEO[UmxAttachment.ex]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
    <IFEO[UmxCfg.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
    <IFEO[UmxFwHlp.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
    <IFEO[UmxPol.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdaterUI.exe]
    <IFEO[UpdaterUI.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe]
    <IFEO[upiea.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe]
    <IFEO[UpLive.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe]
    <IFEO[USBCleaner.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
    <IFEO[vsstat.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vstskmgr.exe]
    <IFEO[Vstskmgr.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe]
    <IFEO[webscanx.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmain.exe]
    <IFEO[wmain.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
    <IFEO[WoptiClean.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WSCStub.exe]
    <IFEO[WSCStub.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe]
    <IFEO[wsctool.exe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xe]
    <IFEO[xe]><C:\WINDOWS\system32\migpwd.exe>  [File is missing]

驱动\服务
[1C3F3C79P / 1C3F3C79P][Stopped/Auto Start]
  <C:\WINDOWS\IQMAIDNVC02.exe -AD2UUZCO><(File is missing)>
[3GTZT / 3GTZT][Stopped/Auto Start]
  <C:\WINDOWS\LK6PETS.exe -CC8QHW84UKGH><(File is missing)>
[663PI3 / 663PI3][Stopped/Auto Start]
  <C:\WINDOWS\R45QQ.exe -F02KXP><(File is missing)>
[6FGDYXRO / 6FGDYXRO][Stopped/Auto Start]
  <C:\WINDOWS\XG0AUHVNFB.exe -O7U63II><(File is missing)>
[Alerter / Alerter][Stopped/Auto Start]
  <C:\Program Files\Remote\Remote.exe><N/A>
[Event Logs / Event Logs][Stopped/Auto Start]
  <C:\WINDOWS\system32\Events.exe><N/A>
[Windows Shadow / MShadow][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\MSINFO\MShadow.exe><N/A>
[PCVQX / PCVQX][Stopped/Auto Start]
  <C:\WINDOWS\SH5Y9O0.exe -5DUIEEXIZ7KG><(File is missing)>
[R3VNPYBE / R3VNPYBE][Stopped/Auto Start]
  <C:\WINDOWS\C0YOX0D.exe -76S2GV41><(File is missing)>
[wetjay / wetjay][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k wetjay-->%SystemRoot%\System32\pefezv.dll><N/A>
[Windows Help System / WinHelp31][Stopped/Auto Start]
  <C:\WINDOWS\system32\WinHelp12.exe><N/A>
[Windows Driver Server / Winsrvs][Stopped/Auto Start]
  <C:\WINDOWS\system32\tcpsrvd.exe><N/A>

[WZV7BMTTI6V / WZV7BMTTI6V][Stopped/Auto Start]
  <C:\WINDOWS\FF2WP.exe -0SE6ZW8CSM><(File is missing)>
[XL5CHS35 / XL5CHS35ameEEEE][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k XL5CHS35ameEEEE-->%SystemRoot%\XL5CHS35.dll><N/A>
[HOSTNT / HOSTNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>

??怎么解决

http://cu003.www.duba.net/duba/tools/dubatools/dbtools_cdj.com
用这个修复IEFO
驱动\服务用我附件的删除（里面有说明）

附件: XDelBox.rar

附件: XDelBox.rar

我试试

那个<C:\WINDOWS\System32\svchost.exe -k XL5CHS35ameEEEE-->%SystemRoot%\XL5CHS35.dll><N/A>
不删C:\WINDOWS\System32\svchost.exe 删除系统驱动下的XL5CHS35.dll

这个病毒加载了不少东西呀,用专木马专杀杀不了吗?

进入注册表，删除键值：HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

楼主中过感染型病毒

1.建议使用XDelBox删除以下文件：(XDelBox1.8下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，（在待删除文件列表里点击右键选择从剪贴板导入不检查路径，）选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\windows\system32\migpwd.exe
c:\windows\xl5chs35\pefezv.dll
c:\program files\common files\microsoft shared\msinfo\mshadow.exe
c:\windows\360.dll
c:\program files\remote\remote.exe
c:\windows\lk6pets.exe
c:\windows\c0yox0d.exe
c:\windows\r45qq.exe
c:\windows\xg0auhvnfb.exe
c:\windows\ff2wp.exe
c:\windows\iqmaidnvc02.exe
c:\windows\system32\winhelp12.exe


2.删除重启后使用SREng修复下面各项：


    启动项目 －－ 服务 －－ Win32服务应用程序之如下项删除：
  (勾选隐藏已认证的微软项目,选中有问题的驱动/服务后，点"删除服务"，点"设置"按钮即可。注意弹出的窗口中要点"否"才是确认删除服务）


[XL5CHS35 / XL5CHS35ameEEEE]    <C:\WINDOWS\System32\svchost.exe -k XL5CHS35ameEEEE-->%SystemRoot%\XL5CHS35.dll>
[wetjay / wetjay]    <C:\WINDOWS\system32\svchost.exe -k wetjay-->%SystemRoot%\System32\pefezv.dll>
[Windows Shadow / MShadow]    <C:\Program Files\Common Files\Microsoft Shared\MSINFO\MShadow.exe>
[Auvqsdl / bugrepert]    <C:\WINDOWS\System32\svchost.exe -k bugrepert-->%SystemRoot%\360.dll>
[Alerter / Alerter]    <C:\Program Files\Remote\Remote.exe>
[3GTZT / 3GTZT]    <C:\WINDOWS\LK6PETS.exe -CC8QHW84UKGH>
[R3VNPYBE / R3VNPYBE]    <C:\WINDOWS\C0YOX0D.exe -76S2GV41>
[663PI3 / 663PI3]    <C:\WINDOWS\R45QQ.exe -F02KXP>
[6FGDYXRO / 6FGDYXRO]    <C:\WINDOWS\XG0AUHVNFB.exe -O7U63II>
[WZV7BMTTI6V / WZV7BMTTI6V]    <C:\WINDOWS\FF2WP.exe -0SE6ZW8CSM>
[1C3F3C79P / 1C3F3C79P]    <C:\WINDOWS\IQMAIDNVC02.exe -AD2UUZCO>
[R3VNPYBE / R3VNPYBE]    <C:\WINDOWS\C0YOX0D.exe -76S2GV41>
[Windows Help System / WinHelp31]    <C:\WINDOWS\system32\WinHelp12.exe>

系统修复-高级修复-自动修复（高强修复级别）

附件清空映像劫持项


c:\windows\system32\tcpsrvd.exe
发到可疑文件交流区

附件: 映像劫持修复工具.rar

第一步,删除文件那步
操作完之后重新启动电脑删除,每次进入系统列表要删除的时候电脑就自动重新启动，然后再进入系统列表，又重新启动

意思是没成功进入dos删除文件？

进入系统列表是选择进入XP
扫新日志

好了，进入DOS删除了,刚才可能是路进打错了。因为中毒那个电脑突然无法上网了，我就是打出来的....现在已经删除了，正进行修复

你是要我提取这个文件吗




映像劫持修复工具.rar是做什么用的

附件: tcpsrvd.rar

我按照你的步骤都操作完了

新日志发上来看看

日志

附件: SREngLOG.log

清理助手下载
安装后，升级清理助手，完整扫描
清理系统

升级杀毒软件
全盘杀毒

没安装防火墙？:default2:

没有...............

现在病毒清楚了吗?

该用户帖子内容已被屏蔽

映像劫持修复工具.rar 是用来修复影响劫持的
2楼和3楼给你找出来的就是劫持映像的项
劫持映像简单的理解就是说本来你要运行A程序可是你运行的时候被劫持结果你运行的确实B程序  这样解释你明白了吧

日志感觉没什么了，windows清理助手清理一下就行了。