急!!!!!!!!!!入口点错误问题
用SRENG扫描,发现有许多入口点错误,且不能修复.江民扫描又显示无病毒.附报告
2008-10-17,09:25:31
System Repair Engineer 2.6.12.1018
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 [url]www.cike007.cn[/url]
127.0.0.1 [url]www.exiao01.com[/url]
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 [url]www.333292.com[/url]
127.0.0.1 down.18dd.net
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 [url]www.868wg.com[/url]
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 [url]www.22aaa.com[/url]
127.0.0.1 xx.exiao01.com
127.0.0.1 [url]www.exiao01.com[/url]
127.0.0.1 tp.shpzhan.cn
127.0.0.1 [url]www.tomwg.com[/url]
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 up.22x44.com
------fs2you patch by [email]vadera@pdahd.cn[/email]------
59.63.157.25 [url]www.fs2you.com[/url]
222.169.230.101 dyn.[url]www.fs2you.com[/url]
59.32.232.195 cachefile1.fs2you.com
222.169.230.98 cachefile2.fs2you.com
221.204.246.79 cachefile3.fs2you.com
61.150.85.80 cachefile4.fs2you.com
60.2.139.27 cachefile5.fs2you.com
61.184.189.10 cachefile6.fs2you.com
61.174.62.132 cachefile7.fs2you.com
58.211.75.49 cachefile8.fs2you.com
61.134.84.238 cachefile9.fs2you.com
61.156.40.181 cachefile10.fs2you.com
218.75.151.4 cachefile11.fs2you.com
58.211.75.31 cachefile12.fs2you.com
124.94.101.133 cachefile13.fs2you.com
221.204.246.115 cachefile14.fs2you.com
218.75.151.10 cachefile15.fs2you.com
58.218.209.126 cachefile16.fs2you.com
61.157.152.173 cachefile17.fs2you.com
125.46.41.27 cachefile18.fs2you.com
125.91.11.223 cachefile19.fs2you.com
59.53.48.134 cachefile20.fs2you.com
59.53.48.136 cachefile21.fs2you.com
59.53.48.144 cachefile22.fs2you.com
61.139.106.204 cachefile23.fs2you.com
59.53.48.172 cachefile24.fs2you.com
124.94.101.146 cachefile25.fs2you.com
61.166.111.227 cachefile26.fs2you.com
59.32.232.195 file1.fs2you.com
222.169.230.98 file2.fs2you.com
221.204.246.79 file3.fs2you.com
61.150.85.80 file4.fs2you.com
60.2.139.27 file5.fs2you.com
61.184.189.10 file6.fs2you.com
61.174.62.132 file7.fs2you.com
58.211.75.49 file8.fs2you.com
61.134.84.238 file9.fs2you.com
61.156.40.181 file10.fs2you.com
218.75.151.4 file11.fs2you.com
58.211.75.31 file12.fs2you.com
124.94.101.133 file13.fs2you.com
221.204.246.115 file14.fs2you.com
218.75.151.10 file15.fs2you.com
58.218.209.126 file16.fs2you.com
61.157.152.173 file17.fs2you.com
125.46.41.27 file18.fs2you.com
125.91.11.223 file19.fs2you.com
59.53.48.134 file20.fs2you.com
59.53.48.136 file21.fs2you.com
59.53.48.144 file22.fs2you.com
61.139.106.204 file23.fs2you.com
59.53.48.172 file24.fs2you.com
124.94.101.146 file25.fs2you.com
61.166.111.227 file26.fs2you.com
------fs2you patch end------
==================================
进程特权扫描
特殊特权被允许: SeSystemtimePrivilege [PID = 1884, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\KVXP.KXP]
特殊特权被允许: SeDebugPrivilege [PID = 1884, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\KVXP.KXP]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1884, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\KVXP.KXP]
特殊特权被允许: SeSystemtimePrivilege [PID = 524, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\FROGAGENT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 524, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\FROGAGENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 524, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\FROGAGENT.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1432, D:\DOWNLOADS\REG.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1432, D:\DOWNLOADS\REG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1432, D:\DOWNLOADS\REG.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2460, D:\SRENG文件夹\SRENGLDR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2460, D:\SRENG文件夹\SRENGLDR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2460, D:\SRENG文件夹\SRENGLDR.EXE]
==================================
API HOOK
入口点错误:NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D572D)
入口点错误:NtCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003D58CD)
入口点错误:NtSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003D599D)
入口点错误:NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D57FD)
入口点错误:ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D572D)
入口点错误:ZwCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003D58CD)
入口点错误:ZwSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003D599D)
入口点错误:ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D57FD)
入口点错误:LoadLibraryA (危险等级: 高, 被下面模块所HOOK: 0x003D69DD)
LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: )
入口点错误:CreateFileW (危险等级: 高, 被下面模块所HOOK: 0x003D64FD)
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x003D690D)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x003D676D)
入口点错误:FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D)
==================================
隐藏进程
[177] C:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe
[1913] C:\Program Files\JiangMin\AntiVirus\KVMonXP_1.kxp
[2025] D:\Downloads\Trojanwall.exe
[2569] C:\Program Files\JiangMin\antivirus\kvdetect.exe
==================================
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)