1   1  /  1  页   跳转

[求助] 急!!!!!!!!!!入口点错误问题

急!!!!!!!!!!入口点错误问题

用SRENG扫描,发现有许多入口点错误,且不能修复.江民扫描又显示无病毒.附报告

2008-10-17,09:25:31

System Repair Engineer 2.6.12.1018
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  [url]www.cike007.cn[/url]
127.0.0.1  [url]www.exiao01.com[/url]
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  [url]www.333292.com[/url]
127.0.0.1  down.18dd.net
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  [url]www.868wg.com[/url]
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  [url]www.22aaa.com[/url]
127.0.0.1  xx.exiao01.com
127.0.0.1  [url]www.exiao01.com[/url]
127.0.0.1  tp.shpzhan.cn
127.0.0.1  [url]www.tomwg.com[/url]
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  up.22x44.com
------fs2you patch by [email]vadera@pdahd.cn[/email]------
59.63.157.25    [url]www.fs2you.com[/url]
222.169.230.101    dyn.[url]www.fs2you.com[/url]
59.32.232.195 cachefile1.fs2you.com
222.169.230.98 cachefile2.fs2you.com
221.204.246.79 cachefile3.fs2you.com
61.150.85.80 cachefile4.fs2you.com
60.2.139.27 cachefile5.fs2you.com
61.184.189.10 cachefile6.fs2you.com
61.174.62.132 cachefile7.fs2you.com
58.211.75.49 cachefile8.fs2you.com
61.134.84.238 cachefile9.fs2you.com
61.156.40.181 cachefile10.fs2you.com
218.75.151.4 cachefile11.fs2you.com
58.211.75.31 cachefile12.fs2you.com
124.94.101.133 cachefile13.fs2you.com
221.204.246.115 cachefile14.fs2you.com
218.75.151.10 cachefile15.fs2you.com
58.218.209.126 cachefile16.fs2you.com
61.157.152.173 cachefile17.fs2you.com
125.46.41.27 cachefile18.fs2you.com
125.91.11.223 cachefile19.fs2you.com
59.53.48.134 cachefile20.fs2you.com
59.53.48.136 cachefile21.fs2you.com
59.53.48.144 cachefile22.fs2you.com
61.139.106.204 cachefile23.fs2you.com
59.53.48.172 cachefile24.fs2you.com
124.94.101.146 cachefile25.fs2you.com
61.166.111.227 cachefile26.fs2you.com
59.32.232.195 file1.fs2you.com
222.169.230.98 file2.fs2you.com
221.204.246.79 file3.fs2you.com
61.150.85.80 file4.fs2you.com
60.2.139.27 file5.fs2you.com
61.184.189.10 file6.fs2you.com
61.174.62.132 file7.fs2you.com
58.211.75.49 file8.fs2you.com
61.134.84.238 file9.fs2you.com
61.156.40.181 file10.fs2you.com
218.75.151.4 file11.fs2you.com
58.211.75.31 file12.fs2you.com
124.94.101.133 file13.fs2you.com
221.204.246.115 file14.fs2you.com
218.75.151.10 file15.fs2you.com
58.218.209.126 file16.fs2you.com
61.157.152.173 file17.fs2you.com
125.46.41.27 file18.fs2you.com
125.91.11.223 file19.fs2you.com
59.53.48.134 file20.fs2you.com
59.53.48.136 file21.fs2you.com
59.53.48.144 file22.fs2you.com
61.139.106.204 file23.fs2you.com
59.53.48.172 file24.fs2you.com
124.94.101.146 file25.fs2you.com
61.166.111.227 file26.fs2you.com
------fs2you patch end------

==================================
进程特权扫描
特殊特权被允许: SeSystemtimePrivilege [PID = 1884, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\KVXP.KXP]
特殊特权被允许: SeDebugPrivilege [PID = 1884, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\KVXP.KXP]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1884, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\KVXP.KXP]
特殊特权被允许: SeSystemtimePrivilege [PID = 524, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\FROGAGENT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 524, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\FROGAGENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 524, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\FROGAGENT.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1432, D:\DOWNLOADS\REG.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1432, D:\DOWNLOADS\REG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1432, D:\DOWNLOADS\REG.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2460, D:\SRENG文件夹\SRENGLDR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2460, D:\SRENG文件夹\SRENGLDR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2460, D:\SRENG文件夹\SRENGLDR.EXE]

==================================
API HOOK
入口点错误:NtCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003D572D)
入口点错误:NtCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003D58CD)
入口点错误:NtSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003D599D)
入口点错误:NtWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003D57FD)
入口点错误:ZwCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003D572D)
入口点错误:ZwCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003D58CD)
入口点错误:ZwSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003D599D)
入口点错误:ZwWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003D57FD)
入口点错误:LoadLibraryA (危险等级: 高,  被下面模块所HOOK: 0x003D69DD)
LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: )
入口点错误:CreateFileW (危险等级: 高,  被下面模块所HOOK: 0x003D64FD)
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x003D690D)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x003D676D)
入口点错误:FreeLibrary (危险等级: 高,  被下面模块所HOOK: 0x5F00002D)

==================================
隐藏进程
    [177] C:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe
    [1913] C:\Program Files\JiangMin\AntiVirus\KVMonXP_1.kxp
    [2025] D:\Downloads\Trojanwall.exe
    [2569] C:\Program Files\JiangMin\antivirus\kvdetect.exe

==================================


用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
分享到:
gototop
 

回复:急!!!!!!!!!!入口点错误问题

应该是江民搞的

http://bbs.ikaka.com/showtopic-8442813.aspx
自己看去
gototop
 

回复:急!!!!!!!!!!入口点错误问题

修复HOSTS文件
我就是日不懂啊,没啥好介绍的
gototop
 

回复 3F 小日来了 的帖子

貌似不该修复
gototop
 

回复:急!!!!!!!!!!入口点错误问题

是这样的,是由于,杀毒软件引起的,是正常的,不用担心!具体的原因就不知道了,但是,我只知道大概
gototop
 

回复5楼:急!!!!!!!!!!入口点错误问题

SRENG工具仍然修复不了,求高手帮忙,谢了!!!!!!!!!!!!!
gototop
 

回复:急!!!!!!!!!!入口点错误问题

这个没什么事的吧.
gototop
 

回复:急!!!!!!!!!!入口点错误问题

10月17日的贴子,到如今问题依然未解决。紧急求助!!!!!!!!
gototop
 

回复:急!!!!!!!!!!入口点错误问题

你到底要怎么解决??

我那置顶贴不是说了吗??

那SRENG的提示不是给你看的

与你无关

你还想要怎样??

那你彻底卸载所有杀毒软件和防火墙吧

那提示就没了
百年以后,你的墓碑旁 刻着的名字不是我
gototop
 

回复:急!!!!!!!!!!入口点错误问题

结束reg.exe进程
将 D:\DOWNLOADS\REG.EXE压缩为RAR上传
汰丸,你妈妈六十大寿让你回家吃饭

http://hi.baidu.com/roxiel
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT