斑竹, 别发火, 你说的不够详细, 你不能指望每个瑞星都是电脑高手. 不然瑞星也没有市场了!
现在清理助手已经说没有可疑进程了, 瑞星伞也打开了.
重新扫描日志见附件,主要摘录如下: 好象还有问题, 斑竹请帮忙!
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 3680, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3680, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 4032, C:\PROGRAM FILES\LENOVO\ENERGYCUT\UTILTY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4032, C:\PROGRAM FILES\LENOVO\ENERGYCUT\UTILTY.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 4060, C:\PROGRAM FILES\LENOVO\ENERGYCUT\ENERGYCUT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4060, C:\PROGRAM FILES\LENOVO\ENERGYCUT\ENERGYCUT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 292, C:\PROGRAM FILES\GEMPLUS\GEMSAFE LIBRARIES\BIN\REGTOOL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 292, C:\PROGRAM FILES\GEMPLUS\GEMSAFE LIBRARIES\BIN\REGTOOL.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2420, C:\PROGRAM FILES\KINGSOFT\POWERWORD 2003\XDICT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2420, C:\PROGRAM FILES\KINGSOFT\POWERWORD 2003\XDICT.EXE]
==================================
API HOOK
入口点错误:NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D4305)
入口点错误:NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D43A5)
入口点错误:ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D4305)
入口点错误:ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D43A5)
