瑞星卡卡安全论坛

    如题  网上搜了一下，找到个什么99%是木马 不过按他说的我都找不到其他相关文件，另外IE每次打开都报病毒，目录是C:\WINDOWS\system32  瑞星下载最新版删除不干净


[cmd.exe]
PID = 0x564
CommandLine = cmd /c ""C:\DOCUME~1\Admin\LOCALS~1\Temp\_xiaran.bat" "
    cmd.exe
    0x4ad00000
    C:\WINDOWS\system32\cmd.exe
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Command Processor
    2004-08-04 00:52:30

    ntdll.dll
    0x7c920000
    C:\WINDOWS\system32\ntdll.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    NT Layer DLL
    2004-08-04 00:52:02

    kernel32.dll
    0x7c800000
    C:\WINDOWS\system32\kernel32.dll
    5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)
    Microsoft Corporation
    Windows NT BASE API Client DLL
    2006-07-05 18:56:00

    msvcrt.dll
    0x77be0000
    C:\WINDOWS\system32\msvcrt.dll
    7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT CRT DLL
    2004-08-04 00:52:20

    USER32.dll
    0x77d10000
    C:\WINDOWS\system32\user32.dll
    5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)
    Microsoft Corporation
    Windows XP USER API Client DLL
    2005-03-03 02:10:06

    GDI32.dll
    0x77ef0000
    C:\WINDOWS\system32\gdi32.dll
    5.1.2600.2818 (xpsp_sp2_gdr.051228-1427)
    Microsoft Corporation
    GDI Client DLL
    2005-12-29 10:56:04

    IMM32.DLL
    0x76300000
    C:\WINDOWS\system32\imm32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows XP IMM32 API Client DLL
    2004-08-04 00:52:12

    ADVAPI32.dll
    0x77da0000
    C:\WINDOWS\system32\advapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Advanced Windows 32 Base API
    2004-08-04 00:52:06

    RPCRT4.dll
    0x77e50000
    C:\WINDOWS\system32\rpcrt4.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Remote Procedure Call Runtime
    2004-08-04 00:52:24

    LPK.DLL
    0x62c20000
    C:\WINDOWS\system32\lpk.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Language Pack
    2004-08-04 00:52:14

    USP10.dll
    0x73fa0000
    C:\WINDOWS\system32\usp10.dll
    1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Uniscribe Unicode script processor
    2004-08-04 00:52:26

    Apphelp.dll
    0x76d70000
    C:\WINDOWS\system32\apphelp.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Application Compatibility Client Library
    2004-08-04 00:52:06

    VERSION.dll
    0x77bd0000
    C:\WINDOWS\system32\version.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Version Checking and File Installation Libraries
    2004-08-04 00:52:26

【回复“孤独浪侠”的帖子】
http://www.KZTechs.com/
下载System Repair Engineer
导出全部日志

我的cmd一开机就这样，不知道怎么回事。

cmd 是可以终止的
如果在你从开始－运行－cmd 打开命令行窗口之前就有的话很可能有问题
csrss 系统必然有一个
如果再有第二个就是有问题的了撒.