高手求助autorun病毒（请看清）

cxzandwsy

[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll]  [XunLei, 1, 0, 1, 44]
    [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 2, 0, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 18]
    [C:\WINDOWS\system32\MFPlat.DLL]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
[PID: 340][E:\软件\360safe_3.3\360safe_3.301004\safemon\360Tray.exe]  [奇虎网, 3, 3, 0, 1004]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\SafeKrnl.dll]  [奇虎网, 3, 2, 0, 1001]
    [E:\软件\360safe_3.3\360safe_3.301004\AntiAdwa.dll]  [360Safe.com, 3, 3, 0, 1004]
    [E:\软件\360safe_3.3\360safe_3.301004\live.dll]  [360safe.COM, 1, 0, 0, 1012]
[PID: 3996][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
[PID: 1880][C:\Program Files\HFEE\SVOHOST.EXE]  [, 3000.0.0.0]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
[PID: 3236][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  [Microsoft Corporation, 11.0.6359]
    [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.6360]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
    [C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll]  [Microsoft Corporation, 5.50.99.2009]
    [C:\PROGRA~1\MICROS~2\OFFICE11\ADDINS\SYMINPUT.DLL]  [Microsoft Corporation, 1.02]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL]  [Microsoft Corporation, 1.1.6215]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\mslid.dll]  [Microsoft Corporation, 1.0.2305]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL]  [Microsoft Corporation, 3.1.2303]
    [C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\INTLNAME.DLL]  [Microsoft Corporation, 11.0.6016]
    [C:\Program Files\Common Files\Microsoft Shared\Smart Tag\CHDATEST.DLL]  [Microsoft Corporation, 2.00]
    [C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Chinese Measurement Converter\CHMETCNV.DLL]  [Microsoft Corp., 1.00]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\2052\stintl.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FPERSON.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\MOFL.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL]  [Microsoft Corporation, 5.10.2925.0]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FDATE.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Ps5ui.dll]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\INK\INKOBJ.DLL]  [Microsoft Corporation, 2.0.2201.0 (xpsp1.020820-1800)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL]  [Microsoft Corporation, 6.0.3264.0]
[PID: 2192][C:\Program Files\TTOD\CAJViewer 6.0\CAJViewer.exe]  [Tsinghua Tongfang Optical Disc Co., Ltd., 6, 0, 96, 1]
    [C:\Program Files\TTOD\CAJViewer 6.0\ReaderEx.dll]  [Tsinghua Tongfang Optical Disc Co.,Ltd., 2, 0, 2152, 0]
    [C:\Program Files\TTOD\CAJViewer 6.0\TToolkit.dll]  [Tsinghua Tongfang Optical Disc Co.,LTD., 4, 0, 135, 0]
    [C:\Program Files\TTOD\CAJViewer 6.0\ft.dll]  [TTOD, 2, 1, 9, 1]
    [C:\Program Files\TTOD\CAJViewer 6.0\ijl15.dll]  [Intel Corporation, 1,51,12,44]
    [C:\Program Files\TTOD\CAJViewer 6.0\sysinfo.dll]  [清华同方光盘股份有限公司, 1.0.0.1]
    [C:\Program Files\TTOD\CAJViewer 6.0\WordSegmentor.dll]  [N/A, ]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1172][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [C:\WINDOWS\system32\dla\tfswshx.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\tfswapi.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\dla\tfswcres.dll]  [Sonic Solutions, 1.04.08a]
    [C:\PROGRA~1\iebook\iebook.dll]  [N/A, ]
    [C:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\FSSync.dll]  [Kaspersky Lab, 6.0.5.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 4068][C:\Program Files\文本整理器\TextEditor.exe]  [, 3, 0]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
[PID: 424][C:\Program Files\Maxthon\Maxthon.exe]  [MY Soft Technology, 1, 2, 5, 20]
    [C:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\netfxperf.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
[PID: 2864][C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe]  [Adobe Systems, Incorporated, 7.0.1]
    [C:\Program Files\Adobe\Photoshop 7.0\ACE.dll]  [Adobe Systems Incorporated, 2.02.05]
    [C:\Program Files\Adobe\Photoshop 7.0\AGM.dll]  [Adobe Systems Incorporated, 4.08.18]
    [C:\Program Files\Adobe\Photoshop 7.0\BIB.dll]  [Adobe Systems Incorporated, 1.1.8]
    [C:\Program Files\Adobe\Photoshop 7.0\CoolType.dll]  [Adobe Systems Incorporated, 4.10.20]
    [C:\Program Files\Adobe\Photoshop 7.0\asn.er.dll]  [N/A, ]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\Program Files\Adobe\Photoshop 7.0\Photoshop.dll]  [Adobe Systems, Incorporated, 7.0.1]
    [C:\Program Files\Adobe\Photoshop 7.0\PSViews.dll]  [Adobe Systems, Incorporated, 7.0.1]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Ps5ui.dll]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\AD2KReGP.DLL]  [Adobe Systems Inc., 6, 0, 0, 1]
    [C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\Extensions\FastCore.8BX]  [Adobe Systems, Incorporated, 7.0.1]
    [C:\Program Files\Adobe\Photoshop 7.0\PLUGIN.dll]  [Adobe Systems, Incorporated, 7.0]
    [C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\Extensions\MMXCore.8BX]  [Adobe Systems, Incorporated, 7.0.1]
    [C:\Program Files\Adobe\Photoshop 7.0\Required\ADMPlugin.apl]  [Adobe Systems Incorporated, 2.84ps79 07.15.2002-10:05:00h]
    [C:\Program Files\Adobe\Photoshop 7.0\Required\PNGIcons.apl]  [Adobe Systems Incorporated, 1.21x7 2001.12.14-1602h.21s]
    [C:\Program Files\Adobe\Photoshop 7.0\Required\ASDataStream.apl]  [Adobe Systems Incorporated, 1.02x7 02.02.15-01:45:06h]
    [C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Parser\PDF 图像导入.8BI]  [Adobe Systems, Incorporated, 7.0.1]
    [C:\Program Files\Adobe\Photoshop 7.0\PDFL50.dll]  [Adobe Systems Incorporated, 5.0.000]
    [C:\Program Files\Adobe\Photoshop 7.0\OPP.dll]  [Adobe Systems Incorporated, 1.02.01]
    [C:\WINDOWS\system32\ATMLIB.dll]  [Adobe Systems, 5.1 Build 226]
    [C:\Program Files\Common Files\Adobe\Workflow\ARM.dll]  [Adobe Systems, Incorporated, 2.8.3.3]
    [C:\Program Files\Common Files\Adobe\Web\AdobeWeb.dll]  [Adobe Systems, Incorporated, 2.8.3.3]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 3708][E:\软件\1\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEE346AF0)
RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEE346CD0)
RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEE346E30)
RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEE346BE0)
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: E:\软件\360safe_3.3\360safe_3.301004\safemon\safemon.dll)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xEE346DE0)

==================================
隐藏进程
N/A

==================================


[/CODE]

b211211

自己建一个autorun.inf文件，设置为只读，关闭自动打开功能～

mds

用unlocker解锁删除这个
C:\WINDOWS\system32\dx6vcl.dll

cxzandwsy

多谢Mds提供的线索，原来我中的是autorun病毒的变种。本周新病毒：据说排名第五。
本周我们需要关注的病毒：Virus.Win32.AutoRun.abq。病毒表现（X代表任意数字与字母的组合）：
    这个主程序是一个pif文件，在运行后会生成以下文件： C:\WINDOWS\system32\dx6vcl.dll C:\WINDOWS\system32\notepod.exe C:\WINDOWS\system32\ssmicrco.scr
专家建议:  
    手动查杀方法:进入系统安全模式，删除以下文件： C:\WINDOWS\system32\dx6vcl.dll C:\WINDOWS\system32\notepod.exe C:\WINDOWS\system32\ssmicrco.scr 。

问题是，我在system32\下面找不到ssmicrco.scr ，在安全模式下删除了dx6vcl.dll和notepod.exe 又自动生成。难到是变种的变种，
记得刚中毒的时候，卡巴好像反映说是风险，但不能删除，只能跳过，现在用卡巴检测竟然毫无反应。
确定是Virus.Win32.AutoRun.abq，但还是找不到病在哪里。。。。

cxzandwsy

把注册表里面的残余也删了，也不行，又重新出来。

jpzy

病毒要运行，必然要在启动项目里面加载自身，所以，想杀毒，必然要首先保证病毒不会随系统启动，只要病毒没有启动，那么简单的shift+del就可以搞定它了！

请你用工具（Autoruns，Hijackthis……）检查你的启动项目，尤其注意服务项，驱动项中是否有可疑文件~~~

我前天处理了一个Autorun病毒，也是将病毒本体和生成物杀干净以后发现每打开一个磁盘，仍然会在根目录下自动生成一个autorun.inf和一个pegefiles.pif文件，查看进程，没有异常！用Hijackthis检查，发现App_init有一个可疑dll文件，试图手动删除这个dll，发现，此dll借助App_init的优势，插入到所有的系统进程，一旦强行删除它，电脑就会自动重启，后来用光盘PE系统，将此dll杀掉，病毒彻底清除了~！

希望我的经历能够对你有所帮助~！

jpzy

你的日志太长了，看的头晕~~~~

不过你似乎开了U盘专杀，360和AVGAS的实时防护~~~

其实这三个都是没必要开的~！U盘专杀的效果其实很一般，360的护盾更是除了占资源以外，毫无用处（查杀木马靠文件名和MD5…………），AVG的监控公认的比较差！而且这几个东西一开，PF至少多了100M！！

好的习惯是很主要的，现在不管你是否确定U盘安全，通过电脑打开U盘的时候，最好还是用右键菜单里面的资源管理器，这是最安全的方式！同时，磁盘的自动运行也要关闭！（关闭方法很多，请自己搜索）

jpzy

[PID: 1880][C:\Program Files\HFEE\SVOHOST.EXE]  [, 3000.0.0.0]

这东西看着可疑~~~~进程名称跟系统进程很像~~~~没有公司名~~~~~

mox

关闭系统还原.清理临时文件.
文件删除:建议安全模式下使用费尔木马清除助手或冰刃 分别填入要删除的文件（包括完整的路径） ，勾选“抑止杀灭对象再次生成”，点删除【如提示文件找不到，忽略错误】
c:\program files\hfee\svohost.exe
c:\program files\文本整理器\texteditor.exe   (这个确认一下)
c:\program files\jj4\jiajiasr.exe
c:\progra~1\iebook\iebook.dll
====================================================
删除重启后使用SREng修复下面各项

    启动项目 －－ 注册表之如下项删除：
[jiajiasr]    <C:\Program Files\jj4\jiajiasr.exe>

    系统修复－－　浏览器加载项之如下项删除：
[]    <C:\PROGRA~1\iebook\iebook.dll>
=====================================================
1.再用autorun专杀清理一遍
2.下载windows清理助手清理(不可忽略)
http://www.arswp.com/download/arswp/arswp.rar

cxzandwsy

中的肯定是autorun病毒的变种，病毒：Virus.Win32.AutoRun.abq。其在system32下面生成：dx6vcl.dll和rsvp.exe两个病毒文件。当U盘插入电脑未点击自前病毒就直接写入autorun.inf和一个回收站（内涵cleardisk.pif及其他），当你重启时会显示16位MS-DOS子系统出错等。而且该病毒将dx6vcl，notepod，ssmicrco，2.bat，1.vbs等文件写入注册表，必须在注册表中删除这些垃圾。。。。 c:\program files\hfee\svohost.exe（一个密码软件，呵呵） c:\program files\文本整理器\texteditor.exe (一个电子文本电子软件) c:\program files\jj4\jiajiasr.exe（拼音加加输入法） c:\progra~1\iebook\iebook.dll（电子书制作软件）问题应该出在sreng报告中的“[QoS RSVP / RSVP][Stopped/Auto Start] ”和“ [C:\WINDOWS\system32\dx6vcl.dll]”处，应该是rsvp和dx6vcl在作怪。感谢大家！！！！