今日在机器中发现了Trojan.Horse
但当我用NORTON ANTIVIRUS尝试清除时显示"修复失败"及"拒绝访问"
麻烦各位指明清除的办法
小弟在线等

用Unlocker工具删除杀毒失败的文件试试
工具下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7471002

但无法找到病毒文件
如何是好?

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

病毒路径？

NORTOM显示
源:C:\Documents and Settings\user\Local Settings\Temporary Internet Files\content.ie5\ixkl456l\mmmmm[1].gif

http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载Icesword
可以查看下面这个文件夹：
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\content.ie5

删除C:\Documents and Settings\user\Local Settings\Temporary Internet Files\content.ie5文件夹

【回复“BlackStone”的帖子】
ProcessPIDCPUDescriptionCompany Name
System Idle Process089.23
Interruptsn/aHardware Interrupts
DPCsn/aDeferred Procedure Calls
System4
  SMSS.EXE900Windows NT Session ManagerMicrosoft Corporation
  CSRSS.EXE1024Client Server Runtime ProcessMicrosoft Corporation
  WINLOGON.EXE1048Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE1092Services and Controller appMicrosoft Corporation
    SVCHOST.EXE1268Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1312Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE16121.54Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1664Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1956Generic Host Process for Win32 ServicesMicrosoft Corporation
    ccSetMgr.exe268Common Client Settings Manager ServiceSymantec Corporation
    ccEvtMgr.exe400Common Client Event Manager ServiceSymantec Corporation
    SPOOLSV.EXE644Spooler SubSystem AppMicrosoft Corporation
    SCardSvr.exe700Smart Card Resource Management ServerMicrosoft Corporation
    NAVAPSVC.EXE300Norton AntiVirus Auto-Protect ServiceSymantec Corporation
    NVSVC32.EXE336NVIDIA Driver Helper Service, Version 66.72NVIDIA Corporation
    SAVScan.exe736Symantec AntiVirus ScannerSymantec Corporation
    LogS.exe1004日志服务器深圳市深信服电子科技有限公司
    SVCHOST.EXE1756Generic Host Process for Win32 ServicesMicrosoft Corporation
    SYMLCSVC.EXE1908Symantec Core ComponentSymantec Corporation
    SymWSC.exe136Norton Security Center ServiceSymantec Corporation
    alg.exe2128Application Layer Gateway ServiceMicrosoft Corporation
    LSASS.EXE1104LSA Shell (Export Version)Microsoft Corporation
EXPLORER.EXE384Windows ExplorerMicrosoft Corporation
RUNDLL32.EXE832Run a DLL as an AppMicrosoft Corporation
SOUNDMAN.EXE624Realtek Sound ManagerRealtek Semiconductor Corp.
RUNDLL32.EXE1692Run a DLL as an AppMicrosoft Corporation
PDVDServ.exe1884PowerDVD RC ServiceCyberlink Corp.
Winampa.exe792
YLive.exe2096YLive
yassistse.exe2104AssistSettingYahoo!
RUNDLL32.EXE2120Run a DLL as an AppMicrosoft Corporation
ccApp.exe2136Common Client User SessionSymantec Corporation
NgWatch.exe2148NgWatch Microsoft 基础类应用程序
ctfmon.exe2156CTF LoaderMicrosoft Corporation
msmsgs.exe2196Windows MessengerMicrosoft Corporation
Thunder.exe3756
IEXPLORE.EXE2996Internet ExplorerMicrosoft Corporation
procexp.exe18207.69Sysinternals Process ExplorerSysinternals
ccLgView.exe3588Common Client Log ViewerSymantec Corporation

Process: Procexp Pid: -2

TypeName

注意看回帖
不是procexp，是autoruns

【回复“BlackStone”的帖子】
不好意思
以下是AUTORUN的
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ccAppCommon Client User SessionSymantec Corporationc:\program files\common files\symantec shared\ccapp.exe

+ CnsMin3721北京三七二一科技有限公司c:\windows\downloaded program files\cnsmin.dll

+ iparmorFile not found: f:\Program Files\Iparmor\iparmor.exe mini

+ NGWatchNgWatch Microsoft 基础类应用程序c:\program files\sinfor\ng pdlan\ngwatch.exe

+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll

+ NvMediaCenterNVIDIA Media Center LibraryNVIDIA Corporationc:\windows\system32\nvmctray.dll

+ nwizNVIDIA nView Wizard, Version 66.72 NVIDIA Corporationc:\windows\system32\nwiz.exe

+ RemoteControlPowerDVD RC ServiceCyberlink Corp.c:\program files\cyberlink\powerdvd\pdvdserv.exe

+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINDOWS\soundman.exe

+ Symantec NetDriver MonitorSymantec Security Drivers Install MonitorSymantec Corporationc:\program files\symnetdrv\sndmon.exe

+ WinampAgentc:\program files\winamp\winampa.exe

+ yassistseAssistSettingYahoo!c:\program files\yahoo!\assistant\yassistse.exe

+ YLive.exeYLive c:\program files\yahoo!\assistant\ylive.exe

C:\Documents and Settings\user\「开始」菜单\程序\启动

+ pp2005迅雷专业版.lnkf:\program files\pp2005\thunder.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Ultra Access操作系统的最佳助手tengxingc:\program files\windows无忧助手\win51helper.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Desktop ExplorerNVIDIA Desktop Explorer, Version 66.72 NVIDIA Corporationc:\windows\system32\nvshell.dll

+ Desktop Explorer MenuNVIDIA Desktop Explorer, Version 66.72 NVIDIA Corporationc:\windows\system32\nvshell.dll

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ NvCpl DesktopContext ClassNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll

+ nView Desktop Context MenuNVIDIA Desktop Explorer, Version 66.72 NVIDIA Corporationc:\windows\system32\nvshell.dll

+ Play on my TV helperNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll

+ PowerWord ExplorerBarPowerWord Web Dictionary Engine金山软件股份有限公司c:\powerword 2003\xdictexb.dll

+ UnlockerShellExtensionc:\program files\unlocker\unlockercom.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ Yahoo!PhotoyPhtbYahoo! Chinac:\program files\yahoo!\assistant\assist\yphtb.dll

+ 粉碎文件Wiper 动态链接库c:\program files\yahoo!\assistant\assist\ywiper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AntiFish Classyangling.dllYahoo.c:\program files\yahoo!\assistant\assist\yangling.dll

+ BandIE ClassBaiduBar ModuleBaidu.com, Inc.c:\program files\baidu\bar\baidubar.dll

+ CNavExtBho ClassNorton AntiVirusNAVShellExt ModuleSymantec Corporationc:\program files\norton antivirus\navshext.dll

+ CnsHook Class3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll

+ DragSearch BHODragSearchc:\program files\yahoo!\assistant\assist\ydragsearch.dll

+ Yahoo!PhotoyPhtbYahoo! Chinac:\program files\yahoo!\assistant\assist\yphtb.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ coolbarToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

+ iesrch.dllURL Search DLLCNNICc:\program files\cnnic\cdn\iesrch.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ Norton AntiVirusNorton AntiVirusNAVShellExt ModuleSymantec Corporationc:\program files\norton antivirus\navshext.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ Yahoo 1G电邮File not found: http://cn.mail.yahoo.com/promo/rd1

+ 清理上网记录File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 手机短信File not found: http://sms.3721.com/ie/index.htm?pid=407828_1006

+ 修复浏览器File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多File not found: http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138

+ 雅虎助手File not found: http://cn.zs.yahoo.com/?source=Cns

+ 易趣购物File not found: http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn

Task Scheduler

+ Norton AntiVirus - 扫描我的电脑.jobNorton AntiVirus Scanner ModuleSymantec Corporationc:\program files\norton antivirus\navw32.exe

+ Symantec NetDetect.jobSymantec NetDetectSymantec Corporationc:\program files\symantec\liveupdate\ndetect.exe

HKLM\System\CurrentControlSet\Services

+ ccEvtMgrSymantec 事件管理器Symantec Corporationc:\program files\common files\symantec shared\ccevtmgr.exe

+ ccSetMgrSymantec 设置管理器Symantec Corporationc:\program files\common files\symantec shared\ccsetmgr.exe

+ navapsvc处理 Norton AntiVirus 自动防护事件。Symantec Corporationc:\program files\norton antivirus\navapsvc.exe

+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\windows\system32\nvsvc32.exe

+ SAVScan处理 Norton AntiVirus 自动防护的存档文件扫描Symantec Corporationc:\program files\norton antivirus\savscan.exe

+ SBServiceScriptBlocking registrationSymantec Corporationc:\program files\common files\symantec shared\script blocking\sbserv.exe

+ Sinfor LogServer日志服务器深圳市深信服电子科技有限公司c:\program files\common files\sinfor\logs\logs.exe

+ Symantec Core LCSymantec Core LCSymantec Corporationc:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe

+ SymWSCSymantec WMI ServiceSymantec Corporationc:\program files\common files\symantec shared\security center\symwsc.exe

HKLM\System\CurrentControlSet\Services

+ ALCXSENSSensaura WDM 3D Audio DriverSensaurac:\windows\system32\drivers\alcxsens.sys

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys

+ AliIdeFile not found: System32\DRIVERS\aliide.sys

+ CmdIdeCMD PCI IDE Bus DriverCMD Technology, Inc.c:\windows\system32\drivers\cmdide.sys

+ E100BIntel(R) PRO/100 Adapter NDIS 5.1 driverIntel Corporationc:\windows\system32\drivers\e100b325.sys

+ fteps1kUSB SmartCard Reader DriverOEMc:\windows\system32\drivers\usbic1k.sys

+ IPFilterIPFilter Multi-lineSinfor Technologies Co., Ltd.c:\windows\system32\drivers\ipfilter.sys

+ MegaIDELSI MegaRAID IDE DriverLSI Logic Corporation.c:\windows\system32\drivers\megaide.sys

+ mynicSinfor Virtual network adapterSinfor Technologies Co.,Ltd.c:\windows\system32\drivers\svnic.sys

+ NAVENGAV EngineSymantec Corporationc:\program files\common files\symantec shared\virusdefs\20060118.007\naveng.sys

+ NAVEX15AV EngineSymantec Corporationc:\program files\common files\symantec shared\virusdefs\20060118.007\navex15.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 66.72 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys

+ SAVRTAutoProtectSymantec Corporationc:\program files\norton antivirus\savrt.sys

+ SAVRTPELSAVRTPELSymantec Corporationc:\program files\norton antivirus\savrtpel.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ SYMDNSDNS Filter DriverSymantec Corporationc:\windows\system32\drivers\symdns.sys

+ SymEventSymantec Event LibrarySymantec Corporationc:\program files\symantec\symevent.sys

+ SYMFWFirewall Filter DriverSymantec Corporationc:\windows\system32\drivers\symfw.sys

+ SYMIDSIDS Filter DriverSymantec Corporationc:\windows\system32\drivers\symids.sys

+ SYMIDSCOFile not found: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20050901.036\symidsco.sys

+ symlcbrdc:\windows\system32\drivers\symlcbrd.sys

+ SYMNDISNDIS Filter DriverSymantec Corporationc:\windows\system32\drivers\symndis.sys

+ SYMREDRVRedirector Filter DriverSymantec Corporationc:\windows\system32\drivers\symredrv.sys

+ SYMTDINetwork Dispatch DriverSymantec Corporationc:\windows\system32\drivers\symtdi.sys