任务管理器中出现2个lsass.exe.一个是正常的在system32下.另外一个在system32/drivers/lsass.exe 下.估计是病毒.
启动项中出现cmd.pif
在各个驱动器根目录下出现_system~.ini
诺顿11月18日更新后可以识别但是无法清除.现在我硬盘上的几乎所有exe文件都因为感染被隔离了.T_T
有那位高人能够提供一些帮助建议.多谢了.

我的e盘有个专杀，先试试吧mizuki.ys168.com

没有用.不是那个.这个病毒比较新的.
不过谢谢2楼

HijackThis1.99.1
扫描日志上来
中文版：
http://free5.ys168.com/?aqfrs

sysmantec网站的安全响应这样定义
W32.Pagipef
Risk Level 1: Very Low !!!!!!!! 我晕
Discovered: November 16, 2006
Updated: November 17, 2006 05:07:19 PM GMT
Type: Virus
Infection Length: 32,768 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When the virus executes, it performs the following actions:

Copies itself to the following locations:


%UserProfile%\Start Menu\Programs\Startup\cmd.pif
%System%\drivers\lsass.exe

Note:
%UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[CURRENT USER] (Windows NT/2000/XP).
%System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).


Attempts to infect all .exe files on the compromised computer.


Drops the original host file as the following and executes it:

[FILE NAME].~tmp.exe


Creates following files on remote or removable drives:


[DRIVE]:\autorun.inf
[DRIVE]:\page.pif
[DRIVE]:\_system~.ini


Periodically attempts to open the following URLs using Internet Explorer:


[http://]www.265dm.cn/adjs[REMOVED]
[http://]laji.xrlyy.com/js[REMOVED]
问题是symantec antivirus 10 只能够隔离.无法清除.

感染特点:
%UserProfile%\Start Menu\Programs\Startup\cmd.pif
%System%\drivers\lsass.exe
垃圾文件:
~tmp.exe
[DRIVE]:\autorun.inf
[DRIVE]:\page.pif
[DRIVE]:\_system~.ini
谢谢楼上的热心人
多给写意见啊.

HijackThis_815汉化版扫描日志 V1.99.1
保存于      16:31:12, 日期 2006-11-20
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
E:\soft\tools\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O4 - 启动项HKLM\\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [DrvLsnr] ;D:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - 启动项HKLM\\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - 启动项HKLM\\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - 启动项HKLM\\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\system32\NavLogon.dll
O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - NT 服务: Symantec Network Proxy (ccProxy) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: IS Service (ISSVC) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - NT 服务: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - NT 服务: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - NT 服务: Symantec SecurePort (SymSecurePort) - Symantec Corporation - D:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - NT 服务: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - NT 服务: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - NT 服务: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - NT 服务: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe

日志里面我到没有发现什么.大家避免检查一下.
现在诺顿隔离了我将近1.2G的文件.哎.......

没有人知道解决办法吗?斑竹能够给个建议吗?