各位大侠,这好像是老病毒.但是我按照网上的方法杀不掉.首先我是win2000.目前不知道什么原因用不了MSCONFIG.无法调整启动程序.其次,在进程中无法中断taskmgr.exe的进程.

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\winnt\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ explorer.exeWindows ExplorerMicrosoft Corporationc:\winnt\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ DadAppc:\program files\dell\accessdirect\dadapp.exe

+ DAEMON Tools-2052Virtual DAEMON ManagerDAEMON'S HOMEc:\program files\d-tools\daemon.exe

+ IMSCMigFile not found: ;

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ Rund73.exeFile not found: ;

+ Super Rabbit Desktop SetSuper Rabbit Desktop SetSuper Rabbit Softwarec:\program files\super rabbit\magicset\ds.exe

+ Super Rabbit SRRestoreSuper Rabbit System RestoreSuper Rabbit Softc:\program files\super rabbit\magicset\srrest.exe

C:\Documents and Settings\Administrator\「开始」菜单\程序\启动

+ 腾讯QQ.lnkQQTENCENTc:\program files\tencent\qq\qq.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ ctfmon.exeCicero LoaderMicrosoft Corporationc:\winnt\system32\ctfmon.exe

HKLM\System\CurrentControlSet\Services

+ Alerter通知所选用户和计算机有关系统管理级警报。Microsoft Corporationc:\winnt\system32\services.exe

+ Ati HotKey Pollerc:\winnt\system32\ati2evxx.exe

+ Browser维护网络上计算机的最新列表以及提供这个列表给请求的程序。Microsoft Corporationc:\winnt\system32\services.exe

+ CVPNDCisco Systems VPN ClientCisco Systems, Inc.c:\program files\cisco systems\vpn client\cvpnd.exe

+ Dfs管理分布于局域网或广域网的逻辑卷。Microsoft Corporationc:\winnt\system32\dfssvc.exe

+ Dhcp通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。Microsoft Corporationc:\winnt\system32\services.exe

+ dmserver逻辑磁盘管理器监视狗服务Microsoft Corporationc:\winnt\system32\services.exe

+ Dnscache解析和缓冲域名系统 (DNS) 名称。Microsoft Corporationc:\winnt\system32\services.exe

+ Eventlog记录程序和 Windows 发送的事件消息。事件日志包含对诊断问题有所帮助的信息。您可以在“事件查看器”中查看报告。Microsoft Corporationc:\winnt\system32\services.exe

+ IISADMIN允许通过 Internet 信息服务的管理单元管理 Web 和 FTP 服务。Microsoft Corporationc:\winnt\system32\inetsrv\inetinfo.exe

+ lanmanserver提供 RPC 支持、文件、打印以及命名管道共享。Microsoft Corporationc:\winnt\system32\services.exe

+ lanmanworkstation提供网络链结和通讯。Microsoft Corporationc:\winnt\system32\services.exe

+ LicenseServiceMicrosoft? License ServerMicrosoft Corporationc:\winnt\system32\llssrv.exe

+ LmHosts允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。Microsoft Corporationc:\winnt\system32\services.exe

+ MSDTC并列事务，是分布于两个以上的数据库，消息队列，文件系统，或其它事务保护资源管理器。Microsoft Corporationc:\winnt\system32\msdtc.exe

+ NtmsSvc管理可移动媒体、驱动程序和库。Microsoft Corporationc:\winnt\system32\svchost.exe

+ PlugPlay管理设备安装以及配置，并且通知程序关于设备更改的情况。Microsoft Corporationc:\winnt\system32\services.exe

+ ProtectedStorage提供对敏感数据(如私钥)的保护性存储，以便防止未授权的服务，过程或用户对其的非法访问。Microsoft Corporationc:\winnt\system32\services.exe

+ RemoteRegistry允许远程注册表操作。Microsoft Corporationc:\winnt\system32\regsvc.exe

+ RpcSs提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。Microsoft Corporationc:\winnt\system32\svchost.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

+ SamSs存储本地用户帐户的安全信息。Microsoft Corporationc:\winnt\system32\lsass.exe

+ Schedule允许程序在指定时间运行。Microsoft Corporationc:\winnt\system32\mstask.exe

+ seclogon在不同凭据下启用启动过程Microsoft Corporationc:\winnt\system32\services.exe

+ SENS跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。Microsoft Corporationc:\winnt\system32\svchost.exe

+ SMTPSVC跨网传送电子邮件Microsoft Corporationc:\winnt\system32\inetsrv\inetinfo.exe

+ Spooler将文件加载到内存中以便迟后打印。Microsoft Corporationc:\winnt\system32\spoolsv.exe

+ TrkWks当文件在网络域的 NTFS 卷中移动时发送通知。Microsoft Corporationc:\winnt\system32\services.exe

+ W3SVC通过 Internet 信息服务的管理单元提供 Web 连接和管理。Microsoft Corporationc:\winnt\system32\inetsrv\inetinfo.exe

+ WinMgmt提供系统管理信息。Microsoft Corporationc:\winnt\system32\wbem\winmgmt.exe

+ wuauserv允许下载并安装 Windows 更新。如果此服务被禁用，计算机将不能使用 Windows Update 网站的自动更新功能。Microsoft Corporationc:\winnt\system32\svchost.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 5Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ CRLUpdateUPDCRLMicrosoft Corporationc:\winnt\system32\updcrl.exe

+ EnableRevocationMicrosoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\winnt\system32\ie4uinit.exe

+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player 6.4ADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\winnt\system32\advpack.dll

+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\winnt\system32\regsvr32.exe

+ 自定义浏览器Microsoft Internet Explorer Customization DLLMicrosoft Corporationc:\winnt\system32\iedkcs32.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ Network.ConnectionTrayNetwork Connections ShellMicrosoft Corporationc:\winnt\system32\netshell.dll

+ SysTraySystray shell service objectMicrosoft Corporationc:\winnt\system32\stobject.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ shell32.dllWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ .CAB file viewerCabinet File Viewer Shell ExtensionMicrosoft Corporationc:\winnt\system32\cabview.dll

+ ActiveDesktopWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ ActiveX 高速缓存文件夹Object Control ViewerMicrosoft Corporationc:\winnt\system32\occache.dll

+ BandProxyShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Briefcase FolderWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ CDF Extension Copy HookShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Channel MenuChannel Definition File ViewerMicrosoft Corporationc:\winnt\system32\cdfview.dll

+ Channel PropertiesChannel Definition File ViewerMicrosoft Corporationc:\winnt\system32\cdfview.dll

+ CmdFileIconWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Code Download AgentWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ ConnectionAgentWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ Crypto PKO ExtensionCrypto Shell ExtensionsMicrosoft Corporationc:\winnt\system32\cryptext.dll

+ Crypto Sign ExtensionCrypto Shell ExtensionsMicrosoft Corporationc:\winnt\system32\cryptext.dll

+ Darwin App PublisherShell Application ManagerMicrosoft Corporationc:\winnt\system32\appwiz.cpl

+ Directory Context Menu VerbsDirectory Service Common UIMicrosoft Corporationc:\winnt\system32\dsuiext.dll

+ Directory NamespaceDirectory Service UIMicrosoft Corporationc:\winnt\system32\dsfolder.dll

+ Directory Object FindDirectory Service FindMicrosoft Corporationc:\winnt\system32\dsquery.dll

+ Directory Property UIDirectory Service Common UIMicrosoft Corporationc:\winnt\system32\dsuiext.dll

+ Directory Query UIDirectory Service FindMicrosoft Corporationc:\winnt\system32\dsquery.dll

+ Directory Start/Search FindDirectory Service FindMicrosoft Corporationc:\winnt\system32\dsquery.dll

+ Disk Copy ExtensionWindows DiskCopyMicrosoft Corporationc:\winnt\system32\diskcopy.dll

+ Disk Quota UIWindows Shell Disk Quota UI DLLMicrosoft Corporationc:\winnt\system32\dskquoui.dll

+ Display Adapter CPL ExtensionAdvanced display adapter propertiesMicrosoft Corporationc:\winnt\system32\deskadp.dll

+ Display Control Panel HTML ExtensionsWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Display Monitor CPL ExtensionAdvanced display monitor propertiesMicrosoft Corporationc:\winnt\system32\deskmon.dll

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ Display TroubleShoot CPL ExtensionAdvanced display performance propertiesMicrosoft Corporationc:\winnt\system32\deskperf.dll

+ DS Security PageDirectory Service Security UIMicrosoft Corporationc:\winnt\system32\dssec.dll

+ Favorites BandShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ File Property Page ExtensionWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ File Types PageWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Folder Options Property Page ExtensionWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ HTML 缩略图的解压缩程序Thumbnail View ExtensionMicrosoft Corporationc:\winnt\system32\thumbvw.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\winnt\system32\hticons.dll

+ ICC 配置文件Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\winnt\system32\icmui.dll

+ ICM 打印机管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\winnt\system32\icmui.dll

+ ICM 监视器管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\winnt\system32\icmui.dll

+ ICM 扫描仪管理Microsoft Color Matching System User Interface DLLMicrosoft Corporationc:\winnt\system32\icmui.dll

+ IE4 套件初始屏幕Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ IIS Shell ExtentionPWS Tray ExtensionMicrosoft Corporationc:\winnt\system32\inetsrv\w3ext.dll

+ Installed Apps EnumeratorShell Application ManagerMicrosoft Corporationc:\winnt\system32\appwiz.cpl

+ InternetShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Internet Name SpaceShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Internet 临时文件Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Internet 临时文件Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ InternetShortcutShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ ISFBand OCShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ IShellFolderBandShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ LNK 文件缩略图接口代理程序Thumbnail View ExtensionMicrosoft Corporationc:\winnt\system32\thumbvw.dll

+ Microsoft AutoCompleteShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft Browser ArchitectureShell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Microsoft BrowserBandShell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft CopyTo ServiceWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Microsoft Internet 工具栏Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft MoveTo ServiceWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Microsoft New Object ServiceWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Microsoft Office HTML Icon HandlerMicrosoft Office 2003 componentMicrosoft Corporationc:\program files\microsoft office\office11\msohev.dll

+ Microsoft Office Outlook Custom Icon HandlerOutlook Shell Hook for Start/FindMicrosoft Corporationc:\program files\microsoft office\office11\olkfstub.dll

+ Microsoft Office Outlook Desktop Icon HandlerMicrosoft Shell Extension LibraryMicrosoft Corporationc:\program files\microsoft office\office11\mlshext.dll

+ Microsoft SendTo ServiceWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ Microsoft Url History 服务Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Microsoft Url 搜索挂接Shell Doc Object and Control LibraryMicrosoft Corporationc:\winnt\system32\shdocvw.dll

+ Microsoft 多个自动完成列表容器Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft 历史自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Microsoft 外壳文件夹自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ MIME File Types HookWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ MMC Icon HandlerMMC Shell Extension DLLMicrosoft Corporationc:\winnt\system32\mmcshext.dll

+ MRU 自动完成列表Shell Browser UI LibraryMicrosoft Corporationc:\winnt\system32\browseui.dll

+ Multimedia File Property SheetControl Panel Drivers AppletMicrosoft Corporationc:\winnt\system32\mmsys.cpl

+ MyDocs Copy HookMy Documents Folder UIMicrosoft Corporationc:\winnt\system32\mydocs.dll

+ MyDocs Drop TargetMy Documents Folder UIMicrosoft Corporationc:\winnt\system32\mydocs.dll

+ MyDocs FolderMy Documents Folder UIMicrosoft Corporationc:\winnt\system32\mydocs.dll

+ MyDocs PropertiesMy Documents Folder UIMicrosoft Corporationc:\winnt\system32\mydocs.dll

+ NTFS Security PageSecurity Shell ExtensionMicrosoft Corporationc:\winnt\system32\rshx32.dll

+ Office 图形筛选器缩略图的解压缩程序Thumbnail View ExtensionMicrosoft Corporationc:\winnt\system32\thumbvw.dll

+ Offline Files Folder OptionsClient Side Caching UIMicrosoft Corporationc:\winnt\system32\cscui.dll

+ Offline Files MenuClient Side Caching UIMicrosoft Corporationc:\winnt\system32\cscui.dll

+ OLE Docfile Property PageOLE DocFile Property PageMicrosoft Corporationc:\winnt\system32\docprop.dll

+ Open With Context Menu HandlerWindows Shell Common DllMicrosoft Corporationc:\winnt\system32\shell32.dll

+ PlusPack CPL ExtensionEffects Control Panel extensionMicrosoft Corporationc:\winnt\system32\plustab.dll

+ PostAgentWeb Site MonitorMicrosoft Corporationc:\winnt\system32\webcheck.dll

+ Printers Security PageSecurity Shell ExtensionMicrosoft Corporationc:\winnt\system32\rshx32.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

对不起,刚才没选择option项,重发一个简洁的

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ DadAppc:\program files\dell\accessdirect\dadapp.exe

+ DAEMON Tools-2052Virtual DAEMON ManagerDAEMON'S HOMEc:\program files\d-tools\daemon.exe

+ IMSCMigFile not found: ;

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ Rund73.exeFile not found: ;

+ Super Rabbit Desktop SetSuper Rabbit Desktop SetSuper Rabbit Softwarec:\program files\super rabbit\magicset\ds.exe

+ Super Rabbit SRRestoreSuper Rabbit System RestoreSuper Rabbit Softc:\program files\super rabbit\magicset\srrest.exe

C:\Documents and Settings\Administrator\「开始」菜单\程序\启动

+ 腾讯QQ.lnkQQTENCENTc:\program files\tencent\qq\qq.exe

HKLM\System\CurrentControlSet\Services

+ Ati HotKey Pollerc:\winnt\system32\ati2evxx.exe

+ CVPNDCisco Systems VPN ClientCisco Systems, Inc.c:\program files\cisco systems\vpn client\cvpnd.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\winnt\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\winnt\system32\ravext.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

+ Yahoo!PhotoFile not found: C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll

+ 粉碎文件File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell ExtensionPDF Shell ExtensionAdobe Systems, Inc.c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 7.0 for ActiveXAdobe Systems Incorporatedc:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ DragSearch BHOFile not found: C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司c:\program files\tencent\qq\qqiehelper.dll

+ ThunderIEHelper Classxunleibho BHOc:\winnt\system32\xunleibho_v8.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ QQQQTENCENTc:\program files\tencent\qq\qq.exe

+ 相关站点c:\winnt\web\related.htm

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

+ CSGina.dllc:\winnt\system32\csgina.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ (无)File not found: (无)

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ HP LaserJet 5 Language MonitorWin32 Language Monitor for direct connect HP printersHewlett-Packardc:\winnt\system32\hpdcmon.dll

+ CSGina.dllc:\winnt\system32\csgina.dll


用Auttoruns删除启动项
重启
删除c:\winnt\system32\csgina.dll
试试

暂时没问题了,非常感谢