如图, 瑞星在线杀毒扫描到的,但无法清除
一个是灰鸽子,
一个是qqpass, 路径为在C:\Program Files\Common Files\Microsoft Shared\MSInfo 目录下的15391EDE.dll 文件

具体症状为杀毒工具和防火墙无法开启.  金山,瑞星,还有木马清道夫.都是在任务管理器里面一闪即逝.

由于2个都是木马程序,所以很耽误事情,于是寻求帮助, 希望大家不吝赐教

这是 SrEng 扫描到的自启动项, 但无法清楚

还有,  系统无法进入安全模式. 提示  无法识别Video设备

2006-10-11,13:06:40

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(Synchronization Manager)(mobsync.exe /logon) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(C:\WINNT\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({91ED1539-1539-1EDE-391E-539ED5391EDE})(C:\Program Files\Common Files\Microsoft Shared\MSINFO\15391EDE.dll) [N/A]




--------------------------------------------------------------------------------



启动文件夹

N/A



--------------------------------------------------------------------------------



服务

[ASP.NET State Service / aspnet_state]
(C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe)(Microsoft Corporation)
[CPUCooLServer Service / CPUCooLServer]
("C:\Program Files\CPUCooL\CooLSrv.exe")(N/A)
[Logical Disk Manager Administrative Service / dmadmin]
(C:\WINNT\System32\dmadmin.exe /com)(VERITAS Software Corp.)
[Kingsoft Personal Firewall Service / KPfwSvc]
("C:\KAV2007\KPfwSvc.EXE")(Kingsoft Corporation)
[Kingsoft Antivirus KWatch Service / KWatchSvc]
(C:\KAV2007\KWatch.EXE)(Kingsoft Corporation)
[Macromedia Licensing Service / Macromedia Licensing Service]
("C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe")(N/A)
[Messenger / Messenger]
(\SystemRoot\C:\WINNT\system32\services.exe)(N/A)
[SmartLinkService / SLService]
(slserv.exe)()
[Disk Manager Locator / Tast Man Switching Compatibil]
(C:\WINNT\deltsuls.exe)(N/A)
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge]
(D:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe)(Microsoft Corporation)
[VKTServ / VKTServ]
()(N/A)
[Portable Media Serial Number Service / WmdmPmSN]
(C:\WINNT\System32\svchost.exe -k netsvcs--)C:\WINNT\system32\mspmsnsv.dll)(Microsoft Corporation)



--------------------------------------------------------------------------------



驱动程序

[Cdr4_2K / Cdr4_2K]
(C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS)(Roxio)
[Cdralw2k / Cdralw2k]
(C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS)(Roxio)
[CpuIdle Pro System Driver / cpuidlep]
(C:\WINNT\SYSTEM32\DRIVERS\cpuidlep.SYS)(N/A)
[dmboot / dmboot]
(System32\drivers\dmboot.sys)(VERITAS Software Corp.)
[Logical Disk Manager Driver / dmio]
(\SystemRoot\System32\drivers\dmio.sys)(VERITAS Software Corp.)
[dmload / dmload]
(\SystemRoot\System32\drivers\dmload.sys)(VERITAS Software Corp.)
[KNetWch / KNetWch]
(\??\C:\KAV2007\KNetWch.SYS)(Kingsoft Corporation)
[KWatch3 / KWatch3]
(\??\C:\WINNT\system32\drivers\KWatch3.SYS)(Kingsoft Corporation)
[Mtlmnt5 / Mtlmnt5]
(system32\DRIVERS\Mtlmnt5.sys)()
[Mtlstrm / Mtlstrm]
(system32\DRIVERS\Mtlstrm.sys)()
[Netgroup Packet Filter / NPF]
(system32\drivers\npf.sys)(N/A)
[npkycryp / npkycryp]
(\??\D:\Program Files\Tencent\QQ20066\npkycryp.sys)(N/A)
[ntiowp / ntiowp]
(C:\WINNT\SYSTEM32\DRIVERS\ntiowp.SYS)()
[NtMtlFax / NtMtlFax]
(system32\DRIVERS\NtMtlFax.sys)()
[PortTalk / PortTalk]
(System32\Drivers\PortTalk.sys)(N/A)
[Direct Parallel Link Driver / Ptilink]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE]
(system32\DRIVERS\RMSPPPOE.SYS)(Robert Schlabbach)
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[SecDrv / SecDrv]
(\??\C:\WINNT\system32\drivers\SECDRV.SYS)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
[SiS630 / SiS630]
(system32\DRIVERS\sis630p.sys)(Silicon Integrated Systems Corporation)
[Service for SiS7018 Driver (WDM) / SiS7018]
(system32\drivers\sis7018.sys)(Silicon Integrated Systems Corporation)
[SiS PCI Fast Ethernet Adapter Driver / SISNIC]
(system32\DRIVERS\sisnic.sys)(SiS Corporation)
[SKNFW / SKNFW]
(\??\C:\WINNT\system32\Drivers\SKNFW.sys)(N/A)
[SmartLink AMR_PCI Driver / Slntamr]
(system32\DRIVERS\slntamr.sys)()
[SlNtHal / SlNtHal]
(system32\DRIVERS\Slnthal.sys)()
[SlWdmSup / SlWdmSup]
(system32\DRIVERS\SlWdmSup.sys)(Vireo Software)
[V90drv / V90drv]
(system32\DRIVERS\v90drv.sys)()
[voodoo3 / voodoo3]
(system32\DRIVERS\voodoo3.sys)(3Dfx Interactive, Inc.)
[WINIO / WINIO]
(\??\C:\WINNT\Downloaded Program Files\CONFLICT.3\winio.sys)(N/A)



--------------------------------------------------------------------------------

浏览器加载项

[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} (C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China)
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china)
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} (C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll, Yahoo! China)
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A)
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} (http://cn.widget.yahoo.com/index.htm?source=Cns, N/A)
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A)
[&使用迅雷下载]
(D:\Program Files\Thunder Network\Thunder\geturl.htm, N/A)
[&使用迅雷下载全部链接]
(D:\Program Files\Thunder Network\Thunder\getAllurl.htm, N/A)
[添加到雅虎订阅(&Y)]
(res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A)
[雅虎搜索]
(res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A)



--------------------------------------------------------------------------------



正在运行的进程

[PID: 144][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 168][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 164][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6898]
[PID: 216][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 228][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902]
[PID: 416][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 444][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.6659]
[PID: 476][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 516][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6704]
[PID: 608][C:\WINNT\system32\slserv.exe] [ , 2.80.00(24Apr2000)]
[PID: 304][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 664][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 808][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\15391EDE.dll] [N/A, N/A]
[C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll] [Yahoo! China, 3, 0, 4, 1006]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [yahoo! china, 3, 0, 1, 1001]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll] [Yahoo! China, 3, 1, 0, 1015]
[D:\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\KAV2007\KAVEXT.DLL] [Kingsoft Corporation, 2005, 8, 5, 16]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] [Yahoo! China, 3, 0, 1, 1001]
[D:\Program Files\Tencent\QQ20066\qdshm.dll] [, 1, 0, 101, 20]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\Program Files\Kingsoft\KnightV\KSKNIGHT.dll] [金山软件股份有限公司, 5, 0, 0, 0]
[C:\WINNT\system32\KPic10.dll] [N/A, N/A]
[C:\WINNT\system32\ijl11.dll] [Intel Corporation, 1.1.2]
[PID: 796][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\15391EDE.dll] [N/A, N/A]
[C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll] [Yahoo! China, 3, 0, 4, 1006]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [yahoo! china, 3, 0, 1, 1001]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll] [Yahoo! China, 3, 1, 0, 1015]
[C:\WINNT\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINNT\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[D:\Program Files\Kingsoft\KnightV\KSKNIGHT.dll] [金山软件股份有限公司, 5, 0, 0, 0]
[C:\WINNT\system32\KPic10.dll] [N/A, N/A]
[C:\WINNT\system32\ijl11.dll] [Intel Corporation, 1.1.2]
[C:\WINNT\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 732][C:\WINNT\system32\mdm.exe] [Microsoft Corporation, 6.00.8149]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\15391EDE.dll] [N/A, N/A]
[PID: 1016][D:\download\AntiVirus\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\15391EDE.dll] [N/A, N/A]
[D:\Program Files\Kingsoft\KnightV\KSKNIGHT.dll] [金山软件股份有限公司, 5, 0, 0, 0]
[C:\WINNT\system32\KPic10.dll] [N/A, N/A]
[C:\WINNT\system32\ijl11.dll] [Intel Corporation, 1.1.2]
[PID: 1088][D:\Program Files\Kingsoft\KnightV\KnightV.exe] [金山软件股份有限公司, 5, 0, 0, 0]
[D:\Program Files\Kingsoft\KnightV\KSKNIGHT.dll] [金山软件股份有限公司, 5, 0, 0, 0]
[C:\WINNT\system32\KPic10.dll] [N/A, N/A]
[C:\WINNT\system32\ijl11.dll] [Intel Corporation, 1.1.2]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\15391EDE.dll] [N/A, N/A]
[PID: 812][C:\WINNT\system32\mspaint.exe] [Microsoft Corporation, 5.00.2195.6601]
[D:\Program Files\Kingsoft\KnightV\KSKNIGHT.dll] [金山软件股份有限公司, 5, 0, 0, 0]
[C:\WINNT\system32\KPic10.dll] [N/A, N/A]
[C:\WINNT\system32\ijl11.dll] [Intel Corporation, 1.1.2]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\15391EDE.dll] [N/A, N/A]
[PID: 288][C:\WINNT\system32\mspaint.exe] [Microsoft Corporation, 5.00.2195.6601]
[D:\Program Files\Kingsoft\KnightV\KSKNIGHT.dll] [金山软件股份有限公司, 5, 0, 0, 0]
[C:\WINNT\system32\KPic10.dll] [N/A, N/A]
[C:\WINNT\system32\ijl11.dll] [Intel Corporation, 1.1.2]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\15391EDE.dll] [N/A, N/A]
[PID: 1136][C:\WINNT\regedit.exe] [Microsoft Corporation, 5.00.2195.6707]
[D:\Program Files\Kingsoft\KnightV\KSKNIGHT.dll] [金山软件股份有限公司, 5, 0, 0, 0]
[C:\WINNT\system32\KPic10.dll] [N/A, N/A]
[C:\WINNT\system32\ijl11.dll] [Intel Corporation, 1.1.2]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\15391EDE.dll] [N/A, N/A]



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

N/A



--------------------------------------------------------------------------------

第二个解决了,汗一下. 先删了sysytem32下面的2个dll,并关闭ie,exploer等等之后,重启后才删掉原来的15391ede.dll
第一个,额, 我无法搜索到鸽子对应的服务

杀毒软件可以打开了~