百度空间 | 百度首页 
 
查看文章
  
用草莽的工具做了一次国际杀毒
2007-07-09 11:08

          周五晚上帮合作伙伴杀毒,因为对方是个跨国大公司的老板,我自然不能要求去远程进她电脑帮助(后来看远程解决不了,好几个sys驱动病毒文件呢),让其扫描了SREng的日志,周六用草莽书生的日志分析助手做了杀毒指令,发给其指令和通用病毒杀灭机,附上详细的操作方法。今天早上得到回馈,病毒顺利清理!
          其实决定用此方法时,由于对方在韩国,操作系统可能是韩语版,开始还担心草莽的工具会不会有兼容问题。还好一切顺利!只是因为对方是合作伙伴,而且是女同志,所以日志分析时特谨慎,每项都百度确认,用的时间长。
          看对方日志,是诺顿做的安全防护,看看浏览器加载项的日志,嗨,用草莽书生的日志分析助手都累得眼花!
==================================
浏览器加载项
[Yahoo! Companion BHO]
     {02478D38-C3F9-4efb-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_9_0.dll, Yahoo! Inc.>
[AcroIEHlprObj Class]
     {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Skype add-on (mastermind)]
     {22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[Alcohol Toolbar Helper]
     {52D06F97-5511-43FA-8FDA-C481864FD26E} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, >
[Google Toolbar Helper]
     {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Google Toolbar Notifier BHO]
     {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[Windows Live Toolbar Helper]
     {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Skype add-on (button)]
     {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[信息检索(&R)]
     {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
     {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Yahoo! Companion]
     {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_9_0.dll, Yahoo! Inc.>
[Alcohol Toolbar]
     {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, >
[&Google]
     {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Windows Live Toolbar]
     {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[mkdsfwCtrl Class]
     {042D97DD-E197-411A-8298-6EE85F1C1421} <C:\Program Files\AhnLab\ASP\Components\mkdsfw\mkdsfw.dll, >
[HLiveRobotWeb Control]
     {044123B5-35DF-4C4E-BAED-26B8ED964342} <C:\WINDOWS\DOWNLO~1\HLIVER~1.OCX, HAURI>
[CINIWebPlus Class]
     {1D4FC3AF-3253-43A4-B346-5D1198D1EB8E} <C:\WINDOWS\Downloaded Program Files\INISWebPlus.dll, Initech Inc>
[INISAFEWeb6 V6 Class]
     {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} <C:\Program Files\INITECH\INISAFE Web V6\INISAFEWeb60.dll, INITECH (c).>
[SCSK Control]
     {39FC0CF9-86F3-4502-B773-D16706EDEC83} <C:\WINDOWS\system32\SCSK4.OCX, SoftCamp Co.,Ltd.>
[Yessign5 Control]
     {3A90D051-E921-4741-8288-D1B6747A8A51} <C:\WINDOWS\DOWNLO~1\yessign5.ocx, ?????>
[SessionControl Control]
     {3B56E5F0-7B20-48BF-B439-A995BE5191EF} <C:\WINDOWS\DOWNLO~1\SESSIO~1.OCX, >
[Joara_Book_Viewer Control]
     {3EBFE192-5355-4B0A-B156-8CAE89F755CB} <C:\WINDOWS\DOWNLO~1\JOARA_~1.OCX, >
[Empas Filebox Control]
     {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} <C:\WINDOWS\Downloaded Program Files\EmpasFilebox.dll, >
[Printmade Control]
     {53EED863-B547-40F8-B24A-2D6DE807CFE8} <C:\WINDOWS\DOWNLO~1\PRINTM~1.OCX, Designmade>
[ProWorksGrid Control]
     {66413DC2-F891-40BC-822D-B7EEC8ADC281} <C:\WINDOWS\DOWNLO~1\PROWOR~2.OCX, INSWAVE>
[XecureCKKB Class]
     {6CE20149-ABE3-462E-A1B4-5B549971AA38} <C:\WINDOWS\Downloaded Program Files\XecureCK.dll, SoftForum Co., Ltd.>
[XecureWeb 4.0 Client Control]
     {7E9FDB80-5316-11D4-B02C-00C04F0CD404} <C:\Program Files\SoftForum\XecureWeb\ActiveX\XWebCLT.dll, SoftForum Co., Ltd.>
[Naver Mail BigFile Upload Control]
     {86464425-142E-423B-86D2-248E2FD52004} <C:\WINDOWS\Downloaded Program Files\NvBigFileUpload.dll, NHN Corp.>
[SysMonOCX Control]
     {9BDBC41E-C335-4263-83C0-ECE78EE28A33} <C:\WINDOWS\DOWNLO~1\SYSMON~1.OCX, AhnLab>
[Hanmail Upload Control]
     {A00B2A53-60D9-4477-ADA3-60490770C5E0} <C:\PROGRA~1\Daum\Xman\modules\{A00B2~1\1_1_0_~3\HANMAIL.OCX, ?? ??????>
[Daum ActiveX manager Class]
     {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} <C:\WINDOWS\system32\XM_1_2~2.DLL, (c) Daum Communications.>
[VineTransfer Control]
     {C1143E84-B2B1-473B-9F20-E62DD754FCAF} <C:\WINDOWS\system32\VINETR~1.OCX, (?)????>
[NPX Control]
     {CFCB7308-782F-11D4-BE27-000102598CE4} <C:\WINDOWS\system32\npx.ocx, INCA Internet Co., Ltd.>
[Shockwave Flash Object]
     {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[NPKCX Control]
     {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} <C:\WINDOWS\system32\NPKCX.ocx, INCA Internet Co., Ltd.>
[SCSKEx Control]
     {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} <C:\WINDOWS\system32\SCSKEX.ocx, softcamp>
[ShbAutoTrustSite Control]
     {EA0995BF-45DD-4DB0-ADD5-A39C37397841} <C:\WINDOWS\DOWNLO~1\SHBAUT~1.OCX, ????>
[RemoteCall Control]
     {F9CBD0B7-FEE7-432A-B01F-D6906C63EA1A} <C:\WINDOWS\DOWNLO~1\rcax.dll, RSUPPORT CO., LTD.>
[Yahoo! Companion BHO]
     {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_9_0.dll, Yahoo! Inc.>
[mkdsfwCtrl Class]
     {042D97DD-E197-411A-8298-6EE85F1C1421} <C:\Program Files\AhnLab\ASP\Components\mkdsfw\mkdsfw.dll, >
[HLiveRobotWeb Control]
     {044123B5-35DF-4C4E-BAED-26B8ED964342} <C:\WINDOWS\DOWNLO~1\HLIVER~1.OCX, HAURI>
[AcroIEHlprObj Class]
     {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
     {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[YahooBrowse Class]
     {0B2D666F-9EDA-4C1E-8C3B-A061AAB0615C} <C:\Program Files\Yahoo!\Quick Select\qs\ymailbrowse.dll, Yahoo! Inc.>
[Windows Genuine Advantage Validation Tool]
     {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[CINIWebPlus Class]
     {1D4FC3AF-3253-43A4-B346-5D1198D1EB8E} <C:\WINDOWS\Downloaded Program Files\INISWebPlus.dll, Initech Inc>
[Skype add-on (mastermind)]
     {22BF413B-C6D2-4D91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[Windows Media Player]
     {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
     {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
     {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[INISAFEWeb6 V6 Class]
     {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} <C:\Program Files\INITECH\INISAFE Web V6\INISAFEWeb60.dll, INITECH (c).>
[DHTML Edit Control Safe for Scripting for IE5]
     {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[SCSK Control]
     {39FC0CF9-86F3-4502-B773-D16706EDEC83} <C:\WINDOWS\system32\SCSK4.OCX, SoftCamp Co.,Ltd.>
[Yessign5 Control]
     {3A90D051-E921-4741-8288-D1B6747A8A51} <C:\WINDOWS\DOWNLO~1\yessign5.ocx, ?????>
[SessionControl Control]
     {3B56E5F0-7B20-48BF-B439-A995BE5191EF} <C:\WINDOWS\DOWNLO~1\SESSIO~1.OCX, >
[XML Document]
     {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Alcohol Toolbar]
     {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, >
[HHCtrl Object]
     {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Alcohol Toolbar Helper]
     {52D06F97-5511-43FA-8FDA-C481864FD26E} <C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll, >
[Printmade Control]
     {53EED863-B547-40F8-B24A-2D6DE807CFE8} <C:\WINDOWS\DOWNLO~1\PRINTM~1.OCX, Designmade>
[Shell Name Space]
     {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[ProWorksGrid Control]
     {66413DC2-F891-40BC-822D-B7EEC8ADC281} <C:\WINDOWS\DOWNLO~1\PROWOR~2.OCX, INSWAVE>
[Windows Media Player]
     {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[XecureCKKB Class]
     {6CE20149-ABE3-462E-A1B4-5B549971AA38} <C:\WINDOWS\Downloaded Program Files\XecureCK.dll, SoftForum Co., Ltd.>
[Skype add-on (button)]
     {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[XecureWeb 4.0 Client Control]
     {7E9FDB80-5316-11D4-B02C-00C04F0CD404} <C:\Program Files\SoftForum\XecureWeb\ActiveX\XWebCLT.dll, SoftForum Co., Ltd.>
[Naver Mail BigFile Upload Control]
     {86464425-142E-423B-86D2-248E2FD52004} <C:\WINDOWS\Downloaded Program Files\NvBigFileUpload.dll, NHN Corp.>
[Microsoft Web 浏览器]
     {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[DaumBGMCtrl Class]
     {91011241-B724-4758-83E6-E13D5AD35B7B} <C:\WINDOWS\system32\DAUMBGMA.DLL, (?)????>
[ST]
     {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\Windows Live Toolbar\stmain.dll, Microsoft Corporation>
[SysMonOCX Control]
     {9BDBC41E-C335-4263-83C0-ECE78EE28A33} <C:\WINDOWS\DOWNLO~1\SYSMON~1.OCX, AhnLab>
[NaverFileControl Control]
     {9CDD57AC-CA86-464C-B920-3228A388CC78} <C:\WINDOWS\system32\NAVERF~1.OCX, Dacom Multimedia Internet Corp.>
[Hanmail Upload Control]
     {A00B2A53-60D9-4477-ADA3-60490770C5E0} <C:\PROGRA~1\Daum\Xman\modules\{A00B2~1\1_1_0_~3\HANMAIL.OCX, ?? ??????>
[Google Toolbar Helper]
     {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Microsoft Scriptlet Component]
     {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[Google Toolbar Notifier BHO]
     {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[SearchAssistantOC]
     {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
     {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[Daum ActiveX manager Class]
     {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} <C:\WINDOWS\system32\XM_1_2~2.DLL, (c) Daum Communications.>
[RDS.DataSpace]
     {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
     {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
     {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
     {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
     {BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[VineTransfer Control]
     {C1143E84-B2B1-473B-9F20-E62DD754FCAF} <C:\WINDOWS\system32\VINETR~1.OCX, (?)????>
[AUDIO__MP3 Moniker Class]
     {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
     {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
     {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
     {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
     {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[NPX Control]
     {CFCB7308-782F-11D4-BE27-000102598CE4} <C:\WINDOWS\system32\npx.ocx, INCA Internet Co., Ltd.>
[Shockwave Flash Object]
     {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[GetInfo Class]
     {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\Program Files\Yahoo!\Quick Select\qs\yverinfo.dll, Yahoo! Inc.>
[NPKCX Control]
     {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} <C:\WINDOWS\system32\NPKCX.ocx, INCA Internet Co., Ltd.>
[SCSKEx Control]
     {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} <C:\WINDOWS\system32\SCSKEX.ocx, softcamp>
[Compose Class]
     {E9277B43-B5F6-4801-B4C2-0F1B61496715} <C:\Program Files\Yahoo!\Quick Select\qs\ymailcompose.dll, Yahoo! Inc.>
[ShbAutoTrustSite Control]
     {EA0995BF-45DD-4DB0-ADD5-A39C37397841} <C:\WINDOWS\DOWNLO~1\SHBAUT~1.OCX, ????>
[Yahoo! Companion]
     {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_9_0.dll, Yahoo! Inc.>
[RemoteCall Control]
     {F9CBD0B7-FEE7-432A-B01F-D6906C63EA1A} <C:\WINDOWS\DOWNLO~1\rcax.dll, RSUPPORT CO., LTD.>
[&Windows Live Search]
     <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Add to Windows &Live Favorites]
     <http://favorites.live.com/quickadd.aspx, N/A>
[在新的前景索引標籤中開啟]
     <res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/230?48fcf4774c8340df9b4e67b380df14a9, N/A>
[在新的背景索引標籤中開啟]
     <res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/229?48fcf4774c8340df9b4e67b380df14a9, N/A>
[导出到 Microsoft Office Excel(&X)]
     <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
==================================


类别:计算机知识 | 添加到搜藏 | 浏览() | 评论 (12)
 
最近读者:
 
网友评论:
1
2007-07-10 15:05 | 回复
哦,不晓得那个助手如何。。。我看日志从来只看自己的,别人的偶尔看,但是很累。。。呵呵。软件很多,但许多设计者都特别粗心,不附加公司信息等,造成阅读困难。
 
2
2007-07-11 11:54 | 回复
日志分析助手确实很好用,当然自己的电脑有问题也一样可以用,分析后直接做成指令,导入杀毒一次性完毕,免得动用各种工具,逐级翻找注册表等等费时费力。
 
3
2007-07-11 13:36 | 回复
国际杀毒,哈哈,够方便哇。
 
4
2007-07-12 21:14 | 回复
通用病毒杀灭机是啥呵???网友做的吗???
 
5
2007-07-14 13:42 | 回复
是的,3楼的朋友的开发的软件,类似这次帮人解决问题,才发现远比那些杀毒软件更方便合理。
 
6
2007-07-18 09:21 | 回复
千万不要告诉我 上面所列的BHO都被删了。。
 
7
2007-07-18 09:34 | 回复
回6楼,不可能都删的,只是那么多,挑出来需要删的实在累眼睛。 另,要是都删了,我可真的不敢去帮人解决问题,呵呵
 
8
2007-07-18 12:49 | 回复
呵呵。路过留个脚印吧。
 
9
2007-07-23 08:31 | 回复
觉得windows清理助手就应该能解决!
 
10
2007-07-23 08:38 | 回复
9楼的,你没仔细看,难道你不知道BHO仅仅是日志一部分?上边我说了日志其他部分还有多个木马程序。
 
11
2007-07-24 21:58 | 回复
麻烦大家帮我分析一下这份sreng日志,感激不尽..... http://hi.baidu.com/i%5Fkid/blog/item/d237e63369de5541ad4b5fba.html
 
12
2008-01-18 17:38 | 回复
请问是不是srenglog里面显示的都是病毒啊,我都晕了
 
发表评论:
姓 名:
网址或邮箱: (选填)
内 容:
验证码: 请点击后输入四位验证码,字母不区分大小写
      

     

©2009 Baidu