还是在附件中

Dropper.ElteSideBar08
瑞星查的

看名字是种植者 什么什么栏或是工具条之类的，不算病毒，算是恶意程序~我的老卡也没抱，我用记事本打开发现里面还有注册表项~

引用:

【MPZ911的贴子】看名字是种植者 什么什么栏或是工具条之类的，不算病毒，算是恶意程序~我的老卡也没抱，我用记事本打开发现里面还有注册表项~ ...........................

HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}]
@="Elite SideBar"

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Control]

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Implemented Categories\{00021493-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\InprocServer32]
@=""
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Insertable]

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ProgID]
@="CGBand.CGBandObj.1"

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\TypeLib]
@="{8AA59E15-6E81-415C-B299-1ADFB50C8E1A}"

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}\VersionIndependentProgID]
@="CGBand.CGBandObj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}]
@="&EliteSideBar"

[HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}\InprocServer32]
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}\Insertable]

[HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}\Instance\InitPropertyBag]
@="0"


[HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}\InprocServer32]
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteSideBar]
"UpdateDate"="010101"
"FirstTimeStarted"=dword:00000001
"version"="08"
  P
4  V S _ V E R S I O N _ I N F O    ?稔 
 

   

         
                 
S t r i n g F i l e I n f o     
0 4 1 9 0 4 b 0  6 
F i l e V e r s i o n    1 ,  0 ,  0 ,  1    : 
P r o d u c t V e r s i o n  1 ,  0 ,  0 ,  1    D 
V a r F i l e I n f o    $   T r a n s l a t i o n    ?            幕
せ
            鸦
椿
            莼
蓟
                    杌
龌
?    ?    $?    KERNEL32.DLL SHELL32.dll SHLWAPI.dll  LoadLibraryA  GetProcAddress  ExitProcess  ShellExecuteA  SHSetValueA


还真是这样咧，我也不太清楚它想干什么

是的瑞星和反间谍专家现在都报哦

引用:

【【火影】我爱罗的贴子】是的瑞星和反间谍专家现在都报哦 ...........................

建一个文件夹。
注册表改动被SSM挡住了。
卡巴斯基确实不报。

请问Backdoor.GPigeon.ej 和Backdoor.BlackHole.k 怎么杀啊！！
瑞星都杀不了啊！我还是用正版的呢！！谢谢啦！！

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}]
@=""

一款AD软件

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitefjg32.exe

我电脑正常吗?

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      18:45:33, 日期 2005-7-27
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\services.exe
C:\Program Files\NewRemoteControl\NewRmtService.exe
C:\Program Files\Common Files\DeviceManager\lxdevclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Trial\CalCheck.exe
C:\PROGRA~1\Toolbar\PIB.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\happyhome\幸福飞梭\lxswitch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\DeviceManager\DeviceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\CDM\urxfjovdus.exe
C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
F3 - REG:win.ini: run=C:\WINDOWS\services.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O2 - BHO: (no name) - {3800F09B-A433-E00C-0EC3-40907854A8A0} - C:\WINDOWS\CDM\urxfjovdus.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - IE工具栏增项: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O3 - IE工具栏增项: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - IE工具栏增项: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - IE工具栏增项: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NewRmtService ] C:\Program Files\NewRemoteControl\NewRmtService.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [lxdevclient] C:\Program Files\Common Files\DeviceManager\lxdevclient.exe
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [cesmain.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\Ces\cmail.dll,Rundll32
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [KAVRUN] G:\KAV4U\KAVRUN.EXE
O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - 启动项HKLM\\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - 启动项HKLM\\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - 启动项HKLM\\Run: [RfwMain] "E:\瑞星防火墙2005\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - 启动项HKLM\\Run: [HELPER] C:\WINDOWS\System32\china.exe -N
O4 - 启动项HKLM\\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - 启动项HKLM\\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - 启动项HKLM\\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - 启动项HKLM\\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - 启动项HKLM\\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - 启动项HKLM\\Run: [iqbc1a7i] C:\WINDOWS\System32\iqbc1a7i.exe
O4 - 启动项HKLM\\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - 启动项HKLM\\Run: [msxct] msxct.exe
O4 - 启动项HKLM\\Run: [sac] c:\program files\180searchassistant\sac.exe
O4 - 启动项HKLM\\Run: [utwxyh] C:\WINDOWS\utwxyh.exe
O4 - 启动项HKLM\\Run: [Grsy045Au] C:\WINDOWS\qugjhq.exe
O4 - 启动项HKLM\\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - 启动项HKLM\\Run: [services] C:\WINDOWS\services.exe
O4 - 启动项HKLM\\Run: [KAVPersonal50] "D:\kaspersky\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\RunServices: [MS Auto-IPSec Protection] MSASP32.exe
O4 - 启动项HKLM\\RunServices: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - 启动项HKCU\\RunServices: [services] C:\WINDOWS\services.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Trial\CalCheck.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - IE右键菜单中的新增项目: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_bjbta_922 (file missing)
O9 - 浏览器额外的按钮: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - 浏览器额外的按钮: 3721中文邮 - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O9 - 浏览器额外的按钮: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的“工具”菜单项: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE