为什么我的电脑的 Documents 文件夹中有一个名为“Baidu”的文件夹

Question

我建议在没有网络的情况下以安全模式重新启动计算机，然后运行 AV 扫描。

还要通过运行 HijackThis 并检查 .dll 文件是否也被删除来检查并确保没有浏览器辅助对象。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BarBroker.EXE
HKEY_CURRENT_USER\Software\baidu
HKEY_CLASSES_ROOT\BaiduBar.Tool.1
HKEY_CLASSES_ROOT\BaiduBar.Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar.Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar.Tool.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.ToolBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.ToolBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.BandIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.BandIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.3
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BECD27B-DCF5-4DEF-B066-486A47245C03}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2923508C-9425-4A61-B9CE-A98239055916}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C2BFEC9-F03C-4F74-932E-5723E603B4AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EF05EFF-0E62-4040-8D81-73A10D8DE60F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D158174C-004B-4A2E-9410-5442C10C60D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3A8C9D89-3271-45F4-98C0-56B0F5A16172}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D12F94FA-FC9A-41F7-B808-7FBB419DD7A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.BDLogin.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.BDLogin
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.5
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.4
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.3
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.2
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.1
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage
HKEY_CLASSES_ROOT\clsid\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_CLASSES_ROOT\clsid\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduBarX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}
HKEY_CLASSES_ROOT\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduBar
HKEY_CURRENT_USER\Software\Baidu\BaiduBar
HKEY_CLASSES_ROOT\CLSID\{FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}
HKEY_CLASSES_ROOT\TypeLib\{6AFC2761-1253-427C-9A56-385B4609BE1D}
HKEY_CLASSES_ROOT\BaiduBar.Baidu.1
HKEY_CLASSES_ROOT\BaiduBar.Baidu
HKEY_CLASSES_ROOT\Interface\{464C8A26-31E9-411C-9583-5B858E631DCC}
HKEY_CLASSES_ROOT\Interface\{89FDCC4B-8D91-49B0-81A6-18BCFF582735}
HKEY_CLASSES_ROOT\Interface\{96249369-D3DC-4AE6-8A3B-E7109D46E98D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar.Baidu.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar.Baidu
HKEY_CLASSES_ROOT\CLSID\{7C76C055-ED6E-4535-A70F-CD476E727F67}
HKEY_CLASSES_ROOT\BaiduBarEx.BandIE.1
HKEY_CLASSES_ROOT\BaiduBarEx.BandIE
HKEY_CLASSES_ROOT\BaiduBarEx.DropTarget.1
HKEY_CLASSES_ROOT\BaiduBarEx.DropTarget
HKEY_CLASSES_ROOT\Interface\{A294F8EB-86D9-4C4A-8B3E-909253761C64}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.DropTarget.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BandIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BandIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdGuard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sobar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-fb22-4a4e-8ab8-c85cfab14626}
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_bar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_CLASSES_ROOT\clsid\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_CLASSES_ROOT\clsid\{B580CF65-E151-49C3-B73F-70B13FCA8E86}

是创建的注册表项。

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=65CF80B551E1C349B73F70B13FCA8E86
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=12
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]{89FDCC4B-8D91-49B0-81A6-18BCFF582735}=4BCCFD89918DB04981A618BCFF582735
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=00
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=sobar
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=BaiduBar
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar] {B580CF65-E151-49C3-B73F-70B13FCA8E86}=00
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar] {B580CF65-E151-49C3-B73F-70B13FCA8E86}=BaiduBar

是值。如果它不断出现，则表明您有某种潜在感染，这就是为什么我建议在不联网的情况下在安全模式下运行扫描。

Answer 1

我建议在没有网络的情况下以安全模式重新启动计算机，然后运行 AV 扫描。

还要通过运行 HijackThis 并检查 .dll 文件是否也被删除来检查并确保没有浏览器辅助对象。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BarBroker.EXE
HKEY_CURRENT_USER\Software\baidu
HKEY_CLASSES_ROOT\BaiduBar.Tool.1
HKEY_CLASSES_ROOT\BaiduBar.Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar.Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar.Tool.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.ToolBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.ToolBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.BandIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.BandIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.3
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BECD27B-DCF5-4DEF-B066-486A47245C03}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2923508C-9425-4A61-B9CE-A98239055916}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C2BFEC9-F03C-4F74-932E-5723E603B4AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EF05EFF-0E62-4040-8D81-73A10D8DE60F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D158174C-004B-4A2E-9410-5442C10C60D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3A8C9D89-3271-45F4-98C0-56B0F5A16172}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D12F94FA-FC9A-41F7-B808-7FBB419DD7A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BDHomePage.5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.BDLogin.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarX.BDLogin
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.5
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.4
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.3
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.2
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage.1
HKEY_CLASSES_ROOT\BaiduBarEx.BDHomePage
HKEY_CLASSES_ROOT\clsid\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_CLASSES_ROOT\clsid\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduBarX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}
HKEY_CLASSES_ROOT\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduBar
HKEY_CURRENT_USER\Software\Baidu\BaiduBar
HKEY_CLASSES_ROOT\CLSID\{FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}
HKEY_CLASSES_ROOT\TypeLib\{6AFC2761-1253-427C-9A56-385B4609BE1D}
HKEY_CLASSES_ROOT\BaiduBar.Baidu.1
HKEY_CLASSES_ROOT\BaiduBar.Baidu
HKEY_CLASSES_ROOT\Interface\{464C8A26-31E9-411C-9583-5B858E631DCC}
HKEY_CLASSES_ROOT\Interface\{89FDCC4B-8D91-49B0-81A6-18BCFF582735}
HKEY_CLASSES_ROOT\Interface\{96249369-D3DC-4AE6-8A3B-E7109D46E98D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar.Baidu.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar.Baidu
HKEY_CLASSES_ROOT\CLSID\{7C76C055-ED6E-4535-A70F-CD476E727F67}
HKEY_CLASSES_ROOT\BaiduBarEx.BandIE.1
HKEY_CLASSES_ROOT\BaiduBarEx.BandIE
HKEY_CLASSES_ROOT\BaiduBarEx.DropTarget.1
HKEY_CLASSES_ROOT\BaiduBarEx.DropTarget
HKEY_CLASSES_ROOT\Interface\{A294F8EB-86D9-4C4A-8B3E-909253761C64}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.DropTarget.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.DropTarget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BandIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBarEx.BandIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdGuard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sobar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-fb22-4a4e-8ab8-c85cfab14626}
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_bar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_CLASSES_ROOT\clsid\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_CLASSES_ROOT\clsid\{B580CF65-E151-49C3-B73F-70B13FCA8E86}

是创建的注册表项。

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=65CF80B551E1C349B73F70B13FCA8E86
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=12
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]{89FDCC4B-8D91-49B0-81A6-18BCFF582735}=4BCCFD89918DB04981A618BCFF582735
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=00
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=sobar
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar]{B580CF65-E151-49C3-B73F-70B13FCA8E86}=BaiduBar
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar] {B580CF65-E151-49C3-B73F-70B13FCA8E86}=00
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar] {B580CF65-E151-49C3-B73F-70B13FCA8E86}=BaiduBar

是值。如果它不断出现，则表明您有某种潜在感染，这就是为什么我建议在不联网的情况下在安全模式下运行扫描。

为什么我的电脑的 Documents 文件夹中有一个名为“Baidu”的文件夹

答案1

相关内容