有没有人IE首页被改成WWW.133.net过~?一直中...

    如题~我的IE(6.0)的首页一直被改成这个该死的www.133.net网站,
平常明明有常驻Pc-Cillin2007的~还一直中,试过网路上一些提供的改
regedit的值,或是用过Spyware doctor清理,Windows 清理助手,
及ixx360清过,每次都只撑个2,3天后又被改了!有人
有什么好办法可以解决它的吗~~~感激!

x0

要不要俺帮忙?

x0

似乎没办法抓出它的源头file,因为隔几天后又会出现状况...
您有什么好见地吗~~?

x0

基本上就是中毒啦,请多用几套他牌线上扫毒看看 http://www.avpclub.ddns.info/discuz/viewthread.php?tid=115&extra=page%3D1

另外,pcc2007很烂,最起码请用pcc2008或2009喔....还有,我有别人修改的reg档,设定pchome为首页的要不要试看看.... 不过不知道要如何附档上传耶....须要的再pm我....

x0

请下载 RegQuery 到桌面后，点击后执行，将下列的key贴上后，一次一个按Query 后，然后将报表贴上来。

HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace

x0

好~我下班回家以后试试看~再贴上来~3Q

P.S 最近一次是几天前我开机后开IE时它又想改
,被PCC2007发现,然后我选择永远封锁(这个改变)
现在大概有四五天都还OK了,不过之前也做过永远封锁
一次,结果几天后还是有动作~可能还是治标没有治本...

x0

第一个query
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
"InfoTip"="@shdoclc.dll,-881"
"LocalizedString"="@shdoclc.dll,-880"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon]
@="shdoclc.dll,-190"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell]
@="OpenHomePage"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
@="开启首页(&H)"
"MUIVerb"="@shdoclc.dll,-10241"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
@=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\
00,46,00,69,00,6c,00,65,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,6e,00,\
65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,69,\
00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,2e,00,65,00,78,00,65,00,22,00,\
00,00

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes"=dword:00000024
"HideFolderVerbs"=""
"WantsParseDisplayName"=""
"HideOnDesktopPerUser"=""
--------------------------------------------------------------------------------------------------------------------------------
第二个Query
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"="0"
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000001
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000001
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:00000001
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000
--------------------------------------------------------------------------------------------------------------------------------------------
第三个Query
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}]
@="Computer Search Results Folder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
@=""
"Removal Message"="@mydocs.dll,-900"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}]
@="Search Results Folder"
------------------------------------------------------------------------------------
请Davis兄看看了~我是看不太出来有什么异常 ~3Q~~

x0

麻烦你再将下列两个key，再用RegQuery跑一下，再贴上来。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

还有右键快速启动的ie图标(在开始的右边)>内容>捷径>目标后面应该是只有"c:\Program Files\Internet Explorer\iexplore.exe"

你检查一下，其后面是否有www.133.net

x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
----------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"=hex:0a,00,00,00
"Delete_Temp_Files_On_Exit"="yes"
"Anchor_Visitation_Horizon"=hex:01,00,00,00
"Use_Async_DNS"="yes"
"Placeholder_Width"=hex:1a,00,00,00
"Placeholder_Height"=hex:1a,00,00,00
"Start Page"="http://udnnews.com/"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Wizard_Version"="6.0.2600.0000"
"FullScreen"="no"
"Local Page"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,6c,00,61,00,6e,00,6b,00,2e,00,68,00,74,00,6d,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds]
"400"=dword:00000200
"403"=dword:00000100
"404"=dword:00000200
"405"=dword:00000100
"406"=dword:00000200
"408"=dword:00000200
"409"=dword:00000200
"410"=dword:00000100
"500"=dword:00000200
"501"=dword:00000200
"505"=dword:00000200

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate]
"1"="www.%s.com"
"2"="www.%s.org"
"3"="www.%s.net"
"4"="www.%s.edu"
------------------------------------------------------------------------------------------
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
----------------------------------------------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000000
"NoJITSetup"=dword:00000000
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://udn.com/NEWS/main.html"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,e8,00,00,00,e8,00,00,00,c8,03,00,00,ea,02,00,\
00
"NotifyDownloadComplete"="no"
"FavoritesImportFolder"="C:\\Documents and Settings\\Administrator\\Favorites"
"Error Dlg Displayed On Every Error"="no"
"Error Dlg Details Pane Open"="yes"
"Use FormSuggest"="no"
"AddToFavoritesExpanded"=dword:00000000
"FormSuggest PW Ask"="no"
"Use_Combobox_DlgBox_Colors_Complete"="3"
"Use_Combobox_DlgBox_Colors_Failed"="1"
"Use_Combobox_DlgBox_Colors_Error"="3"
"Save Directory"="F:\\离线网页\\ACCESS教学\\"
"DisableScriptDebuggerIE"="yes"
"Friendly http errors"="yes"
"AutoSearch"=dword:00000000
"Print_Background"="no"
"Enable AutoImageResize"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Play_Background_Sounds"="yes"
"Play_Animations"="yes"
"Display Inline Videos"="yes"
"Show image placeholders"=dword:00000001
"Expand Alt Text"="no"
"Move System Caret"="no"
"ShowGoButton"="yes"
"Force Offscreen Composition"=dword:00000000
"SmoothScroll"=dword:00000001
"AllowWindowReuse"=dword:00000001
"FavIntelliMenus"="no"
"Enable Browser Extensions"="yes"
"Page_Transitions"=dword:00000001
"UseThemes"=dword:00000001
"NoWebJITSetup"=dword:00000000
"NscSingleExpand"=dword:00000001
"ShowedCheckBrowser"="Yes"
"Check_Associations"="No"
"LastCheckedHi"=dword:01ca6061

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"=dword:00000001

FYI~3Q,快速启动的IE那后面没有www.133.net,就只有正常的路径档名.

x0

就在几秒钟之前那该死的www.133.net又出现了!
被我的PCC2007发现它又想改首页,我是再度选永久封锁了,
不知道能撑多久QQ

p.s这能不能上传硬碟上的图片啊,还是一定要传到网路上.

已上传图片到BiWord

请选择Download or open the jpg file

x0

1
下载附件解压后，点击IE_reset_restrictions.reg后，让其导入登录档。


2
请将你桌面的IE or FireFox 的icons全部删除，包含左下角的quick launch的图示(在开始的右边). 如果不能删除，

右键你桌面的空白处，选内容>桌面>自定桌面>按立刻清除桌面>选你要删除的IE图示，按下一步后就可自动清理。

再到 c:\Program Files\Internet Explorer 资料夹中点击iE的图示按右键到桌面重新建立捷径，然后托泄这个桌面图示到quich launch快捷就可。

如果也删除了firefox也是按上面的一样操作。

3
打开ie后，工具>资料夹选项>一般>重新设立你的首页。例如http://udn.com/NEWS/


重新开机后。Let me know how things went.

本帖包含附件
档名:	IE_reset_restrictions.rar   (2022-06-09 14:13 / 1 KB)	下载次数:	263

x1

所以Davis兄从那些Query资讯里有
看出哪里有问题了喔?酱厉害!?
好我回家试试看~

x0

按照上上篇Davis兄的作法作了,
重开机后开了IE看,首页还是维持着
原本设的联合新闻网的首页,暂时还OK,看过几天还会不会再
发作了!谢了!另外桌面IE我不想用拉的捷径,想直接重新显示IE应该OK吧(自订桌面)?

x0

!另外桌面IE我不想用拉的捷径,想直接重新显示IE应该OK吧(自订桌面)?

行吧!应该也可以，请将你的Trend Micro internet Security 2007的封锁去掉就可知是否处理干净。为了确认，你最好下载mban 来扫一下。按下面来操作就可。俺没中文的说明，所以就.......

Please download Malwarebytes' Anti-Malware from Here or Here

[1]Double Click mbam-setup.exe to install the application.
[2]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
[3]If an update is found, it will download and install the latest version.
[4]Once the program has loaded, select "Perform Quick Scan", then click Scan.
[5]The scan may take some time to finish,so please be patient.
[6]When the scan is complete, click OK, then Show Results to view the results.
[7]Make sure that everything is checked, and click Remove Selected.
[8]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
[9]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
[10]C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
[11]You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

还不行就要拿出重武器了

x0

图 1.

图 2.

图 3.


Malwarebytes' Anti-Malware<-这个真不好用...
安装时用中文会乱码,安装过程也会出现错误讯息,
而且装一堆...登录码,启动区,服务...等,真怕移除时移不干净
更新时也有错误讯息,连扫描时都有!
如图1
或图2
或图3  <-会扫一扫自动关掉!
这软体是未完成品吧= =+,不过还是有抓出一些木马清除掉了...等几天看看先..

x0

这个软体是目前最好的扫木马的免费软体，出现这个错误可以移除后，再下载官网的移除程式后，重灌就可，重灌时选择英文就行。

http://www.malwarebytes.org/forums/index.php?showtopic=25009

Gooooood luck!

x0

按照上面网址的作法,移除掉->重开机->Mban-clean.exe->重开机->装最新版1.42版
,结果扫描扫一扫还是出现如前文图3的错误讯息!然后就会关闭扫描了= =+
放弃了...

x0

到目前为止还没有出现异常!看起来还OK~
再观察看看~

x0

我已经被绑架很多次了orz
当时都只有去regedit修改而已，不过偶尔还是会变回来
这次试试看新方法
有拿有推~
等看明天状况如何

x0

Davis大
我也发生类似状况
我的目标是"C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe" http://www.6dudu.com/
后面多了http://www.6dudu.com/

要怎么办


x0

之前我一也出现此种情况虽然苦无解决方法
最后还原才解决

x0

经过之前Davis兄的步骤,我的问题应该是解决了,到目前为止我的IE
都还是正常的情况~感谢啦~!

x0

请问我的桌面空白处按右键没有内容这个项目该怎么删除ICON在IE上按右键选项都变成乱码了....请帮帮我，谢谢。

x0

Server Error.

x0

如果是vista 系统就无内容这一项，如果是xp的话，就要修复了。

此修复登录档只限xp，下载后，直接点击后导入，重开机。

本帖包含附件
档名:	restoreproperties.rar   (2022-06-09 14:14 / 1 KB)   Restore Right Click Properties	下载次数:	22

x0

小弟之前有被改过!

最后用了好多种方法还是没解决...

最后只好重灌...

这该死的网站真的很可恶

x0