引用 | 编辑
imperfect33
2009-11-25 10:47 |
楼主
▼ |
||
x0
如题~我的IE(6.0)的首页一直被改成这个该死的www.133.net网站,平常明明有常驻Pc-Cillin2007的~还一直中,试过网路上一些提供的改 regedit的值,或是用过Spyware doctor清理,Windows 清理助手, 及ixx360清过,每次都只撑个2,3天后又被改了!有人 有什么好办法可以解决它的吗~~~感激! x0
|
引用 | 编辑
imperfect33
2009-12-01 10:11 |
2楼
▲ ▼ |
似乎没办法抓出它的源头file,因为隔几天后又会出现状况...
您有什么好见地吗~~? x0 |
引用 | 编辑
rocbibo
2009-12-03 17:11 |
3楼
▲ ▼ |
基本上就是中毒啦,请多用几套他牌线上扫毒看看 http://www.avpclub.ddns.info/discuz/viewthread.php?tid=115&extra=page%3D1
另外,pcc2007很烂,最起码请用pcc2008或2009喔....还有,我有别人修改的reg档,设定pchome为首页的要不要试看看.... 不过不知道要如何附档上传耶....须要的再pm我.... x0 |
引用 | 编辑
Davis
2009-12-03 23:15 |
4楼
▲ ▼ |
请下载 RegQuery 到桌面后,点击后执行,将下列的key贴上后,一次一个按Query 后,然后将报表贴上来。
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace x0 |
引用 | 编辑
imperfect33
2009-12-04 10:29 |
5楼
▲ ▼ |
好~我下班回家以后试试看~再贴上来~3Q
P.S 最近一次是几天前我开机后开IE时它又想改 ,被PCC2007发现,然后我选择永远封锁(这个改变) 现在大概有四五天都还OK了,不过之前也做过永远封锁 一次,结果几天后还是有动作~可能还是治标没有治本... x0 |
引用 | 编辑
imperfect33
2009-12-04 19:23 |
6楼
▲ ▼ |
第一个query
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}] "InfoTip"="@shdoclc.dll,-881" "LocalizedString"="@shdoclc.dll,-880" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon] @="shdoclc.dll,-190" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00 "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell] @="OpenHomePage" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage] @="开启首页(&H)" "MUIVerb"="@shdoclc.dll,-10241" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command] @=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\ 00,46,00,69,00,6c,00,65,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,6e,00,\ 65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,69,\ 00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,2e,00,65,00,78,00,65,00,22,00,\ 00,00 [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder] "Attributes"=dword:00000024 "HideFolderVerbs"="" "WantsParseDisplayName"="" "HideOnDesktopPerUser"="" -------------------------------------------------------------------------------------------------------------------------------- 第二个Query Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"="0" "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000001 "{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000001 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:00000001 "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000 -------------------------------------------------------------------------------------------------------------------------------------------- 第三个Query Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}] @="Computer Search Results Folder" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}] @="" "Removal Message"="@mydocs.dll,-900" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}] @="Recycle Bin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}] @="Search Results Folder" ------------------------------------------------------------------------------------ 请Davis兄看看了~我是看不太出来有什么异常 ~3Q~~ x0 |
引用 | 编辑
Davis
2009-12-04 20:36 |
7楼
▲ ▼ |
麻烦你再将下列两个key,再用RegQuery跑一下,再贴上来。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main 还有右键快速启动的ie图标(在开始的右边)>内容>捷径>目标后面应该是只有"c:\Program Files\Internet Explorer\iexplore.exe" 你检查一下,其后面是否有www.133.net x0 |
引用 | 编辑
imperfect33
2009-12-08 22:50 |
8楼
▲ ▼ |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
---------------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Enable_Disk_Cache"="yes" "Cache_Percent_of_Disk"=hex:0a,00,00,00 "Delete_Temp_Files_On_Exit"="yes" "Anchor_Visitation_Horizon"=hex:01,00,00,00 "Use_Async_DNS"="yes" "Placeholder_Width"=hex:1a,00,00,00 "Placeholder_Height"=hex:1a,00,00,00 "Start Page"="http://udnnews.com/" "CompanyName"="Microsoft Corporation" "Custom_Key"="MICROSO" "Wizard_Version"="6.0.2600.0000" "FullScreen"="no" "Local Page"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 62,00,6c,00,61,00,6e,00,6b,00,2e,00,68,00,74,00,6d,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds] "400"=dword:00000200 "403"=dword:00000100 "404"=dword:00000200 "405"=dword:00000100 "406"=dword:00000200 "408"=dword:00000200 "409"=dword:00000200 "410"=dword:00000100 "500"=dword:00000200 "501"=dword:00000200 "505"=dword:00000200 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] @="" "waol.exe"=dword:00000001 "cs.exe"=dword:00000001 "wm.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate] "1"="www.%s.com" "2"="www.%s.org" "3"="www.%s.net" "4"="www.%s.edu" ------------------------------------------------------------------------------------------ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main ---------------------------------------------------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "NoUpdateCheck"=dword:00000000 "NoJITSetup"=dword:00000000 "Disable Script Debugger"="yes" "Show_ChannelBand"="No" "Anchor Underline"="yes" "Cache_Update_Frequency"="Once_Per_Session" "Display Inline Images"="yes" "Do404Search"=hex:01,00,00,00 "Save_Session_History_On_Exit"="no" "Show_FullURL"="no" "Show_StatusBar"="yes" "Show_ToolBar"="yes" "Show_URLinStatusBar"="yes" "Show_URLToolBar"="yes" "Start Page"="http://udn.com/NEWS/main.html" "Use_DlgBox_Colors"="yes" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "FullScreen"="no" "Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,e8,00,00,00,e8,00,00,00,c8,03,00,00,ea,02,00,\ 00 "NotifyDownloadComplete"="no" "FavoritesImportFolder"="C:\\Documents and Settings\\Administrator\\Favorites" "Error Dlg Displayed On Every Error"="no" "Error Dlg Details Pane Open"="yes" "Use FormSuggest"="no" "AddToFavoritesExpanded"=dword:00000000 "FormSuggest PW Ask"="no" "Use_Combobox_DlgBox_Colors_Complete"="3" "Use_Combobox_DlgBox_Colors_Failed"="1" "Use_Combobox_DlgBox_Colors_Error"="3" "Save Directory"="F:\\离线网页\\ACCESS教学\\" "DisableScriptDebuggerIE"="yes" "Friendly http errors"="yes" "AutoSearch"=dword:00000000 "Print_Background"="no" "Enable AutoImageResize"="yes" "Enable_MyPics_Hoverbar"="yes" "Play_Background_Sounds"="yes" "Play_Animations"="yes" "Display Inline Videos"="yes" "Show image placeholders"=dword:00000001 "Expand Alt Text"="no" "Move System Caret"="no" "ShowGoButton"="yes" "Force Offscreen Composition"=dword:00000000 "SmoothScroll"=dword:00000001 "AllowWindowReuse"=dword:00000001 "FavIntelliMenus"="no" "Enable Browser Extensions"="yes" "Page_Transitions"=dword:00000001 "UseThemes"=dword:00000001 "NoWebJITSetup"=dword:00000000 "NscSingleExpand"=dword:00000001 "ShowedCheckBrowser"="Yes" "Check_Associations"="No" "LastCheckedHi"=dword:01ca6061 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "iexplore.exe"=dword:00000001 FYI~3Q,快速启动的IE那后面没有www.133.net,就只有正常的路径档名. x0 |
引用 | 编辑
imperfect33
2009-12-08 23:06 |
9楼
▲ ▼ |
就在几秒钟之前那该死的www.133.net又出现了!
被我的PCC2007发现它又想改首页,我是再度选永久封锁了, 不知道能撑多久QQ p.s这能不能上传硬碟上的图片啊,还是一定要传到网路上. 已上传图片到BiWord 请选择Download or open the jpg file x0 |
引用 | 编辑
Davis
2009-12-09 17:04 |
10楼
▲ ▼ |
||||||||||
1
下载附件解压后,点击IE_reset_restrictions.reg后,让其导入登录档。 2 请将你桌面的IE or FireFox 的icons全部删除,包含左下角的quick launch的图示(在开始的右边). 如果不能删除, 右键你桌面的空白处,选内容>桌面>自定桌面>按立刻清除桌面>选你要删除的IE图示,按下一步后就可自动清理。 再到 c:\Program Files\Internet Explorer 资料夹中点击iE的图示按右键到桌面重新建立捷径,然后托泄这个桌面图示到quich launch快捷就可。 如果也删除了firefox也是按上面的一样操作。 3 打开ie后,工具>资料夹选项>一般>重新设立你的首页。例如http://udn.com/NEWS/ 重新开机后。Let me know how things went.
x1 |
引用 | 编辑
imperfect33
2009-12-10 17:11 |
11楼
▲ ▼ |
所以Davis兄从那些Query资讯里有
看出哪里有问题了喔?酱厉害!? 好我回家试试看~ x0 |
引用 | 编辑
imperfect33
2009-12-10 19:44 |
12楼
▲ ▼ |
按照上上篇Davis兄的作法作了,
重开机后开了IE看,首页还是维持着 原本设的联合新闻网的首页,暂时还OK,看过几天还会不会再 发作了!谢了!另外桌面IE我不想用拉的捷径,想直接重新显示IE应该OK吧(自订桌面)? x0 |
引用 | 编辑
Davis
2009-12-10 21:32 |
13楼
▲ ▼ |
!另外桌面IE我不想用拉的捷径,想直接重新显示IE应该OK吧(自订桌面)? 行吧!应该也可以,请将你的Trend Micro internet Security 2007的封锁去掉就可知是否处理干净。为了确认,你最好下载mban 来扫一下。按下面来操作就可。俺没中文的说明,所以就....... Please download Malwarebytes' Anti-Malware from Here or Here [1]Double Click mbam-setup.exe to install the application. [2]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. [3]If an update is found, it will download and install the latest version. [4]Once the program has loaded, select "Perform Quick Scan", then click Scan. [5]The scan may take some time to finish,so please be patient. [6]When the scan is complete, click OK, then Show Results to view the results. [7]Make sure that everything is checked, and click Remove Selected. [8]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. [9]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here: [10]C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt [11]You can refer to this tutorial Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 还不行就要拿出重武器了 x0 |
引用 | 编辑
imperfect33
2009-12-12 00:30 |
14楼
▲ ▼ |
引用 | 编辑
Davis
2009-12-12 02:35 |
15楼
▲ ▼ |
这个软体是目前最好的扫木马的免费软体,出现这个错误可以移除后,再下载官网的移除程式后,重灌就可,重灌时选择英文就行。
http://www.malwarebytes.org/forums/index.php?showtopic=25009 Gooooood luck! x0 |
引用 | 编辑
imperfect33
2009-12-13 15:21 |
16楼
▲ ▼ |
按照上面网址的作法,移除掉->重开机->Mban-clean.exe->重开机->装最新版1.42版
,结果扫描扫一扫还是出现如前文图3的错误讯息!然后就会关闭扫描了= =+ 放弃了... x0 |
引用 | 编辑
imperfect33
2009-12-18 16:54 |
17楼
▲ ▼ |
到目前为止还没有出现异常!看起来还OK~
再观察看看~ x0 |
引用 | 编辑
metisking
2010-01-25 03:32 |
18楼
▲ ▼ |
我已经被绑架很多次了orz
当时都只有去regedit修改而已,不过偶尔还是会变回来 这次试试看新方法 有拿有推~ 等看明天状况如何 x0 |
引用 | 编辑
s931105
2010-02-10 19:51 |
19楼
▲ ▼ |
Davis大
我也发生类似状况 我的目标是"C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe" http://www.6dudu.com/ 后面多了http://www.6dudu.com/ 要怎么办 x0 |
引用 | 编辑
imperfect33
2010-02-24 16:16 |
21楼
▲ ▼ |
经过之前Davis兄的步骤,我的问题应该是解决了,到目前为止我的IE
都还是正常的情况~感谢啦~! x0 |
引用 | 编辑
chuangtz
2010-03-01 10:00 |
22楼
▲ ▼ |
请问我的桌面空白处按右键没有内容这个项目该怎么删除ICON在IE上按右键选项都变成乱码了....请帮帮我,谢谢。
x0 |
引用 | 编辑
Davis
2010-03-03 04:59 |
24楼
▲ ▼ |
||||||||||
如果是vista 系统就无内容这一项,如果是xp的话,就要修复了。
此修复登录档只限xp,下载后,直接点击后导入,重开机。
x0 |
引用 | 编辑
freeze02468
2013-12-27 20:29 |
25楼
▲ |
小弟之前有被改过!
最后用了好多种方法还是没解决... 最后只好重灌... 这该死的网站真的很可恶 x0 |