有沒有人IE首頁被改成WWW.133.net過~?一直中...

    如題~我的IE(6.0)的首頁一直被改成這個該死的www.133.net網站,
平常明明有常駐Pc-Cillin2007的~還一直中,試過網路上一些提供的改
regedit的值,或是用過Spyware doctor清理,Windows 清理助手,
及ixx360清過,每次都只撐個2,3天後又被改了!有人
有什麼好辦法可以解決它的嗎~~~感激!

x0

要不要俺幫忙?

x0

似乎沒辦法抓出它的源頭file,因為隔幾天後又會出現狀況...
您有什麼好見地嗎~~?

x0

基本上就是中毒啦,請多用幾套他牌線上掃毒看看 http://www.avpclub.ddns.info/discuz/viewthread.php?tid=115&extra=page%3D1

另外,pcc2007很爛,最起碼請用pcc2008或2009喔....還有,我有別人修改的reg檔,設定pchome為首頁的要不要試看看.... 不過不知道要如何附檔上傳耶....須要的再pm我....

x0

請下載 RegQuery 到桌面後，點擊後執行，將下列的key貼上後，一次一個按Query 後，然後將報表貼上來。

HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace

x0

好~我下班回家以後試試看~再貼上來~3Q

P.S 最近一次是幾天前我開機後開IE時它又想改
,被PCC2007發現,然後我選擇永遠封鎖(這個改變)
現在大概有四五天都還OK了,不過之前也做過永遠封鎖
一次,結果幾天後還是有動作~可能還是治標沒有治本...

x0

第一個query
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
"InfoTip"="@shdoclc.dll,-881"
"LocalizedString"="@shdoclc.dll,-880"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon]
@="shdoclc.dll,-190"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell]
@="OpenHomePage"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage]
@="開啟首頁(&H)"
"MUIVerb"="@shdoclc.dll,-10241"

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
@=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\
00,46,00,69,00,6c,00,65,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,6e,00,\
65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,69,\
00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,2e,00,65,00,78,00,65,00,22,00,\
00,00

[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder]
"Attributes"=dword:00000024
"HideFolderVerbs"=""
"WantsParseDisplayName"=""
"HideOnDesktopPerUser"=""
--------------------------------------------------------------------------------------------------------------------------------
第二個Query
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"="0"
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000001
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000001
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:00000001
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000
--------------------------------------------------------------------------------------------------------------------------------------------
第三個Query
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}]
@="Computer Search Results Folder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
@=""
"Removal Message"="@mydocs.dll,-900"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}]
@="Search Results Folder"
------------------------------------------------------------------------------------
請Davis兄看看了~我是看不太出來有什麼異常 ~3Q~~

x0

麻煩你再將下列兩個key，再用RegQuery跑一下，再貼上來。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

還有右鍵快速啟動的ie圖標(在開始的右邊)>內容>捷徑>目標後面應該是只有"c:\Program Files\Internet Explorer\iexplore.exe"

你檢查一下，其後面是否有www.133.net

x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
----------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"=hex:0a,00,00,00
"Delete_Temp_Files_On_Exit"="yes"
"Anchor_Visitation_Horizon"=hex:01,00,00,00
"Use_Async_DNS"="yes"
"Placeholder_Width"=hex:1a,00,00,00
"Placeholder_Height"=hex:1a,00,00,00
"Start Page"="http://udnnews.com/"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Wizard_Version"="6.0.2600.0000"
"FullScreen"="no"
"Local Page"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,6c,00,61,00,6e,00,6b,00,2e,00,68,00,74,00,6d,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds]
"400"=dword:00000200
"403"=dword:00000100
"404"=dword:00000200
"405"=dword:00000100
"406"=dword:00000200
"408"=dword:00000200
"409"=dword:00000200
"410"=dword:00000100
"500"=dword:00000200
"501"=dword:00000200
"505"=dword:00000200

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"wmplayer.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate]
"1"="www.%s.com"
"2"="www.%s.org"
"3"="www.%s.net"
"4"="www.%s.edu"
------------------------------------------------------------------------------------------
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
----------------------------------------------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000000
"NoJITSetup"=dword:00000000
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://udn.com/NEWS/main.html"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,e8,00,00,00,e8,00,00,00,c8,03,00,00,ea,02,00,\
00
"NotifyDownloadComplete"="no"
"FavoritesImportFolder"="C:\\Documents and Settings\\Administrator\\Favorites"
"Error Dlg Displayed On Every Error"="no"
"Error Dlg Details Pane Open"="yes"
"Use FormSuggest"="no"
"AddToFavoritesExpanded"=dword:00000000
"FormSuggest PW Ask"="no"
"Use_Combobox_DlgBox_Colors_Complete"="3"
"Use_Combobox_DlgBox_Colors_Failed"="1"
"Use_Combobox_DlgBox_Colors_Error"="3"
"Save Directory"="F:\\離線網頁\\ACCESS教學\\"
"DisableScriptDebuggerIE"="yes"
"Friendly http errors"="yes"
"AutoSearch"=dword:00000000
"Print_Background"="no"
"Enable AutoImageResize"="yes"
"Enable_MyPics_Hoverbar"="yes"
"Play_Background_Sounds"="yes"
"Play_Animations"="yes"
"Display Inline Videos"="yes"
"Show image placeholders"=dword:00000001
"Expand Alt Text"="no"
"Move System Caret"="no"
"ShowGoButton"="yes"
"Force Offscreen Composition"=dword:00000000
"SmoothScroll"=dword:00000001
"AllowWindowReuse"=dword:00000001
"FavIntelliMenus"="no"
"Enable Browser Extensions"="yes"
"Page_Transitions"=dword:00000001
"UseThemes"=dword:00000001
"NoWebJITSetup"=dword:00000000
"NscSingleExpand"=dword:00000001
"ShowedCheckBrowser"="Yes"
"Check_Associations"="No"
"LastCheckedHi"=dword:01ca6061

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"=dword:00000001

FYI~3Q,快速啟動的IE那後面沒有www.133.net,就只有正常的路徑檔名.

x0

就在幾秒鐘之前那該死的www.133.net又出現了!
被我的PCC2007發現它又想改首頁,我是再度選永久封鎖了,
不知道能撐多久QQ

p.s這能不能上傳硬碟上的圖片啊,還是一定要傳到網路上.

已上傳圖片到BiWord

請選擇Download or open the jpg file

x0

1
下載附件解壓後，點擊IE_reset_restrictions.reg後，讓其導入登錄檔。


2
請將你桌面的IE or FireFox 的icons全部刪除，包含左下角的quick launch的圖示(在開始的右邊). 如果不能刪除，

右鍵你桌面的空白處，選內容>桌面>自定桌面>按立刻清除桌面>選你要刪除的IE圖示，按下一步後就可自動清理。

再到 c:\Program Files\Internet Explorer 資料夾中點擊iE的圖示按右鍵到桌面重新建立捷徑，然後托洩這個桌面圖示到quich launch快捷就可。

如果也刪除了firefox也是按上面的一樣操作。

3
打開ie後，工具>資料夾選項>一般>重新設立你的首頁。例如http://udn.com/NEWS/


重新開機後。Let me know how things went.

本帖包含附件
檔名:	IE_reset_restrictions.rar   (2022-06-09 14:13 / 1 KB)	下載次數:	263

x1

所以Davis兄從那些Query資訊裡有
看出哪裡有問題了喔?醬厲害!?
好我回家試試看~

x0

按照上上篇Davis兄的作法作了,
重開機後開了IE看,首頁還是維持著
原本設的聯合新聞網的首頁,暫時還OK,看過幾天還會不會再
發作了!謝了!另外桌面IE我不想用拉的捷徑,想直接重新顯示IE應該OK吧(自訂桌面)?

x0

!另外桌面IE我不想用拉的捷徑,想直接重新顯示IE應該OK吧(自訂桌面)?

行吧!應該也可以，請將你的Trend Micro internet Security 2007的封鎖去掉就可知是否處理乾淨。為了確認，你最好下載mban 來掃一下。按下面來操作就可。俺沒中文的說明，所以就.......

Please download Malwarebytes' Anti-Malware from Here or Here

[1]Double Click mbam-setup.exe to install the application.
[2]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
[3]If an update is found, it will download and install the latest version.
[4]Once the program has loaded, select "Perform Quick Scan", then click Scan.
[5]The scan may take some time to finish,so please be patient.
[6]When the scan is complete, click OK, then Show Results to view the results.
[7]Make sure that everything is checked, and click Remove Selected.
[8]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
[9]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
[10]C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
[11]You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

還不行就要拿出重武器了

x0

圖 1.

圖 2.

圖 3.


Malwarebytes' Anti-Malware<-這個真不好用...
安裝時用中文會亂碼,安裝過程也會出現錯誤訊息,
而且裝一堆...登錄碼,啟動區,服務...等,真怕移除時移不乾淨
更新時也有錯誤訊息,連掃描時都有!
如圖1
或圖2
或圖3  <-會掃一掃自動關掉!
這軟體是未完成品吧= =+,不過還是有抓出一些木馬清除掉了...等幾天看看先..

x0

這個軟體是目前最好的掃木馬的免費軟體，出現這個錯誤可以移除後，再下載官網的移除程式後，重灌就可，重灌時選擇英文就行。

http://www.malwarebytes.org/forums/index.php?showtopic=25009

Gooooood luck!

x0

按照上面網址的作法,移除掉->重開機->Mban-clean.exe->重開機->裝最新版1.42版
,結果掃描掃一掃還是出現如前文圖3的錯誤訊息!然後就會關閉掃描了= =+
放棄了...

x0

到目前為止還沒有出現異常!看起來還OK~
再觀察看看~

x0

我已經被綁架很多次了orz
當時都只有去regedit修改而已，不過偶爾還是會變回來
這次試試看新方法
有拿有推~
等看明天狀況如何

x0

Davis大
我也發生類似狀況
我的目標是"C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe" http://www.6dudu.com/
後面多了http://www.6dudu.com/

要怎麼辦


x0

之前我一也出現此種情況雖然苦無解決方法
最後還原才解決

x0

經過之前Davis兄的步驟,我的問題應該是解決了,到目前為止我的IE
都還是正常的情況~感謝啦~!

x0

請問我的桌面空白處按右鍵沒有內容這個項目該怎麼刪除ICON在IE上按右鍵選項都變成亂碼了....請幫幫我，謝謝。

x0

Server Error.

x0

如果是vista 系統就無內容這一項，如果是xp的話，就要修復了。

此修復登錄檔只限xp，下載後，直接點擊後導入，重開機。

本帖包含附件
檔名:	restoreproperties.rar   (2022-06-09 14:14 / 1 KB)   Restore Right Click Properties	下載次數:	22

x0

小弟之前有被改過!

最後用了好多種方法還是沒解決...

最後只好重灌...

這該死的網站真的很可惡

x0