引用 | 編輯
imperfect33
2009-11-25 10:47 |
樓主
▼ |
||
x0
如題~我的IE(6.0)的首頁一直被改成這個該死的www.133.net網站,平常明明有常駐Pc-Cillin2007的~還一直中,試過網路上一些提供的改 regedit的值,或是用過Spyware doctor清理,Windows 清理助手, 及ixx360清過,每次都只撐個2,3天後又被改了!有人 有什麼好辦法可以解決它的嗎~~~感激! x0
|
引用 | 編輯
imperfect33
2009-12-01 10:11 |
2樓
▲ ▼ |
似乎沒辦法抓出它的源頭file,因為隔幾天後又會出現狀況...
您有什麼好見地嗎~~? x0 |
引用 | 編輯
rocbibo
2009-12-03 17:11 |
3樓
▲ ▼ |
基本上就是中毒啦,請多用幾套他牌線上掃毒看看 http://www.avpclub.ddns.info/discuz/viewthread.php?tid=115&extra=page%3D1
另外,pcc2007很爛,最起碼請用pcc2008或2009喔....還有,我有別人修改的reg檔,設定pchome為首頁的要不要試看看.... 不過不知道要如何附檔上傳耶....須要的再pm我.... x0 |
引用 | 編輯
Davis
2009-12-03 23:15 |
4樓
▲ ▼ |
請下載 RegQuery 到桌面後,點擊後執行,將下列的key貼上後,一次一個按Query 後,然後將報表貼上來。
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace x0 |
引用 | 編輯
imperfect33
2009-12-04 10:29 |
5樓
▲ ▼ |
好~我下班回家以後試試看~再貼上來~3Q
P.S 最近一次是幾天前我開機後開IE時它又想改 ,被PCC2007發現,然後我選擇永遠封鎖(這個改變) 現在大概有四五天都還OK了,不過之前也做過永遠封鎖 一次,結果幾天後還是有動作~可能還是治標沒有治本... x0 |
引用 | 編輯
imperfect33
2009-12-04 19:23 |
6樓
▲ ▼ |
第一個query
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}] "InfoTip"="@shdoclc.dll,-881" "LocalizedString"="@shdoclc.dll,-880" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon] @="shdoclc.dll,-190" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00 "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell] @="OpenHomePage" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage] @="開啟首頁(&H)" "MUIVerb"="@shdoclc.dll,-10241" [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command] @=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\ 00,46,00,69,00,6c,00,65,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,6e,00,\ 65,00,74,00,20,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,5c,00,69,\ 00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,2e,00,65,00,78,00,65,00,22,00,\ 00,00 [HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder] "Attributes"=dword:00000024 "HideFolderVerbs"="" "WantsParseDisplayName"="" "HideOnDesktopPerUser"="" -------------------------------------------------------------------------------------------------------------------------------- 第二個Query Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"="0" "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000001 "{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000001 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:00000001 "{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000 -------------------------------------------------------------------------------------------------------------------------------------------- 第三個Query Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}] @="Computer Search Results Folder" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}] @="" "Removal Message"="@mydocs.dll,-900" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}] @="Recycle Bin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}] @="Search Results Folder" ------------------------------------------------------------------------------------ 請Davis兄看看了~我是看不太出來有什麼異常 ~3Q~~ x0 |
引用 | 編輯
Davis
2009-12-04 20:36 |
7樓
▲ ▼ |
麻煩你再將下列兩個key,再用RegQuery跑一下,再貼上來。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main 還有右鍵快速啟動的ie圖標(在開始的右邊)>內容>捷徑>目標後面應該是只有"c:\Program Files\Internet Explorer\iexplore.exe" 你檢查一下,其後面是否有www.133.net x0 |
引用 | 編輯
imperfect33
2009-12-08 22:50 |
8樓
▲ ▼ |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
---------------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Enable_Disk_Cache"="yes" "Cache_Percent_of_Disk"=hex:0a,00,00,00 "Delete_Temp_Files_On_Exit"="yes" "Anchor_Visitation_Horizon"=hex:01,00,00,00 "Use_Async_DNS"="yes" "Placeholder_Width"=hex:1a,00,00,00 "Placeholder_Height"=hex:1a,00,00,00 "Start Page"="http://udnnews.com/" "CompanyName"="Microsoft Corporation" "Custom_Key"="MICROSO" "Wizard_Version"="6.0.2600.0000" "FullScreen"="no" "Local Page"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 62,00,6c,00,61,00,6e,00,6b,00,2e,00,68,00,74,00,6d,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds] "400"=dword:00000200 "403"=dword:00000100 "404"=dword:00000200 "405"=dword:00000100 "406"=dword:00000200 "408"=dword:00000200 "409"=dword:00000200 "410"=dword:00000100 "500"=dword:00000200 "501"=dword:00000200 "505"=dword:00000200 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] @="" "waol.exe"=dword:00000001 "cs.exe"=dword:00000001 "wm.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "wmplayer.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate] "1"="www.%s.com" "2"="www.%s.org" "3"="www.%s.net" "4"="www.%s.edu" ------------------------------------------------------------------------------------------ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main ---------------------------------------------------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "NoUpdateCheck"=dword:00000000 "NoJITSetup"=dword:00000000 "Disable Script Debugger"="yes" "Show_ChannelBand"="No" "Anchor Underline"="yes" "Cache_Update_Frequency"="Once_Per_Session" "Display Inline Images"="yes" "Do404Search"=hex:01,00,00,00 "Save_Session_History_On_Exit"="no" "Show_FullURL"="no" "Show_StatusBar"="yes" "Show_ToolBar"="yes" "Show_URLinStatusBar"="yes" "Show_URLToolBar"="yes" "Start Page"="http://udn.com/NEWS/main.html" "Use_DlgBox_Colors"="yes" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "FullScreen"="no" "Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,e8,00,00,00,e8,00,00,00,c8,03,00,00,ea,02,00,\ 00 "NotifyDownloadComplete"="no" "FavoritesImportFolder"="C:\\Documents and Settings\\Administrator\\Favorites" "Error Dlg Displayed On Every Error"="no" "Error Dlg Details Pane Open"="yes" "Use FormSuggest"="no" "AddToFavoritesExpanded"=dword:00000000 "FormSuggest PW Ask"="no" "Use_Combobox_DlgBox_Colors_Complete"="3" "Use_Combobox_DlgBox_Colors_Failed"="1" "Use_Combobox_DlgBox_Colors_Error"="3" "Save Directory"="F:\\離線網頁\\ACCESS教學\\" "DisableScriptDebuggerIE"="yes" "Friendly http errors"="yes" "AutoSearch"=dword:00000000 "Print_Background"="no" "Enable AutoImageResize"="yes" "Enable_MyPics_Hoverbar"="yes" "Play_Background_Sounds"="yes" "Play_Animations"="yes" "Display Inline Videos"="yes" "Show image placeholders"=dword:00000001 "Expand Alt Text"="no" "Move System Caret"="no" "ShowGoButton"="yes" "Force Offscreen Composition"=dword:00000000 "SmoothScroll"=dword:00000001 "AllowWindowReuse"=dword:00000001 "FavIntelliMenus"="no" "Enable Browser Extensions"="yes" "Page_Transitions"=dword:00000001 "UseThemes"=dword:00000001 "NoWebJITSetup"=dword:00000000 "NscSingleExpand"=dword:00000001 "ShowedCheckBrowser"="Yes" "Check_Associations"="No" "LastCheckedHi"=dword:01ca6061 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "iexplore.exe"=dword:00000001 FYI~3Q,快速啟動的IE那後面沒有www.133.net,就只有正常的路徑檔名. x0 |
引用 | 編輯
imperfect33
2009-12-08 23:06 |
9樓
▲ ▼ |
就在幾秒鐘之前那該死的www.133.net又出現了!
被我的PCC2007發現它又想改首頁,我是再度選永久封鎖了, 不知道能撐多久QQ p.s這能不能上傳硬碟上的圖片啊,還是一定要傳到網路上. 已上傳圖片到BiWord 請選擇Download or open the jpg file x0 |
引用 | 編輯
Davis
2009-12-09 17:04 |
10樓
▲ ▼ |
||||||||||
1
下載附件解壓後,點擊IE_reset_restrictions.reg後,讓其導入登錄檔。 2 請將你桌面的IE or FireFox 的icons全部刪除,包含左下角的quick launch的圖示(在開始的右邊). 如果不能刪除, 右鍵你桌面的空白處,選內容>桌面>自定桌面>按立刻清除桌面>選你要刪除的IE圖示,按下一步後就可自動清理。 再到 c:\Program Files\Internet Explorer 資料夾中點擊iE的圖示按右鍵到桌面重新建立捷徑,然後托洩這個桌面圖示到quich launch快捷就可。 如果也刪除了firefox也是按上面的一樣操作。 3 打開ie後,工具>資料夾選項>一般>重新設立你的首頁。例如http://udn.com/NEWS/ 重新開機後。Let me know how things went.
x1 |
引用 | 編輯
imperfect33
2009-12-10 17:11 |
11樓
▲ ▼ |
所以Davis兄從那些Query資訊裡有
看出哪裡有問題了喔?醬厲害!? 好我回家試試看~ x0 |
引用 | 編輯
imperfect33
2009-12-10 19:44 |
12樓
▲ ▼ |
按照上上篇Davis兄的作法作了,
重開機後開了IE看,首頁還是維持著 原本設的聯合新聞網的首頁,暫時還OK,看過幾天還會不會再 發作了!謝了!另外桌面IE我不想用拉的捷徑,想直接重新顯示IE應該OK吧(自訂桌面)? x0 |
引用 | 編輯
Davis
2009-12-10 21:32 |
13樓
▲ ▼ |
!另外桌面IE我不想用拉的捷徑,想直接重新顯示IE應該OK吧(自訂桌面)? 行吧!應該也可以,請將你的Trend Micro internet Security 2007的封鎖去掉就可知是否處理乾淨。為了確認,你最好下載mban 來掃一下。按下面來操作就可。俺沒中文的說明,所以就....... Please download Malwarebytes' Anti-Malware from Here or Here [1]Double Click mbam-setup.exe to install the application. [2]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. [3]If an update is found, it will download and install the latest version. [4]Once the program has loaded, select "Perform Quick Scan", then click Scan. [5]The scan may take some time to finish,so please be patient. [6]When the scan is complete, click OK, then Show Results to view the results. [7]Make sure that everything is checked, and click Remove Selected. [8]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. [9]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here: [10]C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt [11]You can refer to this tutorial Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 還不行就要拿出重武器了 x0 |
引用 | 編輯
imperfect33
2009-12-12 00:30 |
14樓
▲ ▼ |
引用 | 編輯
Davis
2009-12-12 02:35 |
15樓
▲ ▼ |
這個軟體是目前最好的掃木馬的免費軟體,出現這個錯誤可以移除後,再下載官網的移除程式後,重灌就可,重灌時選擇英文就行。
http://www.malwarebytes.org/forums/index.php?showtopic=25009 Gooooood luck! x0 |
引用 | 編輯
imperfect33
2009-12-13 15:21 |
16樓
▲ ▼ |
按照上面網址的作法,移除掉->重開機->Mban-clean.exe->重開機->裝最新版1.42版
,結果掃描掃一掃還是出現如前文圖3的錯誤訊息!然後就會關閉掃描了= =+ 放棄了... x0 |
引用 | 編輯
imperfect33
2009-12-18 16:54 |
17樓
▲ ▼ |
到目前為止還沒有出現異常!看起來還OK~
再觀察看看~ x0 |
引用 | 編輯
metisking
2010-01-25 03:32 |
18樓
▲ ▼ |
我已經被綁架很多次了orz
當時都只有去regedit修改而已,不過偶爾還是會變回來 這次試試看新方法 有拿有推~ 等看明天狀況如何 x0 |
引用 | 編輯
s931105
2010-02-10 19:51 |
19樓
▲ ▼ |
Davis大
我也發生類似狀況 我的目標是"C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe" http://www.6dudu.com/ 後面多了http://www.6dudu.com/ 要怎麼辦 x0 |
引用 | 編輯
imperfect33
2010-02-24 16:16 |
21樓
▲ ▼ |
經過之前Davis兄的步驟,我的問題應該是解決了,到目前為止我的IE
都還是正常的情況~感謝啦~! x0 |
引用 | 編輯
chuangtz
2010-03-01 10:00 |
22樓
▲ ▼ |
請問我的桌面空白處按右鍵沒有內容這個項目該怎麼刪除ICON在IE上按右鍵選項都變成亂碼了....請幫幫我,謝謝。
x0 |
引用 | 編輯
Davis
2010-03-03 04:59 |
24樓
▲ ▼ |
||||||||||
如果是vista 系統就無內容這一項,如果是xp的話,就要修復了。
此修復登錄檔只限xp,下載後,直接點擊後導入,重開機。
x0 |
引用 | 編輯
freeze02468
2013-12-27 20:29 |
25樓
▲ |
小弟之前有被改過!
最後用了好多種方法還是沒解決... 最後只好重灌... 這該死的網站真的很可惡 x0 |