IE被2345.com劫持!快捷方式那里无法改正! - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 IE被2345.com劫持!快捷方式那里无法改正!

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

IE被2345.com劫持!快捷方式那里无法改正!

MO王子初生襁褓狮帖子:2 注册: 2007-02-10 来自:	发表于： 2007-02-10 14:29 \| 只看楼主短消息资料字号：小中大 1楼 IE被2345.com劫持!快捷方式那里无法改正! Logfile of Kaka v2. 0. 2. 6 Scan Module v1. 0. 4. 5 Scan saved at 14:14:01, on 2007-02-10 Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600) MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.baidu.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm O1 - Hosts: 127.0.0.1 localhost O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷\ComDlls\XunLeiBHO_007.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [hxgame-update] C:\Program Files\hxupdate\hxgame-update.exe O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe O4 - Startup: desktop.ini = O4 - Global Startup: desktop.ini = O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &使用迅雷下载 - D:\迅雷\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\迅雷\Program\GetAllUrl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\游戏天地\腾迅QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - F:\游戏天地\腾迅QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - F:\游戏天地\腾迅QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\游戏天地\腾迅QQ\SendMMS.htm O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\迅雷\Thunder.exe O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\迅雷\Thunder.exe O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\游戏天地\腾迅QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\游戏天地\腾迅QQ\QQ.EXE O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome O15 - Trusted Zone: .easyabc.95599.cn O15 - Trusted Zone: .www.95599.cn O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D825C2C6-D927-4458-B2CE-8567F10F758D}: NameServer = 202.99.192.68 202.99.192.66 O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart (ATI Smart) - - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Human Interface Device Access (HidServ) - - C:\WINDOWS\system32\svchost.exe -k netsvcs O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe" O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe" 2007-02-10 21:41:24
MO王子初生襁褓狮帖子:2 注册: 2007-02-10 来自:	分享到：

MO王子初生襁褓狮帖子:2 注册: 2007-02-10 来自:	发表于： 2007-02-10 14:35 \| 只看楼主短消息资料字号：小中大 2楼解决方法! 因为安装了几个小游戏，游戏没玩咋的，却发现笔记本电脑和家里的台式机IE首页被改为2345.com，改回了空白页或设其它网站为首页都没用，下载杀毒软件和流氓软件清除也没效果。　　气人啊！后来死马当活马医，右击桌面左下角快速启动栏的IE按钮，点属性，一看气晕了，原来目标被改为 "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.2345.com 真是非常阴险狡诈，我后来将www.2345.com改成我想要的网站，如www.baidu.com,还要清理注册表里面的ROOT/CLSID/871C5380-42AO-1069-A2EA/shell/openhomepage/command 键值里面的：“http://www.2345.com/?duote2”部分,结果一切正常了，知道肯定有人中招，特将此方法分享，希望解决问题的朋友回复我的博客，增加点击率哟。希望卡卡能添加此类案件
MO王子初生襁褓狮帖子:2 注册: 2007-02-10 来自:

sunshineR 初生襁褓狮帖子:3 注册: 2005-10-27 来自:	发表于： 2007-02-10 19:10 \| 短消息资料字号：小中大 3楼看到了谢谢LZ... 果然是这招... - -~
sunshineR 初生襁褓狮帖子:3 注册: 2005-10-27 来自:

女校男生社区嘉宾帖子:38072 注册: 2006-01-22 来自:闭关修行暂不现身	发表于： 2007-02-10 21:50 \| 短消息资料字号：小中大 4楼不错值得学习谢谢楼主的分享
女校男生社区嘉宾帖子:38072 注册: 2006-01-22 来自:闭关修行暂不现身

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT