IE被劫持，请高手帮忙看下日志！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 IE被劫持，请高手帮忙看下日志！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

[求助] IE被劫持，请高手帮忙看下日志！

老北京炸酱面初生襁褓狮帖子:8 注册: 2007-03-30 来自:	发表于： 2010-04-08 23:08 \| 只看楼主短消息资料字号：小中大 1楼 IE被劫持，请高手帮忙看下日志！两天前中了招，用了卡卡和论坛的专杀工具都不好用，请高手帮忙看看。谢谢，****** 日志开始 ****** [键]HKEY_CLASSES_ROOT\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32 [值]@ [类型]REG_SZ [内容]c:\program files\internet explorer\iexplore.exe [键]HKEY_CLASSES_ROOT\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_CLASSES_ROOT\CLSID\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_CLASSES_ROOT\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\OLD ICON\HTMLFILE\DEFAULTICON [值]@ [类型]REG_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_CLASSES_ROOT\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\OLD ICON\MHTMLFILE\DEFAULTICON [值]@ [类型]REG_SZ [内容]c:\program files\internet explorer\iexplore.exe,22 [键]HKEY_CLASSES_ROOT\CLSID\{65014010-9F62-11D1-A651-00600811D5CE}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\SHELL\OPENHOMEPAGE\COMMAND [值]@ [类型]REG_EXPAND_SZ [内容]"c:\program files\internet explorer\iexplore.exe" [键]HKEY_CLASSES_ROOT\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\TOOLBOXBITMAP32 [值]@ [类型]REG_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_CLASSES_ROOT\CLSID\{FBF23B42-E3F0-101B-8488-00AA003E56F8}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]"%programfiles%\internet explorer\iexplore.exe",-32528 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DESKTOP\NAMESPACE\{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA} [值]@ [类型]REG_SZ [内容]computer search results folder [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DESKTOP\NAMESPACE\{450D8FBA-AD25-11D0-98A8-0800361B1103} [值]@ [类型]REG_SZ [内容]空 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DESKTOP\NAMESPACE\{450D8FBA-AD25-11D0-98A8-0800361B1103} [值]REMOVAL MESSAGE [类型]REG_SZ [内容]@mydocs.dll,-900 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DESKTOP\NAMESPACE\{645FF040-5081-101B-9F08-00AA002F954E} [值]@ [类型]REG_SZ [内容]recycle bin [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DESKTOP\NAMESPACE\{E17D4FC0-5564-11D1-83F2-00A0C90DC849} [值]@ [类型]REG_SZ [内容]search results folder [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\CLASSICSTARTMENU [值]{871C5380-42A0-1069-A2EA-08002B30309D} [类型]REG_DWORD [内容]0x00000001 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\NEWSTARTPANEL [值]{20D04FE0-3AEA-1069-A2D8-08002B30309D} [类型]REG_DWORD [内容]0x00000001 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\NEWSTARTPANEL [值]{450D8FBA-AD25-11D0-98A8-0800361B1103} [类型]REG_DWORD [内容]0x00000001 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\NEWSTARTPANEL [值]{208D2C60-3AEA-1069-A2D7-08002B30309D} [类型]REG_DWORD [内容]0x00000001 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\NEWSTARTPANEL [值]{871C5380-42A0-1069-A2EA-08002B30309D} [类型]REG_DWORD [内容]0x00000001 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\CLASSICSTARTMENU [值]{450D8FBA-AD25-11D0-98A8-0800361B1103} [类型]REG_DWORD [内容]0x00000000 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\CLASSICSTARTMENU [值]{20D04FE0-3AEA-1069-A2D8-08002B30309D} [类型]REG_DWORD [内容]0x00000000 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\CLASSICSTARTMENU [值]{208D2C60-3AEA-1069-A2D7-08002B30309D} [类型]REG_DWORD [内容]0x00000001 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\CLASSICSTARTMENU [值]{871C5380-42A0-1069-A2EA-08002B30309D} [类型]REG_DWORD [内容]0x00000001 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\NEWSTARTPANEL [值]{450D8FBA-AD25-11D0-98A8-0800361B1103} [类型]REG_DWORD [内容]0x00000000 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\NEWSTARTPANEL [值]{20D04FE0-3AEA-1069-A2D8-08002B30309D} [类型]REG_DWORD [内容]0x00000000 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\NEWSTARTPANEL [值]{208D2C60-3AEA-1069-A2D7-08002B30309D} [类型]REG_DWORD [内容]0x00000001 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\HIDEDESKTOPICONS\NEWSTARTPANEL [值]{871C5380-42A0-1069-A2EA-08002B30309D} [类型]REG_DWORD [内容]0x00000001 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [值]@ [类型]REG_SZ [内容]acroiehelperstub [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [值]NOEXPLORER [类型]REG_DWORD [内容]0x00000001 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [值]@ [类型]REG_SZ [内容]bitcomet clickcapture [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [值]@ [类型]REG_SZ [内容]卡卡上网安全助手 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A28581A7-E2A8-4B6C-9CC9-4A4CC1EFD55A} [值]@ [类型]REG_SZ [内容]谷歌金山词霸for ie [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A28581A7-E2A8-4B6C-9CC9-4A4CC1EFD55A} [值]NOEXPLORER [类型]REG_DWORD [内容]0x00000001 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} [值]@ [类型]REG_SZ [内容]flashgetbho [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} [值]NOEXPLORER [类型]REG_DWORD [内容]0x00000001 [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BB4491A2-D11A-4C6B-91C0-B53246A3122B} [值]@ [类型]REG_SZ [内容]中国工商银行bho [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BB4491A2-D11A-4C6B-91C0-B53246A3122B} [值]NOEXPLORER [类型]REG_DWORD [内容]0x00000001 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]%systemroot%\system32\mydocs.dll,0 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]%systemroot%\system32\shell32.dll,32 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DEFAULTICON [值]FULL [类型]REG_EXPAND_SZ [内容]%systemroot%\system32\shell32.dll,32 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DEFAULTICON [值]EMPTY [类型]REG_EXPAND_SZ [内容]%systemroot%\system32\shell32.dll,31 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\SHELLFOLDER [值]ATTRIBUTES [类型]REG_DWORD [内容]0x00000000 [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32 [值]@ [类型]REG_SZ [内容]c:\program files\internet explorer\iexplore.exe [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\OLD ICON\HTMLFILE\DEFAULTICON [值]@ [类型]REG_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\OLD ICON\MHTMLFILE\DEFAULTICON [值]@ [类型]REG_SZ [内容]c:\program files\internet explorer\iexplore.exe,22 [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{65014010-9F62-11D1-A651-00600811D5CE}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\SHELL\OPENHOMEPAGE\COMMAND [值]@ [类型]REG_EXPAND_SZ [内容]"c:\program files\internet explorer\iexplore.exe" [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\TOOLBOXBITMAP32 [值]@ [类型]REG_SZ [内容]c:\program files\internet explorer\iexplore.exe,1 [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{FBF23B42-E3F0-101B-8488-00AA003E56F8}\DEFAULTICON [值]@ [类型]REG_EXPAND_SZ [内容]"%programfiles%\internet explorer\iexplore.exe",-32528 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXPLORER BARS\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} [值]USESEARCHOPTIONS [类型]REG_DWORD [内容]0x00000001 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXPLORER BARS\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\CONTAININGTEXTMRU [值]000 [类型]REG_SZ [内容]巅峰投资 [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXPLORER BARS\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FILESNAMEDMRU [值]000 [类型]REG_SZ [内容]safepage.htm [键]HKEY_CLASSES_ROOT\HTTP\SHELL\OPEN\COMMAND [值]@ [类型]REG_SZ [内容]"c:\program files\internet explorer\iexplore.exe" -nohome [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN [值]START PAGE [类型]REG_SZ [内容]about:blank [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN [值]DEFAULT_PAGE_URL [类型]REG_SZ [内容]about:blank [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN [值]FIRSTHOMEPAGE [类型]REG_SZ [内容]about:blank [键]HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN [值]SEARCH PAGE [类型]REG_SZ [内容]http://www.google.com [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN [值]DEFAULT_PAGE_URL [类型]REG_SZ [内容]about:blank [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN [值]FIRSTHOMEPAGE [类型]REG_SZ [内容]about:blank [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN [值]LOCAL PAGE [类型]REG_EXPAND_SZ [内容]%systemroot%\system32\blank.htm [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN [值]SEARCH PAGE [类型]REG_SZ [内容]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch [键]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN [值]START PAGE [类型]REG_SZ [内容]about:blank [键]HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND [值]@ [类型]REG_SZ [内容]"c:\program files\internet explorer\iexplore.exe" 被劫持1.jpg** (92.34 K) 2010-4-8 23:07:41 用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.4; CIBA)
老北京炸酱面初生襁褓狮帖子:8 注册: 2007-03-30 来自:	分享到：

networkedition 社区嘉宾帖子:36698 注册: 2008-02-28 来自:	发表于： 2010-04-09 09:28 \| 短消息资料字号：小中大 2楼回复 1F 老北京炸酱面的帖子该日志未见异常，lz将访问的地址贴上来看一下。
networkedition 社区嘉宾帖子:36698 注册: 2008-02-28 来自:

bayern1 禁止发言帖子:11 注册: 2010-03-11 来自:	发表于： 2010-04-09 16:47 \| 短消息资料字号：小中大 3楼回复: IE被劫持，请高手帮忙看下日志！该用户帖子内容已被屏蔽
bayern1 禁止发言帖子:11 注册: 2010-03-11 来自:

老北京炸酱面初生襁褓狮帖子:8 注册: 2007-03-30 来自:	发表于： 2010-04-10 08:29 \| 只看楼主短消息资料字号：小中大 4楼回复: IE被劫持，请高手帮忙看下日志！引用: 原帖由 networkedition 于 2010-4-9 9:28:00 发表该日志未见异常，lz将访问的地址贴上来看一下。被劫持1.jpg (92.38 K) 2010-4-10 8:28:39 现在一双击IE就出现这个情况，卡卡会提示网址有问题，请问怎么解决啊？
老北京炸酱面初生襁褓狮帖子:8 注册: 2007-03-30 来自:

辛达星郁锋芒艾服狮帖子:1507 注册: 2008-07-17 来自:	发表于： 2010-04-10 12:14 \| 短消息资料字号：小中大 5楼回复：IE被劫持，请高手帮忙看下日志！ SReng工具请去官网下载最新版本SREng工具使用： http://www.kztechs.com/sreng/download.html SRENG工具的各项操作看这里： http://bbs.ikaka.com/showtopic-8545446.aspx 扫描日志，以附件的形式上传论坛要深入，要专一.......
辛达星郁锋芒艾服狮帖子:1507 注册: 2008-07-17 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT