UC知道帮我反安装这些注册表键或值 写成Bat命令或Reg
来源:百度知道 编辑:UC知道 时间:2024/06/14 11:44:30
原恶意Bat导入的Reg为以下这些
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}]
"CLSID"="{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
"Default Visible"="Yes"
"ButtonText"="QQ百度免费电影网"
"Exec"="http://www.qqbaidu.net"
"HotIcon"="%windir%\\system32\\521yy.ICO"
"Icon"="%windir%\\system32\\521yy.ICO"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes&quo
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}]
"CLSID"="{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
"Default Visible"="Yes"
"ButtonText"="QQ百度免费电影网"
"Exec"="http://www.qqbaidu.net"
"HotIcon"="%windir%\\system32\\521yy.ICO"
"Icon"="%windir%\\system32\\521yy.ICO"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes&quo
对于注册表的第一段,我没有办法,你还是要自己想办法删除(不过其实可以一整段删除,不算太难的)
但后面的三段,用以下的放到记事本,存为save.reg运行注入到注册表里(记住先做好备份),应该就没问题了
不过你的第三段把你的dos和regedit都禁用了,都不知道还能不能直接注入注册表......
如果能注入,之后regedit就能用了,然后就可以把第一段手工删除了
呼,写得累死我了......
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000000
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"