DBNT云维护技术支持 - 深圳市聚源科技有限公司

 找回密码
 立即注册

QQ登录

只需一步,快速开始

服务器被入侵检测

[原创] 牛牛的一个BAT 看不到别用哈!!前提是你会自己修改哦

[复制链接]
匿名  发表于 2019-8-23 19:23:20 |阅读模式
echo off
:begin
cls
Echo ---------------------------------
Echo I   1 判断病毒文件和注册表      I
Echo I   2 ie首页相关                I
Echo I   3 修复ie首页                I
Echo I   4 打开浏览器配置目录        I
Echo ---------------------------------
Set /P var=
If not "%var%"=="" (
  If "%var%"=="1"  goto 判断
  If "%var%"=="2"  goto ie首页
  If "%var%"=="3"  goto 修复ie首页
  If "%var%"=="4"  goto 打开浏览器配置目录
)
goto :begin

:判断
echo 判断病毒文件和注册表
if exist "%ProgramFiles%\Common Files\System\safemonn64.dll" echo safemonn64.dll safemonn64.dll  存在
if exist %windir%\AppPatch\MexLayout.dll echo MexLayout.dll  存在
if exist %windir%\system32\usb4399.sys echo usb4399.sys  存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb4399"
if exist %windir%\system32\DRIVERS\usb4399.sys echo usb4399.sys  存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb4399"
if exist %windir%\system32\fhdisbfasu.sys echo fhdisbfasu.sys  存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fhdisbfasu"
if exist %windir%\system32\FDSOIvdaosifid.sys echo FDSOIvdaosifid.sys  存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDSOIvdaosifid"
if exist %windir%\system32\DRIVERS\PGFltMgr.sys echo PGFltMgr.sys  存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PGFltMgr"
if exist %windir%\system32\DRIVERS\mssafel.sys echo mssafel.sys  存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssafel"
if exist %windir%\System32\GroupPolicy\Machine\Registry.pol echo Registry.pol  存在
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v DefaultSearchProviderSearchURL

dir  %windir%\system32\DRIVERS\usb*.sys
dir  %windir%\system32\DRIVERS\hp*.sys

if exist %appdata%\pcmaster echo 软媒魔方  存在
reg query HKEY_CURRENT_USER\Software\RuanMei
echo UC浏览器推广id
reg query "HKEY_LOCAL_MACHINE\Software\Wow6432Node\UCBrowserPID"
reg query "HKEY_CURRENT_USER\Software\UCBrowserPID"
echo UC浏览器配置文件
if exist "C:\Program Files (x86)\UCBrowser\Application\Share\Custom.dat" echo Custom.dat  存在
if exist "C:\Program Files (x86)\UCBrowser\Application\Share\Config.dat" echo Config.dat  存在
goto exit

:ie首页
echo ie其他
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Search Bar"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Search Page"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Search_URL"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Start Page"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Search Bar"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Search Page"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Default_Search_URL"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Start Page"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Search Bar"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Search Page"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Default_Page_URL"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Default_Search_URL"
reg query "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command"

echo Windows10 禁止修改首页(如果含内容)
reg query "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages"
::[HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer]

echo 禁用更改主页 正常值“HomePage”的DWORD值,值为“00000000”
reg query "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v "HomePage"
reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v "HomePage"

echo ie首页修改后无法保存
......未完 自己下载文件

主页查询.zip

1.98 KB, 下载次数: 4, 下载积分: 金币 -3 个

回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

DBNT云维护技术支持 - 深圳市聚源科技有限公司 ( 粤ICP备17103197号-2 )

GMT+8, 2019-10-18 03:20 , Processed in 4.835092 second(s), 27 queries .

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表