标题: [已结]一个文件有N行.如何取行号及相来应的程序? [打印本页]
作者: zerostudy 时间: 2006-11-5 04:10 标题: [已结]一个文件有N行.如何取行号及相来应的程序?
注册表禁止EXE文件,
有一个文本文件里面保存要禁的exe文件.
1.com
1.exe
2.com
2.exe
3.com
3.exe
4.com
4.exe
5.com
5.exe
6.com
6.exe
IEXPLORE.Sys
Ravdm.exe
sxs.exe
system16.sys
要如何写成批处理.导进去注册表后.显示如下.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"="1.com"
"2"="1.exe"
"3"="2.com"
"4"="2.exe"
"5"="3.com"
"6"="3.exe"
"7"="4.com"
"8"="4.exe"
"9"="5.com"
"10"="5.exe"
"11"="6.com"
"12"="6.exe"
"13"="IEXPLORE.Sys"
"14"="Ravdm.exe"
"15"="sxs.exe"
"16"="system16.sys"
for 语句可以读出文件里的每一行..如何读取行号呢?...谢谢了.
[ Last edited by HAT on 2008-11-19 at 13:26 ]
作者: namejm 时间: 2006-11-5 04:30
关于获取行号和对应的文本,可以用下面的代码:
@echo off
set num=0
setlocal enabledelayedexpansion
for /f "delims=" %%i in (test.txt) do (
set /a num+=1
echo "!num!"="%%i"
)
pause
对注册表比较陌生,本人暂时帮不上什么忙。set num=0
setlocal enabledelayedexpansion
for /f "delims=" %%i in (test.txt) do (
set /a num+=1
echo "!num!"="%%i"
)
pause
作者: zerocq 时间: 2006-11-5 04:59
觉得做这个用vbs好点
用readline一行行读到文件尾,同时写入注册表
作者: zerostudy 时间: 2006-11-5 05:08
@echo off
set num=0
setlocal enabledelayedexpansion
for /f "delims=" %%i in (texe.txt) do (
set /a num+=1
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun /v !num! /t REG_SZ /d %%i /f
)
试了下..行了.谢谢..版主
作者: zerostudy 时间: 2006-11-5 05:12
| Quote: | |
|
这个能不能给个代码看看啊..,,.
作者: zerostudy 时间: 2006-11-5 05:22
这些都是病毒木马的程序..虽然改名了还是可以运行.但是多少有点用处..
我禁的exe文件名~~~
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"DisallowRun"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"2"="2.COM"
"3"="3.COM"
"4"="4.COM"
"5"="5.COM"
"6"="6.COM"
"7"="1.EXE"
"8"="2.EXE"
"9"="3.EXE"
"10"="4.EXE"
"11"="5.EXE"
"12"="6.EXE"
"13"="AD.EXE"
"14"="927.EXE"
"15"="923.EXE"
"16"="0SY.EXE"
"1"="1.COM"
"17"="1SY.EXE"
"18"="2SY.EXE"
"19"="3SY.EXE"
"20"="4SY.EXE"
"21"="GO1.EXE"
"22"="5SY.EXE"
"23"="TOTO.EXE"
"24"="IEPRO.EXE"
"25"="PODCASTBAR.EXE"
"26"="TUOTU.EXE"
"27"="BIZG2.EXE"
"28"="TEMP.EXE"
"29"="5001.EXE"
"30"="5002.EXE"
"31"="5003.EXE"
"32"="199016.EXE"
"33"="6007AD.EXE"
"34"="110140.EXE"
"35"="110141.EXE"
"36"="110142.EXE"
"37"="110143.EXE"
"38"="102564.EXE"
"39"="101380.EXE"
"40"="HUACAI905.EXE"
"41"="SETUP_YH0017.EXE"
"42"="NEW7F.TMP.EXE"
"43"="2014HKCMD.EXE"
"44"="RGE7.EXE"
"45"="TEMP1.EXE"
"46"="13528.EXE"
"47"="HUACAI905.EXE"
"48"="HOSTS.EXE"
"49"="CNT.EXE"
"50"="ADPOP.EXE"
"51"="JIJY.EXE"
"52"="JIJY1.EXE"
"53"="JIJY2.EXE"
"54"="JIJY3.EXE"
"55"="NONSENSER.COM"
"56"="101577.EXE"
"57"="199019002.EXE"
"58"="8144SOHU.EXE"
"59"="SETUP-XXQ.EXE"
"60"="SETUP6007.EXE"
"61"="SETUP-240.EXE"
"62"="01XB1100_1.8_SETUP.EXE"
"63"="YLIVE.EXE"
"64"="MSHOST.EXE"
"65"="D444.COM"
"66"="B642.COM"
"67"="A841.COM"
"68"="SEFINSTALL017.EXE"
"69"="MINIPPGOU.EXE"
"70"="PPGOU0610_CNS_YASSIST.EXE"
"71"="CDNUP.EXE"
"72"="KPUPDATE.EXE"
"73"="BDCJ01.EXE"
"74"="SETUP_L0029.EXE"
"75"="YBAR.EXE"
"76"="YYBAR.EXE"
"77"="RMASERVER.EXE"
"78"="RACCESS.EXE"
"79"="SYSMINI.EXE"
"80"="BDCJ01.EXE"
"81"="K16281159285256.EXE"
"82"="SETUP_KUBAO.EXE"
"83"="SKYMMSTP017.EXE"
"84"="BBMAO_1002_XXXX.EXE"
"85"="OPRAR.EXE"
"86"="EXEROUTER.EXE"
"87"="EXERT.EXE"
"88"="EXP10RER.COM"
"89"="FINDERS.COM"
"90"="G0LD.COM"
"91"="LOGO1_.EXE"
"92"="RUNDL132.EXE"
"93"="SMSS.EXE"
"94"="SVCHS0T.EXE"
"95"="WINL0GON.EXE"
"96"="BL.EXE"
"97"="DISKCHECK.EXE"
"98"="SVOHOST.EXE"
"99"="SVCH0ST.EXE"
"100"="SETUPCMD.EXE"
"101"="BBKY_KEY.EXE"
"102"="INTERNAT4.EXE"
"103"="VEEVRG.EXE"
"104"="MOI.COM"
"105"="GIMM.EXE"
"106"="W7349.COM"
"107"="W64499.COM"
"108"="XXXXXX.EXE"
"109"="SECP.EXE"
"110"="SEARCHCAR.EXE"
"111"="SOFTBOX.EXE"
"112"="SETUPCMD030.EXE"
"113"="RUN.EXE"
"114"="BIND_40211.EXE"
"115"="DN_FOR_SC.EXE"
"116"="RICH564.EXE"
"117"="PPRICH.EXE"
"118"="MTSAXINSTALLER.EXE"
"119"="SSETUP.EXE"
"120"="3256LONS.EXE"
"121"="3205LONS.EXE"
"122"="3103LONS.EXE"
"123"="MRUP.EXE"
"124"="KUCOSETUPNO3.EXE"
"125"="KW_RG_LYRIC_057.EXE"
"126"="DOALDER.EXE"
"127"="SKYMMSTP.EXE"
"128"="XP10C.TMP.EXE"
"129"="XP10F.TMP.EXE"
"130"="PIAOXUE.COM.EXE"
"131"="199016.EXE"
"132"="YASSISTSE.EXE"
"133"="SXS.EXE"
"134"="KUBAO.EXE"
"135"="PAGEFILE.PIF"
"136"="DOWNL.EXE"
"137"="MTMP.EXE"
"138"="MUMA.EXE"
"139"="QYULE.EXE"
"140"="P2PSVR.EXE"
"141"="CTFMON32.EXE"
"142"="WINLOGIN.EXE"
"143"="180AX.EXE"
"144"="JMW.EXE"
"145"="ADAWARE.EXE"
"146"="AQADCUP.EXE"
"147"="ARUPDATE.EXE"
"148"="AVSERVE"
"149"="180AX.EXE"
"150"="ACTALERT.EXE"
"151"="ADAWARE.EXE"
"152"="ALCHEM.EXE"
"153"="ALEVIR.EXE"
"154"="AQADCUP.EXE"
"155"="ARCHIVE.EXE"
"156"="ARR.EXE"
"157"="ARUPDATE.EXE"
"158"="ASM.EXE"
"159"="AV.EXE"
"160"="AVSERVE.EXE"
"161"="AVSERVE2.EXE"
"162"="BACKWEB.EXE"
"163"="BARGAINS.EXE"
"164"="BASFIPM.EXE"
"165"="BELT.EXE"
"166"="BIPREP.EXE"
"167"="BLSS.EXE"
"168"="BOKJA.EXE"
"169"="BOOTCONF.EXE"
"170"="BPC.EXE"
"171"="BRASIL.EXE"
"172"="BRIDGE.DLL"
"173"="BUDDY.EXE"
"174"="BUGSFIX.EXE"
"175"="BUNDLE.EXE"
"176"="BVT.EXE"
"177"="CASHBACK.EXE"
"178"="CDAENGINE"
"179"="CMD32.EXE"
"180"="CMESYS.EXE"
"181"="CONIME.EXE"
"182"="CONSCORR.EXE"
"183"="CRSS.EXE"
"184"="CXTPLS.EXE"
"185"="DATEMANAGER.EXE"
"186"="DCOMX.EXE"
"187"="DESKTOP.EXE"
"188"="DIRECTS.EXE"
"189"="DIVX.EXE"
"190"="DLLREG.EXE"
"191"="DMSERVER.EXE"
"192"="DPI.EXE"
"193"="DSSAGENT.EXE"
"194"="DVDKEYAUTH.EXE"
"195"="EMSW.EXE"
"196"="EXDL.EXE"
"197"="EXEC.EXE"
"198"="EXP.EXE"
"199"="EXPLORE.EXE"
"200"="EXPLORED.EXE"
"201"="FASH.EXE"
"202"="FFISEARCH.EXE"
"203"="FNTLDR.EXE"
"204"="FSG_4104.EXE"
"205"="FVPROTECT.EXE"
"206"="GATOR.EXE"
"207"="GMT.EXE"
"208"="GOIDR.EXE"
"209"="HBINST.EXE"
"210"="HBSRV.EXE"
"211"="HWCLOCK.EXE"
"212"="HXDL.EXE"
"213"="HXIUL.EXE"
"214"="IEDLL.EXE"
"215"="IEDRIVER.EXE"
"216"="IEHOST.EXE"
"217"="IEXPLORER.EXE"
"218"="INFUS.EXE"
"219"="INFWIN.EXE"
"220"="INTDEL.EXE"
"221"="ISASS.EXE"
"222"="ISTSVC.EXE"
"223"="JAWA32.EXE"
"224"="JDBGMRG.EXE"
"225"="KAZZA.EXE"
"226"="KEENVALUE.EXE"
"227"="KERNEL32.EXE"
"228"="LASS.EXE"
"229"="LMU.EXE"
"230"="LOADER.EXE"
"231"="LSSAS.EXE"
"232"="MAPISVC32.EXE"
"233"="MARIO.EXE"
"234"="MD.EXE"
"235"="MFIN32.EXE"
"236"="MMOD.EXE"
"237"="MOSTAT.EXE"
"238"="MSAPP.EXE"
"239"="MSBB.EXE"
"240"="MSBLAST.EXE"
"241"="MSCACHE.EXE"
"242"="MSCCN32.EXE"
"243"="MSCMAN.EXE"
"244"="MSDM.EXE"
"245"="MSGFIX.EXE"
"246"="MSIEXEC16.EXE"
"247"="MSINFO.EXE"
"248"="MSLAGENT.EXE"
"249"="MSLAUGH.EXE"
"250"="MSMC.EXE"
"251"="MSMGT.EXE"
"252"="MSMSGRI32.EXE"
"253"="MSN.EXE"
"254"="MSREXE.EXE"
"255"="MSSVC32.EXE"
"256"="MSSYS.EXE"
"257"="MSVXD.EXE"
"258"="MWSOEMON.EXE"
"259"="MWSVM.EXE"
"260"="NETD32.EXE"
"261"="NLS.EXE"
"262"="NSSYS32.EXE"
"263"="NSTASK32.EXE"
"264"="NSUPDATE.EXE"
"265"="NTFS64.EXE"
"266"="NTOSA32.EXE"
"267"="OMNISCIENT.EXE"
"268"="ONSRVR.EXE"
"269"="OPTIMIZE.EXE"
"270"="P2PNETWORKING.EXE"
"271"="PCSVC.EXE"
"272"="PGMONITR.EXE"
"273"="PIB.EXE"
"274"="POWERSCAN.EXE"
"275"="PRIZESURFER.EXE"
"276"="PRMT.EXE"
"277"="PRMVR.EXE"
"278"="RAY.EXE"
"279"="RB32.EXE"
"280"="RCSYNC.EXE"
"281"="RK.EXE"
"282"="RUN32DLL.EXE"
"283"="RUNDLL16.EXE"
"284"="RUXDLL32.EXE"
"285"="SAAP.EXE"
"286"="SAHAGENT.EXE"
"287"="SAIE.EXE"
"288"="SAIS.EXE"
"289"="SALM.EXE"
"290"="SATMAT.EXE"
"291"="SAVE.EXE"
"292"="SAVENOW.EXE"
"293"="SCAM32.EXE"
"294"="SCRSVR.EXE"
"295"="SCVHOST.EXE"
"296"="SEARCHUPDATE33.EXE"
"297"="SEARCHUPGRADER.EXE"
"298"="SOAP.EXE"
"299"="SPOLER.EXE"
"300"="SSK.EXE"
"301"="STCLOADER.EXE"
"302"="SUSP.EXE"
"303"="SVC.EXE"
"304"="SYNCROAD.EXE"
"305"="SYSFIT.EXE"
"306"="SYSTEM.EXE"
"307"="SYSTEM32.EXE"
"308"="TB_SETUP.EXE"
"309"="TBPS.EXE"
"310"="TEEKIDS.EXE"
"311"="TIBS3.EXE"
"312"="TRICKLER.EXE"
"313"="TS.EXE"
"314"="TS2.EXE"
"315"="TSA.EXE"
"316"="TSADBOT.EXE"
"317"="TSL.EXE"
"318"="TSM2.EXE"
"319"="TVM.EXE"
"320"="TVMD.EXE"
"321"="TVTMD.EXE"
"322"="UPDATER.EXE"
"323"="UPDMGR.EXE"
"324"="VVSN.EXE"
"325"="WAST.EXE"
"326"="WEB.EXE"
"327"="WEBDAV.EXE"
"328"="WEBREBATES.EXE"
"329"="WEBREBATES0.EXE"
"330"="WIN-BUGSFIX.EXE"
"331"="WIN_UPD2.EXE"
"332"="WIN32.EXE"
"333"="WIN32US.EXE"
"334"="WINACTIVE.EXE"
"335"="WINAD.EXE"
"336"="WINADALT.EXE"
"337"="WINADCTL.EXE"
"338"="WINADTOOLS.EXE"
"339"="WINDIRECT.EXE"
"340"="WINDOWS.EXE"
"341"="WINGO.EXE"
"342"="WININETD.EXE"
"343"="WININIT.EXE"
"344"="WINLOCK.EXE"
"345"="WINLOGIN.EXE"
"346"="WINMAIN.EXE"
"347"="WINNET.EXE"
"348"="WINPPR32.EXE"
"349"="WINRARSHELL32.EXE"
"350"="WINRATCHET.EXE"
"351"="WINSCHED.EXE"
"352"="WINSERVN.EXE"
"353"="WINSHOST.EXE"
"354"="WINSSK32.EXE"
"355"="WINSTART.EXE"
"356"="WINSTART001.EXE"
"357"="WINSTATKEEP.EXE"
"358"="WINTASKAD.EXE"
"359"="WINTIME.EXE"
"360"="WINTSK32.EXE"
"361"="WINUPDATE.EXE"
"362"="WINUPDT.EXE"
"363"="WINUPDTL.EXE"
"364"="WINXP.EXE"
"365"="WMON32.EXE"
"366"="WNAD.EXE"
"367"="WO.EXE"
"368"="WOVAX.EXE"
"369"="WSUP.EXE"
"370"="WSXSVC.EXE"
"371"="WTOOLSA.EXE"
"372"="WTOOLSA.EXE"
"373"="WTOOLSS.EXE"
"374"="WUAMGRD.EXE"
"375"="WUPDATE.EXE"
"376"="WUPDATER.EXE"
"377"="WUPDMGR.EXE"
"378"="WUPDT.EXE"
作者: vkill 时间: 2006-11-5 05:28
这个就是组策略禁止运行程序
作者: namejm 时间: 2006-11-5 05:28
既然你都给出reg内容了,那就很好办了:前6行用echo直接写入一个reg文件,然后,把第6行之后的内容用2F的代码来追加就可以了。
作者: lxmxn 时间: 2006-11-5 05:33
与其限定这么多的木马程序,还不如装一个杀毒软件。
木马的文件名千变万化,用这个方法未免欠妥~
作者: zerostudy 时间: 2006-11-5 05:33
是啊.组策略禁止运行程序
.这些从网盟里找到的..有一个N人总结出来的病毒或者是其他广告木马盗名什么的进程名...不过只是给出进程名..一个一个来好难啊..版主的@echo off
set num=0
setlocal enabledelayedexpansion
for /f "delims=" %%i in (test.txt) do (
set /a num+=1
echo "!num!"="%%i"
)
pause
这个不错.可以生成""=""这种格式
杀毒软件虽然好..要是内存不多的话.开着杀软速度有点慢吧..虽然病毒名千变万化.不过还是有点用的...
[ Last edited by zerostudy on 2006-11-5 at 05:36 AM ]
作者: vkill 时间: 2006-11-5 05:50
| Quote: | |
|
网盟=wglm???
这个用在网吧还是起作用的,个人用吗,用处不大
作者: tianyadgt 时间: 2008-11-19 12:36 标题: 学习
学习了!