更多精彩文章请关注公众号『大海的BLOG』
1、编写语言:PHP
2、使用范围:浏览器主页被其他主页劫持
3、使用方法:复制代码→新建文档、保存→右键重命名→更改后缀名为bat→右键以管理员身份运行
echo off
:begin
cls
Echo ---------------------------------
Echo I 1 判断病毒文件和注册表 I
Echo I 2 ie首页相关 I
Echo I 3 修复ie首页 I
Echo I 4 打开浏览器配置目录 I
Echo ---------------------------------
Set /P var=
If not "%var%"=="" (
If "%var%"=="1" goto 判断
If "%var%"=="2" goto ie首页
If "%var%"=="3" goto 修复ie首页
If "%var%"=="4" goto 打开浏览器配置目录
)
goto :begin
:判断
echo 判断病毒文件和注册表等
if exist "%ProgramFiles%\Common Files\System\safemonn64.dll" echo safemonn64.dll safemonn64.dll 存在
if exist %windir%\AppPatch\MexLayout.dll echo MexLayout.dll 存在
if exist %windir%\system32\usb4399.sys echo usb4399.sys 存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb4399"
if exist %windir%\system32\DRIVERS\usb4399.sys echo usb4399.sys 存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb4399"
if exist %windir%\system32\fhdisbfasu.sys echo fhdisbfasu.sys 存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fhdisbfasu"
if exist %windir%\system32\FDSOIvdaosifid.sys echo FDSOIvdaosifid.sys 存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDSOIvdaosifid"
if exist %windir%\system32\DRIVERS\PGFltMgr.sys echo PGFltMgr.sys 存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PGFltMgr"
if exist %windir%\system32\DRIVERS\mssafel.sys echo mssafel.sys 存在
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssafel"
if exist %windir%\System32\GroupPolicy\Machine\Registry.pol echo Registry.pol 存在
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome" /v DefaultSearchProviderSearchURL
dir %windir%\system32\DRIVERS\usb*.sys
dir %windir%\system32\DRIVERS\hp*.sys
if exist %appdata%\pcmaster echo 软媒魔方 存在
reg query HKEY_CURRENT_USER\Software\RuanMei
echo UC浏览器推广id
reg query "HKEY_LOCAL_MACHINE\Software\Wow6432Node\UCBrowserPID"
reg query "HKEY_CURRENT_USER\Software\UCBrowserPID"
echo UC浏览器配置文件
if exist "C:\Program Files (x86)\UCBrowser\Application\Share\Custom.dat" echo Custom.dat 存在
if exist "C:\Program Files (x86)\UCBrowser\Application\Share\Config.dat" echo Config.dat 存在
goto exit
:ie首页
echo ie首页其他
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Search Bar"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Search Page"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Search_URL"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Start Page"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Search Bar"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Search Page"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /v "Default_Search_URL"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Start Page"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Search Bar"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Search Page"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Default_Page_URL"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Default_Search_URL"
reg query "HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command"
echo Windows10 禁止修改首页(如果内包含内容)
reg query "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages"
::[HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer]
echo 禁用更改主页设置 正常值“HomePage”的DWORD值,值为“00000000”
reg query "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v "HomePage"
reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v "HomePage"
echo ie首页修改后无法保存
reg query "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /v "Start Page"
reg query "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main" /v "First Home Page"
reg query "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main" /v "Default_Page_URL"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /v "Start Page"
reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main" /v "First Home Page"
reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main" /v "Default_Page_URL"
echo Windows10中查看到的现象
reg query "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
echo 继续查看其他IE配置路径
pause
echo 其他IE配置路径
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer"
reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN"
reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"
reg query "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer"
reg query "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main"
reg query "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel"
goto exit
:修复ie首页
echo 修复禁用更改主页设置
reg DELETE "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel" /f /v "HomePage"
reg DELETE "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel" /f /v "HomePage"
echo 修复ie首页修改后无法保存
reg DELETE "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main" /f /v "Start Page"
reg DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /f /v "Start Page"
reg DELETE "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main" /f /v "First Home Page"
reg DELETE "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main" /f /v "Default_Page_URL"
reg DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /f /v "Start Page"
reg DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /f /v "Search Bar"
reg DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /f /v "Search Page"
reg DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /f /v "Default_Page_URL"
reg DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /f /v "Default_Search_URL"
reg DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /f /v "Start Page"
reg DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /f /v "Search Bar"
reg DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /f /v "Search Page"
reg DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /f /v "Default_Page_URL"
reg DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" /f /v "Default_Search_URL"
reg DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /f /v "Start Page"
reg DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /f /v "Search Bar"
reg DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /f /v "Search Page"
reg DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /f /v "Default_Page_URL"
reg DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" /f /v "Default_Search_URL"
::edge homepage
reg DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP" /f
reg DELETE "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /f
reg DELETE "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" /f
goto exit
:打开浏览器配置目录
echo 打开浏览器配置目录
if exist "%USERPROFILE%\AppData\Roaming\Mozilla\Firefox\Profiles" explorer "%USERPROFILE%\AppData\Roaming\Mozilla\Firefox\Profiles"
:: 该目录删除后并不影响配置 > %USERPROFILE%\AppData\Local\Mozilla
::\xxxxxxxx.default\prefs.js
::\xxxxxxxx.default\user.js
if exist "%USERPROFILE%\AppData\Local\Google\Chrome" explorer "%USERPROFILE%\AppData\Local\Google\Chrome"
if exist "%USERPROFILE%\AppData\Roaming\360se6" explorer "%USERPROFILE%\AppData\Roaming\360se6"
if exist "%USERPROFILE%\AppData\Local\360Chrome\Chrome" explorer "%USERPROFILE%\AppData\Local\360Chrome\Chrome"
if exist "%USERPROFILE%\AppData\Roaming\SogouExplorer" explorer "%USERPROFILE%\AppData\Roaming\SogouExplorer"
if exist "%USERPROFILE%\AppData\Local\2345Explorer" explorer "%USERPROFILE%\AppData\Local\2345Explorer"
if exist "%USERPROFILE%\AppData\Local\Tencent\QQBrowser" explorer "%USERPROFILE%\AppData\Local\Tencent\QQBrowser"
if exist "%USERPROFILE%\AppData\Local\UCBrowser" explorer "%USERPROFILE%\AppData\Local\UCBrowser"
if exist "%ProgramFiles%\Internet Explorer" explorer "%ProgramFiles%\Internet Explorer"
goto exit
:exit
pause
goto :begin更多精彩文章请关注公众号『大海的BLOG』
