找回密码
 加入
搜索
查看: 8804|回复: 18

[AU3基础] 关于智能删除注册表启动项的问题

[复制链接]
发表于 2011-1-15 15:43:37 | 显示全部楼层 |阅读模式
就是读出HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
里面有多少启动项,,

然后只保留想要的启动项如“输入法”"双核补丁程序"等

把其它的都删除掉

应该要怎么样子写,,请老大们给点提示,或者帮助一下,, 因为已经研究很久了。。谢谢
发表于 2011-1-15 16:39:34 | 显示全部楼层
删除注册表启动项容易,但智能很难.
怎么判断启动项非法呢?文件名?数字签名?路径?
也许需要一个强大的库来进行比对
 楼主| 发表于 2011-1-15 16:54:52 | 显示全部楼层
回复 2# 3mile


    你Q多少,我加你,我有源码只是不会用
发表于 2011-1-15 17:19:13 | 显示全部楼层
回复 3# 网络凯子
源码共享一下一起研究撒
发表于 2011-1-15 17:19:42 | 显示全部楼层
整个键值全部删除就行了。这样启动更快。输入法什么的也不会受影响。
发表于 2011-1-15 21:27:03 | 显示全部楼层
本帖最后由 lixiaolong 于 2011-1-15 22:15 编辑

回复 1# 网络凯子

这样不行吗?

指定要保留的注册表值,其他的都删除.
delregkey('指定注册表项名', '不想删除的值', '不想删除的值', '不想删除的值')
delregkey($regkey, $key1, $key2, $key3)

默认能指定3个值.

注意:
不要写错要保留的值,要不然的话想保留的值也给删除了.
要不自己加个判断.

请先备份注册表再试.

$a = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

delregkey($a, 'ATKMEDIA', 'ETDWare', 'HControlUser');不想删除的值(3个)

Func delregkey($regkey, $key1, $key2, $key3)
        For $i = 1 To 100
                $key = RegEnumVal($regkey, $i)
                If @error <> 0 Then
                        MsgBox(0, 0, '删除前:' & $i & '个启动项')
                        ExitLoop
                EndIf
        Next
        $i = 1
        While 1
                $key = RegEnumVal($regkey, $i)
                If @error <> 0 Then
                        MsgBox(0, 0, '删除后:' & $i & '个启动项')
                        ExitLoop
                EndIf
                If $key = $key1 Or $key = $key2 Or $key = $key3 Then
                        $i += 1
                        ContinueLoop
                Else
                RegDelete($regkey, $key)
                EndIf
        WEnd
EndFunc   ;==>delregkey
 楼主| 发表于 2011-1-16 13:03:35 | 显示全部楼层
好东西 收藏
发表于 2011-1-16 14:06:53 | 显示全部楼层
弱弱地说下,注册表启动项的位置很多处的,并不止 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
这一处
 楼主| 发表于 2011-1-17 14:42:11 | 显示全部楼层
所以嘛,,,要整出来大家才能用嘛哈。
发表于 2011-1-22 20:26:40 | 显示全部楼层
如果只是想保留你所说的两个的话,你可以先把所有的都删除, 再新建你自己要保留的, 当然、你要保留的也可以做下判断, 看他的指定目标是不是存在 。
发表于 2011-1-22 22:08:33 | 显示全部楼层
嗯.我在网吧用的也是10楼的办法.先直接把Run删了,再建自己要留的.
也就是RegRead和RegWrite两个函数就可以解决了的.
发表于 2011-1-25 06:40:39 | 显示全部楼层
本帖最后由 netegg 于 2011-1-25 06:43 编辑

不想帖整个脚本了,你要的启动项在这些里面[大体齐了],可以自己慢慢看
"HKCU\SOFTWARE\Policies\Microsoft\Windows\SYSTEM\Scripts"
"HKCU\SOFTWARE\Policies\Microsoft\Windows\SYSTEM\Scripts\Logon"
"HKCU\SOFTWARE\Microsoft\Windows\SYSTEM\Scripts"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM\Shell"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM\Shell"
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell"
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load"
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run"
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce"
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\RunonceEx"
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions"
"HKCU\SOFTWARE\Microsoft\Command Processor\Autorun"
"HKCU\Control Panel\Desktop\Scrnsave.exe"
"HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"
"HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute"
"HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls"
"HKLM\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\ImageName"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM\Shell"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"
"HKLM\SOFTWARE\Classes\Protocols\Filter"
"HKLM\SOFTWARE\Classes\Protocols\Handler"
"HKLM\SOFTWARE\Classes\Folder\Shellex\ColumnHandlers"
"HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"
"HKLM\SOFTWARE\Microsoft\Command Processor\Autorun"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\RunonceEx"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SYSTEM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman"
"HKLM\SOFTWARE\Policies\Microsoft\Windows\SYSTEM\Scripts"
"HKLM\SOFTWARE\Policies\Microsoft\Windows\SYSTEM\Scripts\Logon"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
@StartupCommonDir
@StartupDir
发表于 2011-1-25 08:15:25 | 显示全部楼层
顶楼上的,为写启动项工具的人做出了贡献!
发表于 2011-1-25 15:33:15 | 显示全部楼层
回复 12# netegg
这么多都是启动项?
发表于 2011-1-25 16:58:13 | 显示全部楼层
收藏一下12楼的启动项资料
您需要登录后才可以回帖 登录 | 加入

本版积分规则

QQ|手机版|小黑屋|AUTOIT CN ( 鲁ICP备19019924号-1 )谷歌 百度

GMT+8, 2024-3-29 19:27 , Processed in 0.088141 second(s), 23 queries .

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表