本帖最后由 踏沙行 于 2018-12-28 19:19 编辑
已知:"C:\Users\Administrator\Desktop\要删除的趋势注册表信息\officescan.txt"的内容如下- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\OfficeScan NT
- HKEY_CLASSES_ROOT\CLSID\{AF4F7471-FCFB-11d0-80B6-0080C838D5F9}\InProcServer32, , C:\Program Files (x86)\AsiaInfo\OfficeScan Client\TmdShell_64x.dll
- HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\OfficeScan NT
- HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\OfficeScan NT
- HKEY_CLASSES_ROOT\TypeLib\{A00B957E-3315-46CB-B090-9EF2187641E2}\1.0\0\win32, , C:\Program Files (x86)\AsiaInfo\OfficeScan Client\perfiCrcPerfMonMgr.dll
- HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{A00B957E-3315-46CB-B090-9EF2187641E2}\1.0\0\win32, , C:\Program Files (x86)\AsiaInfo\OfficeScan Client\perfiCrcPerfMonMgr.dll
- HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3\1\1, 1, 68 00 31 00 00 00 00 00 96 4d 11 2a 10 00 4f 46 46 49 43 45 7e 31 00 00 50 00 08 00 04 00 ef be 96 4d 33 11 96 4d 11 2a 2a 00 00 00 1e 56 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4f 00 66 00 66 00 69 00 63 00 65 00 53 00 63 00 61 00 6e 00 20 00 43 00 6c 00 69 00 65 00 6e 00 74 00 00 00 18 00 00 00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2, ProgramsCache, 13 00 00 00 c3 53 5b 62 48 ab c1 4e ba 1f a1 ef 41 46 fc 19 00 80 00 00 00 7e 00 31 00 00 00 00 00 93 4d 30 2f 11 00 50 72 6f 67 72 61 6d 73 00 00 66 00 08 00 04 00 ef be 8f 4d 5b 1c 93 4d 30 2f 2a 00 00 00 3a 02 00 00 00 00 07 00 00 00 00 00 00 00 00 00 3c 00 00 00 00 00 50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 73 00 00 00 40 00 73 00 68 00 65 00 6c 00 6c 00 33 00 32 00 2e 00 64 00 6c 00 6c 00 2c 00 2d 00 32 00 31 00 37 00 38 00 32 00 00 00 18 00 00 00 01 2e 02 00 00 2c 02 32 00 39 05 00 00 92 4d 13 03 20 00 49 4e 54 45 52 4e 7e 32 2e 4c 4e 4b 00 00 a6 00 08 00 04 00 ef be 8f 4d 62 1c 8f 4d 62 1c 2a 00 00 00 73 19 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 56 00 00 00 00 00 49 00 6e 00 74 00 65 00 72 00 6e 00 65 00 74 00 20 00 45 00 78 00 70 00 6c 00 6f 00 72 00 65 00 72 00 2e 00 6c 00 6e 00 6b 00 00 00 40 00 43 00 3a 00 5c 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 5c 00 53 00 79 00 73 00 74 00 65 00 6d 00 33 00 32 00 5c 00 69 00 65 00 34 00 75 00 69 00 6e 00 69 00 74 00 2e 00 65 00 78 00 65 00 2c 00 2d 00 37 00 33 00 34 00 00 00 1c 00 6a 01 05 00 0b 00 ef be 00 00 00 00 00 00 00 00 43 00 3a 00 5c 00 50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 46 00 69 00 6c 00 65 00 73 00 5c 00 49 00 6e 00 74 00 65 00 72 00 6e 00 65 00 74 00 20 00 45 00 78 00 70 00 6c 00 6f 00 72 00 65 00 72 00 5c 00 69 00 65 00 78 00 70 00 6c 00 6f 00 72 00 65 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 49 00 6e 00 74 00 65 00 72 00 6e 00 65 00 74 00 45 00 78 00 70 00 6c 00 6f 00 72 00 65 00 72 00 2e 00 44 00 65 00 66 00 61 00 75 00 6c 00 74 00 00 00 00 00 cf ca e9 5c 33 98 d4 01 4b a6 7e 29 27 94 d4 01 01 00 00 00 01 00 00 00 00 00 00 00 7b 00 36 00 44 00 38 00 30 00 39 00 33 00 37 00 37 00 2d 00 36 00 41 00 46 00 30 00 2d 00 34 00 34 00 34 00 42 00 2d 00 38 00 39 00 35 00 37 00 2d 00 41 00 33 00 37 00 37 00 33 00 46 00 30 00 32 00 32 00 30 00 30 00 45 00 7d 00 5c 00 49 00 6e 00 74 00 65 00 72 00 6e 00 65 00 74 00 20 00 45 00 78 00 70 00 6c 00 6f 00 72 00 65 00 72 00 5c 00 69 00 65 00 78 00 70 00 6c 00 6f 00 72 00 65 00 2e 00 65 00 78 00 65 00 00 00 00 00 00 00 1c 00 00 00 00 04 01 00 00 7e 00 31 00 00 00 00 00 93 4d 30 2f 11 00 50 72 6f 67 72 61 6d 73 00 00 66 00 08 00 04 00 ef be 8f 4d 5b 1c 93 4d 30 2f 2a 00 00 00 3a 02 00 00 00 00 07 00 00 00 00 00 00 00 00 00 3c 00 00 00 00 00 50 00 72 00 6f 00 67 00 72 00 61 00 6d 00 73 00 00 00 40 00 73 00 68 00 65 00 6c 00 6c 00 33 00 32 00 2e 00 64 00 6c 00 6c 00 2c 00 2d 00 32 00 31 00 37 00 38 00 32 00 00 00 18 00 84 00 31 00 00 00 00 00 ee 3a d1 26 11 00 41 43 43 45 53 53 7e 31 00 00 6c 00 08 00 04 00 ef be 8f 4d 5b 1c 8f 4d 5b 1c 2a 00 00 00 3c 02 00 00 00 00 05 00 00 00 00 00 00 00 00 00 42 00 00 00 00 00 41 00 63 00 63 00 65 00 73 00 73 00 6f 00 72 00 69 00 65 00 73 00 00 00 40 00 73 00 68 00 65 00 6c 00 6c 00 33 00 32 00 2e 00 64 00 6c 00 6c 00 2c 00 2d 00 32 00 31 00 37 00 36 00 31 00 00 00 18 00 00 00 01 c0 01 00 00 be 01 32 00 00 05 00 00 ee 3a ce 26 20 00 43 4f 4d 4d 41 4e 7e 31 2e 4c 4e 4b 00 00 7a 00 08 00 04 00 ef be 8f 4d
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {AF4F7471-FCFB-11d0-80B6-0080C838D5F9}, OfficeScan NT
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP, InstallDir, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\CCSF\
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\AntiSpam\config, RulePath, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\AspmData\
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\MailManager\config, DisclaimerSubject, Trend Micro OfficeScan detected and took action on a malicious email
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A00B957E-3315-46CB-B090-9EF2187641E2}\1.0\0\win32, , C:\Program Files (x86)\AsiaInfo\OfficeScan Client\perfiCrcPerfMonMgr.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, OfficeScanNT Monitor, "C:\Program Files (x86)\AsiaInfo\OfficeScan Client\pccntmon.exe" -HideWindow
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, OfficeScanNT Monitor, "C:\Program Files (x86)\AsiaInfo\OfficeScan Client\pccntmon.exe" -HideWindow
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT, UninstallString, "C:\Program Files (x86)\AsiaInfo\OfficeScan Client\ntrmv.exe"
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT, DisplayIcon, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\Pccntmon.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion, Application Path, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion, VirtualPath, /officescan/cgi
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc., ProductName, OfficeScan (common client)
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration, VSApiNTHome, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\TMNotify, CategoryMessageFile, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\TMNotify.dll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\TMNotify, EventMessageFile, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\TMNotify.dll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\TMNotify, ParameterMessageFile, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\TMNotify.dll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ntrtscan, ImagePath, "C:\Program Files (x86)\AsiaInfo\OfficeScan Client\ntrtscan.exe"
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ntrtscan, DisplayName, OfficeScan NT RealTime Scan
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Perf_iCrcPerfMonMgr\Performance, Library, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\perfiCrcPerfMonMgr.dll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmccsf, ImagePath, "C:\Program Files (x86)\AsiaInfo\OfficeScan Client\CCSF\tmccsf.exe"
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmccsf, DisplayName, OfficeScan Common Client Solution Framework
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TmFilter, ImagePath, \??\C:\Program Files (x86)\AsiaInfo\OfficeScan Client\TmXPFlt.sys
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TmFilter, CurrentPatternName, C:\Program Files (x86)\AsiaInfo\OfficeScan Client\ssaptn.910
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmlisten, ImagePath, "C:\Program Files (x86)\AsiaInfo\OfficeScan Client\tmlisten.exe"
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmlisten, DisplayName, OfficeScan NT Listener
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TmPreFilter, ImagePath, \??\C:\Program Files (x86)\AsiaInfo\OfficeScan Client\TmPreFlt.sys
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmumh, HPCCache, \Device\HarddiskVolume1\Program Files (x86)\AsiaInfo\OfficeScan Client\CCSF\module\20019\hpc.ts
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmumh, DCLCache, \Device\HarddiskVolume1\Program Files (x86)\AsiaInfo\OfficeScan Client\CCSF\module\20019\dcl.ts
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSApiNt, ImagePath, \??\C:\Program Files (x86)\AsiaInfo\OfficeScan Client\VSApiNt.sys
复制代码 【目的】筛选出只有注册表项的行,筛选条件:行中没有逗号
【代码1】- type "C:\Users\Administrator\Desktop\要删除的趋势注册表信息\officescan.txt"|sed -n "/,/!p"
复制代码 【结果】正确,结果如下:- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\OfficeScan NT
- HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\OfficeScan NT
- HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\OfficeScan NT
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OfficeScanNT
复制代码 ============
【代码2】- Setlocal enabledelayedexpansion
- type "C:\Users\Administrator\Desktop\要删除的趋势注册表信息\officescan.txt"|sed -n "/,/!p"
复制代码 【结果】错误,结果把所有内容全部显示出来了
===========
【疑惑】为什么Setlocal enabledelayedexpansion会导致结果出错呢?根本原因在哪里? |