Skip to content

Instantly share code, notes, and snippets.

@repeatio

repeatio/ld_cleaner.ps1

Created August 2, 2022 09:06
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save repeatio/57170760db032de3fde39d1a31a83326 to your computer and use it in GitHub Desktop.
Save repeatio/57170760db032de3fde39d1a31a83326 to your computer and use it in GitHub Desktop.
Download ZIP
绿盾 Ldterm 备份助手
Raw
ld_cleaner.ps1
#如运行乱码,以GBK格式保存
#权限问题 先管理员运行PowerShell 调用 Set-ExecutionPolicy Unrestricted
$keys = 'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LdCdRomFilters',
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ldcore',
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LdFbsFlt',
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LdFbsMain',
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LdMFilter',
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldnetmon',
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LdTDI',
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldwfp',
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LeaderTerm',
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LeaderTermDaemon',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LdCdRomFilters',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ldcore',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LdFbsFlt',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LdFbsMain',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LdMFilter',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldnetmon',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LdTDI',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldwfp',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LeaderTerm',
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LeaderTermDaemon',
'HKEY_LOCAL_MACHINE\SOFTWARE\LDFBS',
'HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LDFBS',
'HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LdFbsTray_RASAPI32'
#批量导出注册表
function Backup-LdKeys{
$tempFolder = '.\temp'
$outputFile = '.\result\result.reg'
if (Test-Path -Path $tempFolder){
}else {
New-Item -Path ".\" -Name "temp" -ItemType "directory"
}
if (Test-Path -Path $outputFile){
}else {
New-Item -Path ".\" -Name "result" -ItemType "directory"
}
$keys | % {
$i++
& reg export $_ "$tempFolder\$i.reg"
}
'Windows Registry Editor Version 5.00' | Set-Content $outputFile
Get-Content "$tempFolder\*.reg" | ? {
$_ -ne 'Windows Registry Editor Version 5.00'
} | Add-Content $outputFile
Read-Host -Prompt "按回车键退出"
}
function Delete-LdKeys{
$confirm = Read-Host -Prompt "即将删除绿盾注册表,是否已备份?<yes/no>"
if ($confirm -eq 'yes'){
$keys | % {
$i++
& reg delete $_ /f
}
}
Read-Host -Prompt "按回车键退出"
}
$prompt = @"
如遇权限问题,先以管理员运行PowerShell,修改权限: Set-ExecutionPolicy Unrestricted
绿盾程序以两种形式运行:进程 Process 、服务 Servicce。
进程可以在任务管理器按名称排序,结束Ld开头的进程。有守护进程,会自动重启,用按键Delete删的快一点即可。
然而加密解密的 Service 还在运行,可以通过修改注册表解决。
不同版本的绿盾要修改的注册表应该不同,可自行搜索注册表进行统计。
备份绿盾注册表输入:1 删除绿盾注册表输入:2
选择
"@
$choice = Read-Host -Prompt $prompt
switch ($choice){
1 {Backup-LdKeys}
2 {Delete-LdKeys}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment