menghidden drive (USB/Hardisk/Optical Drive)
untuk mengembalikan ke keadaan semula :
untuk regedit di disable :
- buka command prompt : start > run, ketik cmd
ketik di command prompt kode berikut, kemudian enter
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
* Click Start, Run and type gpedit.msc and press ENTER * Go to the following location: User Configuration | Administrative Templates | System * Double-click Disable registry editing tools and set it to Not Configured * Exit the Group Policy Editor |
untuk task manager di disable :
lakukan cara enable regedit diatas apabila regedit di disable
kemudian buka regedit : start > run, ketik regedit
dari jendela registry editor : klik edit > find
isi dengan :
taskmgr |
apabila pencarian blm berhasil tekan tombol F3 di keyboard sampai ketemu key :
disable taskmgr |
pastikan key tersebut berisi value (1)
kalau sudah ketemu, double klik key tsb dan ganti value menjadi (0)
atau bisa dihapus key tsb (klo memang udah kelewatan jengkelnya)
untuk menampilkan drive yang di hidden gunakan tweak UI dari microsoft (free)
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx |
atau kalau ga mau ribet copy paste aja script ini ke notepad & save as type = all files, file name = "apaaja.vbs" (tanpa tanda kutip, apaaja=beri nama bebas sekehendak hati) kemudian jalanin (dobel klik)
*beberapa antivirus mempunyai false alarm & menganggap script ini sebagai virus, ignore aja*on error resume next
Dim fso, WshShell, FlashDisk, Drives, winpath
Dim autoruninf, dekstopini
Set fso = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("Wscript.Shell")
Set Drives = fso.drives
Set winpath = fso.GetSpecialFolder(0)
Smwc = "\Software\Microsoft\Windows\CurrentVersion\"
Smwnc = "\Software\Microsoft\Windows NT\CurrentVersion\"
Spmw = "\Software\Policies\Microsoft\Windows\"
Spmn = "\Software\Policies\Microsoft\Windows NT\"
Smie = "\Software\Microsoft\Internet Explorer\"
Hsmwci = "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\"
WshShell.RegWrite "HKCR\.lnk\", "lnkfile"
WshShell.RegWrite "HKCR\.vbs\", "VBSFile"
WshShell.RegWrite "HKCR\vbsfile\", "VBScript Script File"
WshShell.RegWrite "HKCR\vbsfile\DefaultIcon", "%SystemRoot%\System32\WScript.exe,2"
WshShell.RegWrite "HKCR\vbsfile\FriendlyTypeName", "@%SystemRoot%\System32\wshext.dll,-4802", "REG_EXPAND_SZ"
WshShell.RegDelete "HKCR\vbsfile\NeverShowExt"
WshShell.RegWrite "HKCR\inffile\shell\Install\command\", "%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1"
WshShell.RegWrite "HKLM\Software\CLASSES\batfile\shell\open\command\", """%1"" %*"
WshShell.RegWrite "HKLM\Software\CLASSES\comfile\shell\open\command\", """%1"" %*"
WshShell.RegWrite "HKLM\Software\CLASSES\exefile\shell\open\command\", """%1"" %*"
WshShell.RegWrite "HKLM\Software\CLASSES\piffile\shell\open\command\", """%1"" %*"
WshShell.RegWrite "HKLM\Software\CLASSES\scrfile\shell\open\command\", """%1"" %*"
WshShell.RegWrite "HKCR\regfile\shell\open\command\", "regedit.exe ""%1"""
WshShell.RegWrite "HKCR\VBSFile\shell\edit\command\", "notepad.exe ""%1"""
WshShell.RegWrite "HKLM"&Smwc&"Policies\Explorer\RestrictRun", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Policies\Explorer\RestrictRun", "0", "REG_DWORD"
WshShell.RegWrite "HKLM"&Smwc&"Policies\Explorer\DisallowRun", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Policies\Explorer\DisallowRun", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Policies\Explorer\NoFileAssociate", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Explorer\Advanced\Hidden", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Explorer\Advanced\HideFileExt", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Explorer\Advanced\SuperHidden", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Explorer\Advanced\ShowSuperHidden", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Explorer\Advanced\Start_ShowRun", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Explorer\Advanced\Start_ShowSearch", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Explorer\Advanced\Start_ShowHelp", "1", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smwc&"Explorer\Advanced\HideIcons", "0", "REG_DWORD"
WshShell.RegWrite "HKCU"&Smie&"Main\Start Page", "about:blank"
WshShell.RegWrite "HKLM"&Smwnc&"Winlogon\Shell", "Explorer.exe"
WshShell.RegWrite "HKLM"&Smwnc&"Winlogon\Userinit", winpath & "\system32\userinit.exe,"
WshShell.RegWrite "HKLM"&Smwnc&"Winlogon\Shell", "Explorer.exe"
WshShell.RegWrite "HKLM"&Smwc&"App Paths\HELPCTR.EXE\", winpath & "\PCHealth\HelpCtr\Binaries\helpctr.exe"
WshShell.RegWrite "HKLM"&Smwc&"App Paths\HELPCTR.EXE\Path", winpath & "\PCHealth\HelpCtr\Binaries\"
WshShell.RegWrite "HKLM"&Smwc&"App Paths\MSCONFIG.EXE\", winpath & "\PCHealth\HelpCtr\Binaries\msconfig.exe"
WshShell.RegWrite "HKLM"&Smwc&"App Paths\MSCONFIG.EXE\Path", winpath & "\PCHealth\HelpCtr\Binaries\"
WshShell.RegWrite "HKLM"&Smwnc&"SystemRestore\DisableSR", "0", "REG_DWORD"
WshShell.RegDelete "HKLM"&Smwc&"App Paths\regedit.exe\"
WshShell.RegDelete "HKLM"&Smwc&"App Paths\regedt32.exe\"
WshShell.RegDelete "HKLM"&Spmn&"SystemRestore\DisableSR"
WshShell.RegDelete "HKLM"&Smwc&"Policies\Explorer\NoLogOff"
WshShell.RegDelete "HKLM"&Smwc&"Policies\Explorer\NoControlPanel"
WshShell.RegDelete "HKLM"&Smwc&"Winlogon\LegalNoticeCaption"
WshShell.RegDelete "HKLM"&Smwc&"Winlogon\LegalNoticeText"
WshShell.RegDelete "HKLM"&Smwnc&"Winlogon\LegalNoticeCaption"
WshShell.RegDelete "HKLM"&Smwnc&"Winlogon\LegalNoticeText"
WshShell.RegDelete "HKLM"&Smwc&"Run\Ageia"
WshShell.RegDelete "HKLM"&Smwc&"Run\r4n694-24y"
WshShell.RegDelete "HKCU"&Smie&"Main\Window Title"
WshShell.RegDelete "HKCU"&Smwc&"Policies\Explorer\NoFind"
WshShell.RegDelete "HKCU"&Smwc&"Policies\Explorer\NoFolderOptions"
WshShell.RegDelete "HKCU"&Smwc&"Policies\Explorer\NoRun"
WshShell.RegDelete "HKCU"&Smwc&"Policies\Explorer\NoViewContextMenu"
WshShell.RegDelete "HKCU"&Smwc&"Policies\Explorer\NoTrayContextMenu"
WshShell.RegDelete "HKCU"&Smwc&"Policies\Explorer\NoWinKeys"
WshShell.RegDelete "HKCU"&Smwc&"Policies\System\DisableRegistryTools"
WshShell.RegDelete "HKCU"&Smwc&"Policies\System\DisableTaskMgr"
WshShell.RegDelete "HKCU"&Smwc&"Policies\System\DisableRegedit"
WshShell.RegDelete "HKCU"&Smwc&"Policies\System\DisableCMD"
WshShell.RegDelete "HKCU"&Smwc&"Policies\ActiveDesktop\NoChangingWallpaper"
WshShell.RegDelete "HKCU"&Smwc&"Explorer\RunMRU\"
WshShell.RegDelete Hsmwci&"cmd.exe\"
WshShell.RegDelete Hsmwci&"helpctr.exe\"
WshShell.RegDelete Hsmwci&"msconfig.exe\"
WshShell.RegDelete Hsmwci&"regedit.exe\"
WshShell.RegDelete Hsmwci&"regedt32.exe\"
WshShell.RegDelete Hsmwci&"TaskMgr.exe\"
WshShell.RegDelete Hsmwci&"attrib.exe\"
WshShell.RegDelete Hsmwci&"install.exe\"
WshShell.RegDelete Hsmwci&"setup.exe\"
WshShell.RegDelete Hsmwci&"PCMAV.exe\"
WshShell.RegDelete Hsmwci&"PCMAV-CLN.exe\"
WshShell.RegDelete Hsmwci&"PCMAV-RTP.exe\"
WshShell.RegDelete Hsmwci&"PCMAV-SE.exe\"
WshShell.RegDelete Hsmwci&"VB6.exe\"
WshShell.RegDelete Hsmwci&"autorun.exe\"
WshShell.RegDelete Hsmwci&"ansav.exe\"
WshShell.RegDelete Hsmwci&"ansavgd.exe\"
WshShell.RegDelete Hsmwci&"avscan.exe\"
WshShell.RegDelete Hsmwci&"avgnt.exe\"
WshShell.RegDelete Hsmwci&"gav.exe\"
WshShell.RegDelete Hsmwci&"iexplore.exe\"
WshShell.RegDelete Hsmwci&"firefox.exe\"
WshShell.RegDelete Hsmwci&"procexp.exe\"
WshShell.RegDelete Hsmwci&"procexpNT.exe\"
WshShell.RegDelete Hsmwci&"AppSvc32.exe\"
WshShell.RegDelete Hsmwci&"ccApp.exe\"
WshShell.RegDelete Hsmwci&"ccSvcHst.exe\"
WshShell.RegDelete Hsmwci&"Rtvscan.exe\"
WshShell.RegDelete Hsmwci&"Smc.exe\"
WshShell.RegDelete Hsmwci&"SmcGui.exe\"
WshShell.RegDelete Hsmwci&"egui.exe\"
WshShell.RegDelete Hsmwci&"ekrn.exe\"
WshShell.RegDelete Hsmwci&"RegistryEditor.exe\"
WshShell.RegDelete Hsmwci&"wordpad.exe\"
WshShell.RegDelete Hsmwci&"viremoval.exe\"
WshShell.RegDelete Hsmwci&"viremover.exe\"
For Each FlashDisk In fso.drives
If (FlashDisk.drivetype = 1 Or FlashDisk.drivetype = 2) And FlashDisk.Path <> "A:" Then
set autoruninf = fso.GetFile(FlashDisk.Path & "\autorun.inf")
autoruninf.Delete true
set dekstopini = fso.GetFile(FlashDisk.Path & "\dekstop.ini")
dekstopini.Delete true
End If
Next
selamat mencoba. apabila ada keluhan lain selain efek tsb diatas silakan isi komen.
Tidak ada komentar:
Posting Komentar