• Windows 自动更新服务恢复

    之前手贱删除了Windows的自动更新服务,命令:

    SC DELETE Wuauserv

    悲剧的是最近中了【永恒之蓝】病毒,很恼人!杀了毒,最后还是得仰仗Windows的补丁来加固系统。于是想通过SC命令恢复Windows的自动更新服务,命令如下:

    sc create wuauserv binpath= "C:windowssystem32svchost.exe -k netsvcs"   start= auto displayname= "Windows Update" depend= RpcSs

    命令是执行成功了,服务也添加上了,但是死活启动不了,报找不到指定文件~ 坑~

    最后在注册表对比了其他的Windows服务发现了端倪。原来Windows的这些服务并没有表面那么简单(通过Services.msc 控制单元查看属性)。

    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetserviceswuauserv

    上面这个就是Windows自动更新服务的注册表项,要恢复如初可以使用下面的注册表编辑命令:

    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetserviceswuauserv]
"PreshutdownTimeout"=dword:036ee800
"DisplayName"="@%systemroot%\system32\wuaueng.dll,-105"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%systemroot%\system32\wuaueng.dll,-106"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000020
"DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,
  65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,
  61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,
  62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,
  00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,
  79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,
  00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,
  6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,
  00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,
  75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,
  00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,
  00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetserviceswuauservParameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
  77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceMain"="WUServiceMain"
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetserviceswuauservSecurity]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,
  00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,
  00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,
  05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,
  20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

    保存为 *.reg 格式,然后双击导入注册表即可。

     
  • 相关阅读:
    工坊第五天
    工坊第四天
    工坊第三天
    工坊第二天
    工坊第一天
    莫队 优雅暴力出奇迹
    状压 DP 总结
    关于MatlabGUI清除WorkSpace的用法
    ArduinoNano卡在上传,无法烧录
    两轮差速驱动机器人的坐标轨迹计算
  • 原文地址:https://www.cnblogs.com/WinHEC/p/Restore_Wuauserv.html
Copyright © 2020-2023  润新知