HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 
\360tray
\360safe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 
\StormCodec_Helper
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler 
HKEY_CURRENT_USER\Control Panel\Desktop 
复制代码

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 
\360tray
\360safe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 
\StormCodec_Helper
复制代码

1、楼主说的规则是“去除下行无键值的[key_行]”，但是所举的例子并没有很明显的迎合这条规则之处
2、第一部分的第1行为什么在第二部分中被挪到第7行？感觉根本没有规律啊
3、\360safe 这个键值为何在第二部分里出现了两次呢？
复制代码

@echo off
(for /f "skip=1 delims=" %%a in (1.txt) do (
   if defined str echo;!str:~1!
   endlocal
   set "str=#%%a"
   setlocal enabledelayedexpansion
))>2.txt
复制代码

@Echo Off&SetLocal EnableDelyaedExpansion
(For /F %%I IN ('Type 1.txt^&Echo End') Do (
  Set "Str=%%I"
  If "!Var:~,1!" EQU "\" (
    Echo !Var!
    ) Else (
    If "!Str:~,1!" EQU "\" Echo !Var!
  )
  Set "Var=%%I"
))>2.txt
Start 2.txt
复制代码

@echo off&setlocal enabledelayedexpansion
set n2===================================
for /f "tokens=1 delims=:" %%a in ('findstr /b /n "注册表" SREngLOG.log') do set/a n1=%%a-1
>a.txt (for /f "tokens=*" %%a in ('more +!n1! SREngLOG.log') do if not %%a==!n2! (echo.%%a) else (goto v))
:v
cd.>注册表.txt
cd.>注册表黑名单.txt
setlocal enabledelayedexpansion
for /f "tokens=*" %%i in (a.txt) do (
set var=%%i
set "var=!var:注册表=%正常!" 
set "var=!var:(Infected)=%正常!" 
set "var=!var:(Verified)=%正常!"
set "var=!var:<run><>=%正常!"
set "var=!var:<WebCheck><>=%正常!"
set "var=!var:<load><>=%正常!"
set "var=!var:<N>=%正常!" 
set "var=!var:biroas.dll=C:\WINDOWS\system32\biroas.dll!"
set "var=!var:<Userinit>=%正常!"
set "var=!var:<AppInit_DLLs><>=%正常!"
set "var=!var:<>=%!"
set "var=!var:<AsusServiceProvider>=%正常!" 
set "var=!var:<; "D:\softwares\杀毒软件\Macfee\Common Framework\UdaterUI.exe" /StartedFromRunKey>=%正常!" 
set "var=!var:[File is missing]=%   [注册表残留项]!"
set "var=!var:<KernelFaultCheck>=%正常!"
set "var=!var:<Microsoft Windows>=%正常!"
set "var=!var:<NetMeeting 3.01>=%正常!"
set "var=!var:<Microsoft Windows Media Player>=%正常!"
set "var=!var:AdobeUpdateManager.exe=%正常!"
set "var=!var:Gemini\H3C\gmMgr_h3c.exe=%正常!"
set "var=!var:<Microsoft Windows Media Player 11>=%正常!"
set "var=!var:<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background>=%正常!"
set "var=!var:<Microsoft Windows Mail 7>=%正常!"
set "var=!var:system32\PSDrvCheck.exe=%正常!" 
set "var=!var:<WrtMon.exe>=%正常!"
set "var=!var:CCBComponents\DMWZ\CCBCertificate.exe=%正常!" 
set "var=!var:system32\shmgrate.exe =%正常!"
set "var=!var:system32\themeui.dll=%正常!"
set "var=!var:<; "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1>=%正常!"
set "var=!var:<SunJavaUpdateSched><C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe>=%正常!"
set "var=!var:<nwiz><nwiz.exe /installquiet /keeploaded /nodetect>=%正常!"   
set "var=!var:<nwiz><nwiz.exe /install>=%正常!"
set "var=!var:\WPS Office Personal\downloads\wpsupdate.vbs=%正常!"
set "var=!var:<nwiz><; nwiz.exe /install>=%正常!" 
set "var=!var:<SCRNSAVE.EXE><C:\WINDOWS\LITTLE~1.SCR>=%正常!"   
set "var=!var:<WinlogonNotify: Antiwpa><antiwpa.dll>=%正常!" 
set "var=!var:<bgswitch><; C:\WINDOWS\system32\bgswitch.exe>=%正常!" 
set "var=!var:<PHIME2002A>=%正常!"
set "var=!var:<BC_MGR><"C:\Program Files\交通银行\bcmgr.exe" -r>=%正常!" 
set "var=!var:<IMJPMIG8.1>=%正常!"
set "var=!var:<\\192.168.0.252\run$\jws.exe>=正常!"
set "var=!var:Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe=%正常!" 
set "var=!var:ThinkPad\ConnectUtilities\=%正常!"
set "var=!var:<PHIME2002ASync>=%正常!"  
set "var=!var:<BigDogPath>=%正常!" 
set "var=!var:<iPhone PC Suite>=%正常!"
set "var=!var:<WebThunder>=%正常!"
set "var=!var:Outlook=%正常!"
set "var=!var:ACNotify.dll=%正常!"
set "var=!var:bin\WinGUI.exe=%正常!"
set "var=!var:<; C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe>=%正常!"  
set "var=!var:ssMgr_ccb=%正常!"
set "var=!var:<Vopclient>=%正常!"
set "var=!var:菜单\程序\启动=%正常!"
set "var=!var:\ATI Technologies\=%正常!"
set "var=!var:\ASUS\ASUS Live Update\ALU.exe=%正常!"
set "var=!var:\kloehk.dll>=%正常!" 
set "var=!var:<PSDrvCheck>=%正常!"
set "var=!var:<VMware hqtray>=%正常!"
set "var=!var:<; C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER>=%正常!"
set "var=!var:PCHealth=%正常!"
set "var=!var:<EPSON Stylus Photo 1390 Series>=%正常!"
set "var=!var:<renzheng><C:\renzheng\webaClient.exe>=%正常!" 
set "var=!var:<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>=%正常!" 
set "var=!var:<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>=%正常!" 
set "var=!var:<WinlogonNotify: tpfnf2><notifyf2.dll>=%正常!"
set "var=!var:<WinlogonNotify: igfxcui><igfxdev.dll>=%正常!"
set "var=!var:<WinlogonNotify: tphotkey><tphklock.dll>=%正常!"
set "var=!var:<switch><c:\windows\system32\壁纸自动换.exe>=%正常!" 
set "var=!var:<switch><c:\windows\system32\bgswitch.exe>=%正常!" 
set "var=!var:<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>=%正常!" 
set "var=!var:<AppInit_DLLs><APIHookDll.dll>=%正常!"
set "var=!var:<domino><C:\WINDOWS\domino.exe>=%正常!" 
set "var=!var:<VMSnap1><C:\WINDOWS\VMSnap1.exe>=%正常!" 
set "var=!var:<HTpatch><C:\WINDOWS\htpatch.exe>=%正常!"            
set "var=!var:<WinlogonNotify: DfLogon><LogonDll.dll>=%正常!"
set "var=!var:system32/themeui.dll=%正常!"
set "var=!var:<EQSysSecure>=%正常!"
set "var=!var:<WinlogonNotify: WgaLogon>=%正常!"
set "var=!var:<Resume copy><; copyfstq.exe /startup>=%正常!" 
set "var=!var:<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>=%正常!" 
set "var=!var:{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}=%正常!"
set "var=!var:{60B49E34-C7CC-11D0-8953-00A0C90347FF}=%正常!"
set "var=!var:{60B49E34-C7CC-11D0-8953-00A0C90347FF}=%正常!"
set "var=!var:{26923b43-4d38-484f-9b9e-de460746276c}=%正常!"
set "var=!var:{881dd1c5-3dcf-431b-b061-f3f88e8be88a}=%正常!"
set "var=!var:{2C7339CF-2B09-4501-B3F3-F3508C9228ED}=%正常!"
set "var=!var:{44BBA840-CC51-11CF-AAFA-00AA00B6015C}=%正常!"
set "var=!var:{44BBA842-CC51-11CF-AAFA-00AA00B6015B}=%正常!"
set "var=!var:{5945c046-1e7d-11d1-bc44-00c04fd912be}=%正常!"
set "var=!var:{6BF52A52-394A-11d3-B153-00C04F79FAA6}=%正常!"
set "var=!var:{7790769C-0471-11d2-AF11-00C04FA35D02}=%正常!"
set "var=!var:{22d6f312-b0f6-11d0-94ab-0080c74c7e95}=%正常!"
set "var=!var:{89820200-ECBD-11cf-8B85-00AA005B4340}=%正常!"
set "var=!var:{89820200-ECBD-11cf-8B85-00AA005B4383}=%正常!"
set "var=!var:{89B4C1CD-B018-4511-B0A1-5476DBF70820}=%正常!"
set "var=!var:Winlogon\Notify\crypt32chain=正常!"
set "var=!var:Winlogon\Notify\cryptnet=正常!"
set "var=!var:Winlogon\Notify\cscdll=正常!"
set "var=!var:Winlogon\Notify\dimsntfy=正常!"
set "var=!var:Winlogon\Notify\igfxcui=正常!"
set "var=!var:Winlogon\Notify\ScCertProp=正常!"
set "var=!var:Winlogon\Notify\Schedule=正常!"
set "var=!var:Winlogon\Notify\sclgntfy=正常!"
set "var=!var:Winlogon\Notify\SensLogn=正常!"
set "var=!var:Winlogon\Notify\termsrv=正常!"
set "var=!var:Winlogon\Notify\wlballoon=正常!"
set "var=!var:\Image File Execution Options\=正常!"
set "var=!var:\Windows NT\CurrentVersion\Windows=正常!"
set "var=!var:\Windows NT\CurrentVersion\Winlogon=正常!"
set "var=!var:Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks=正常!"
set "var=!var:ShellServiceObjectDelayLoad=正常!"
set "var=!var:[Microsoft Corporation]=正常!"
set "var=!var:CurrentVersion\Explorer\SharedTaskSchedule=正常!"
set "var=!var:HKEY_CURRENT_USER\Control Panel=正常!"
set "var=!var:<WangWang>=正常!"
set "var=!var:[VMware, Inc.]=正常!"
set "var=!var:{=正常!"
set "var=!var:IFEO=正常!"
set "var=!var:注册表残留项=%!" 
set "var=!var:[]=%!"
set "var=!var:<=%\!"
echo !var! >>注册表.txt
) 
@findstr /v "正常" 注册表.txt >>注册表黑名单.txt
cd.>1.txt
for /f "tokens=1,2 delims=>" %%i in (注册表黑名单.txt) do echo %%i >>1.txt
del /q a.txt
del /q 注册表.txt
复制代码

@Echo Off&SetLocal EnableDelayedExpansion
set hh=^


For /F "skip=1 delims=" %%I IN (1.txt) Do (
  If "%%~pI" neq "\" (
    set str=!hh!%%I
  ) else (
    set var=!var!!str!!hh!%%I
    set str=
  )
)
for /f "delims=" %%a in ("!var!") do echo %%a
pause
复制代码

@Echo Off
(For /F "skip=1 delims=" %%I IN (1.txt) Do (
  for /f "tokens=1* delims=;" %%a in ("!var!;!str!") do (
    endlocal
    set var=%%a
    set str=%%b
  )
  set var=%%I
  setlocal enabledelayedexpansion
  If "%%~pI" neq "\" (
    set str=!var!
  ) else (
    if defined str echo !str!
    set str=
    echo !var!
  )
))>2.txt
pause
复制代码

@Echo Off&SetLocal EnableDelayedExpansion
For /F "tokens=*" %%i IN (1.txt) Do (
    set "str=%%i"
    if "!str:~,1!" equ "\" (
       if defined var (echo !var!&set var=&echo %%i) ELSE echo %%i
    ) else set var=%%i
)
pause
复制代码