:reset
set slection1=
set/p slection1=请输入IP地址:
netsh interface ip set address name="本地连接" source=static addr=%slection1% mask=255.255.255.0
set slection2=
set/p slection2=请输入网关地址:
netsh interface ip set address name="本地连接" gateway=%slection2% gwmetric=0
set slection3=
set/p slection3=请输入主dns地址
netsh interface ip set dns name="本地连接" source=static addr=%slection3% register=PRIMARY
set slection4=
set/p slection4=请输入备份dns地址
netsh interface ip add dns name="本地连接" addr=%slection4%
netsh interface ip set wins name="本地连接" source=static addr=none
pause >nul
goto menu
:nb
@echo off
cls
rem Copyright (C) 2003-05 Ansgar Wiechers & Torsten Mann
rem Contact: admin@ntsvcfg.de
rem
rem This program is free software; you can redistribute it and/or modify it under
rem the terms of the GNU General Public License as published by the Free Software Foundation;
rem either version 2 of the License, or (at your option) any later version.
rem This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
rem without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rem See the GNU General Public License for more details.
rem
rem You should have received a copy of the GNU General Public License along with this program;
rem if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
rem MA 02111-1307, USA.
echo.
REM Tested on ... Windows XP Pro SP2
REM NEW ... basic XP64 Support - Warning - Experimental!!
REM Showing XP64-Message generated by script on XP32 systems fixed
setlocal
REM *** INIT_VARS ***
set CHK_SVC=YES
set XPSP2=FALSE
set SERVER=FALSE
set NT_SERVER_CHK=TRUE
:START
echo "智能化测试优化系统"(此处用第三方代码,在此表示感谢!由万顺达电脑yAng汉化)
echo =========================================================================
set find=%SystemRoot%\System32\find.exe
set regedit=%SystemRoot%\regedit.exe
if not exist "%find%" goto :NOFIND
if not exist "%regedit%" goto :NOREGEDIT
if not "%1" == "%*" goto :SYNTAX
if /I "%1"=="/?" goto :HELP
if /I "%1"=="/help" goto :HELP
if /I "%1"=="-h" goto :HELP
if /I "%1"=="--help" goto :HELP
if /I "%1"=="-?" goto :HELP
if /I "%1"=="--?" goto :HELP
if /I "%1"=="/fix" goto :FIX
if /I "%1"=="/default" goto :RESTORE_DEFAULTS
goto :VERSION
:SYNTAX
echo.
echo.
echo !!Syntax error!!
echo ________________
echo Es kann nur ein oder kein Parameter angegeben werden.
echo.
echo Only one or no parameter allowed.
goto :QUIT
:HELP
echo.
echo -= Hilfe =-
echo Parameter:
echo /lan.......einige Dienste (fuer LAN-Betrieb) bleiben unveraendert.
echo /std.......Schliesst alle Ports, laesst aber einige Dienste unveraendert
echo /all.......Setzt ALLE Aenderungen nach www.kssysteme.de um (hardening)
echo /restore...Nimmt die letzten Aenderungen zurueck.
echo /reLAN.....Reaktiviert Dienste, dir fuer LAN-Betrieb benoetigt werden.
echo.
echo Parameters:
echo /lan.......Some services needed for LAN-usage stay unchanged!
echo /std.......Closes all Ports, but some services stay unchanged
echo /all.......Changes all issues recommended by www.ntsvcfg.de ("hardening")
echo /restore...Undo last changes.
echo /reLAN.....Reactivates services required for LAN.
echo /default...Restoring factory service settings (before first time usage)
echo.
echo example: svc2kxp.cmd /all
echo.
set /P CHS= [Press "G" for GNU GPL informations or "Q" for quit]?
if /I "%CHS%"=="G" goto :GNU_GPL
if /I "%CHS%"=="Q" goto :QUIT_EXT
CLS
goto :HELP
:GNU_GPL
CLS
echo Informations about GNU-General Public License for "svc2kxp.cmd"
echo ===============================================================
echo.
echo Copyright (C) 2003-05 Ansgar Wiechers, Torsten Mann
echo Contact: admin@ntsvcfg.de
echo.
echo This program is free software; you can redistribute it and/or modify it under
echo the terms of the GNU General Public License as published by the Free Software
echo Foundation; either version 2 of the License, or (at your option) any later
echo version. This program is distributed in the hope that it will be useful, but
echo WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
echo FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
echo details.
echo.
echo You should have received a copy of the GNU General Public License along with
echo this program; if not, write to the:
echo.
echo Free Software Foundation, Inc.
echo 59 Temple Place, Suite 330
echo Boston, MA 02111-1307, USA.
echo.
set /P CHS= [Press "H" for help or "Q" for quit]?
CLS
if /I "%CHS%"=="H" goto :HELP
if /I "%CHS%"=="Q" goto :QUIT_EXT
goto GNU_GPL
:VERSION
echo 检查系统版本...
if /I "%NT_SERVER_CHK%"=="FALSE" goto :SKIP_NT_SERVER_CHK
REM Checking for running server version
"%regedit%" /e "%TEMP%\~svr.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions"
type "%TEMP%\~svr.txt"|"%find%" /i "Server" >NUL
if not errorlevel 1 set SERVER=TRUE
type "%TEMP%\~svr.txt"|"%find%" /i "LanMan" >NUL
if not errorlevel 1 set SERVER=TRUE
if exist "%TEMP%\~svr.txt" del /F /Q "%TEMP%\~svr.txt"
if /I "%SERVER%"=="TRUE" goto :NTSERVER
:SKIP_NT_SERVER_CHK
ver | "%find%" /i "Windows 2000" > nul
if not errorlevel 1 goto :OS2K
ver | "%find%" /i "Windows XP" > nul
if not errorlevel 1 goto :OSXP
ver | "%find%" /i "Microsoft Windows [Version 5.2.3790]" > nul
if not errorlevel 1 goto :OSXP64
echo !!Failed!!
echo __________
echo.
echo Dieses Script ist nur unter Windows 2000 oder XP lauffaehig!
echo.
echo This script works only on Windows 2000/XP machines!
echo.
goto :QUIT
:NOFIND
echo.
echo !!Failed!!
echo __________
echo.
echo Leider konnte folgende Datei nicht gefunden werden:
echo.
echo Sorry, but following file is missing:
echo.
echo.
echo # %SystemRoot%\System32\FIND.EXE
echo.
echo.
goto :QUIT
:NOREGEDIT
echo.
echo !!Failed!!
echo __________
echo.
echo Leider konnte folgende Datei nicht gefunden werden:
echo.
echo Sorry, but following file is missing:
echo.
echo.
echo # %SystemRoot%\REGEDIT.EXE
echo.
echo.
goto :QUIT
:NTSERVER
echo.
echo !!Failed!!
echo __________
echo.
echo Dieses Script unterstuetzt keine NT Server Versionen!
echo.
echo This script doesn't support NT server versions!
echo.
goto :QUIT
:OS2K
rem Specific OS Detection I
set SYSTEM=2k
rem Testing for XP ServicePacks
"%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 4" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 3" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
if errorlevel==1 (
echo !Windows 2000 [Service Pack 4] detected!
goto :NO_2KSP
:NO_2kSP
if exist "%TEMP%\~svclist.txt" del /F /Q "%TEMP%\~svclist.txt"
goto :CONTINUE
:OSXP
rem Specific OS detection II
set SYSTEM=xp
rem Testing for XP ServicePack 2
"%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
if errorlevel==1 (
SET XPSP2=FALSE
echo !Windows XP [no or unknown Service Pack] detected!
goto NO_XPSP
)
SET XPSP2=FALSE
echo !Windows XP [Service Pack 1] detected!
goto :NO_XPSP
)
SET XPSP2=TRUE
echo !Windows XP [ServicePack 2] detected!
goto :NO_XPSP
:OSXP64
rem Specific OS detection II
set SYSTEM=xp
rem Testing for XP ServicePack 2
"%regedit%" /e "%TEMP%\~svclist.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 2" >NUL
if errorlevel==1 (
type "%TEMP%\~svclist.txt"|"%find%" /i "Service Pack 1" >NUL
if errorlevel==1 (
SET XPSP2=FALSE
echo !EXPERIMENTAL! Windows XP64 [no or unknown Service Pack] detected!
goto NO_XPSP
)
SET XPSP2=FALSE
echo !EXPERIMENTAL! Windows XP64 [Service Pack 1] detected!
goto :NO_XPSP
)
SET XPSP2=TRUE
echo !EXPERIMENTAL! Windows XP64 [ServicePack 2] detected!
goto :NO_XPSP
:NO_XPSP
if exist "%TEMP%\~svclist.txt" del /F /Q "%TEMP%\~svclist.txt"
goto :CONTINUE
:CONTINUE
REM Creating subdirectory "ntsvcfg" in userprofile if necessary
if not exist "%USERPROFILE%\ntsvcfg\*.*" mkdir "%USERPROFILE%\ntsvcfg"
REM Moving old script backup files to ...\%USERNAME%\ntsvcfg :
if exist "%USERPROFILE%\dcom.reg" move /Y "%USERPROFILE%\dcom.reg" "%USERPROFILE%\ntsvcfg\dcom.reg"
if exist "%USERPROFILE%\dcomp.reg" move /Y "%USERPROFILE%\dcomp.reg" "%USERPROFILE%\ntsvcfg\dcomp.reg"
if exist "%USERPROFILE%\services.reg" move /Y "%USERPROFILE%\services.reg" "%USERPROFILE%\ntsvcfg\services.reg"
if exist "%USERPROFILE%\current_services_config.reg" move /Y "%USERPROFILE%\current_services_config.reg" "%USERPROFILE%\ntsvcfg\current_services_config.reg"
if exist "%USERPROFILE%\smb.reg" move /Y "%USERPROFILE%\smb.reg" "%USERPROFILE%\ntsvcfg\smb.reg"
if exist "%USERPROFILE%\FPRINT.REF" move /Y "%USERPROFILE%\FPRINT.REF" "%USERPROFILE%\ntsvcfg\FPRINT.REF"
if exist "%USERPROFILE%\handler_aim.reg" move /Y "%USERPROFILE%\handler_aim.reg" "%USERPROFILE%\ntsvcfg\handler_aim.reg"
if exist "%USERPROFILE%\handler_gopher.reg" move /Y "%USERPROFILE%\handler_gopher.reg" "%USERPROFILE%\ntsvcfg\handler_gopher.reg"
if exist "%USERPROFILE%\handler_telnet.reg" move /Y "%USERPROFILE%\handler_telnet.reg" "%USERPROFILE%\ntsvcfg\handler_telnet.reg"
if exist "%USERPROFILE%\services.reg.default" move /Y "%USERPROFILE%\services.reg.default" "%USERPROFILE%\ntsvcfg\services.reg.default"
if exist "%USERPROFILE%\dcom.reg.default" move /Y "%USERPROFILE%\dcom.reg.default" "%USERPROFILE%\ntsvcfg\dcom.reg.default"
if exist "%USERPROFILE%\dcomp.reg.default" move /Y "%USERPROFILE%\dcomp.reg.default" "%USERPROFILE%\ntsvcfg\dcomp.reg.default"
if exist "%USERPROFILE%\smb.reg.default" move /Y "%USERPROFILE%\smb.reg.default" "%USERPROFILE%\ntsvcfg\smb.reg.default"
if exist "%USERPROFILE%\handler_aim.reg.default" move /Y "%USERPROFILE%\handler_aim.reg.default" "%USERPROFILE%\ntsvcfg\handler_aim.reg.default"
if exist "%USERPROFILE%\handler_gopher.reg.default" move /Y "%USERPROFILE%\handler_gopher.reg.default" "%USERPROFILE%\ntsvcfg\handler_gopher.reg.default"
if exist "%USERPROFILE%\handler_telnet.reg.default" move /Y "%USERPROFILE%\handler_telnet.reg.default" "%USERPROFILE%\ntsvcfg\handler_telnet.reg.default"
REM *****Declarations*****
set SELECT="no"
set SVC_BAK=%USERPROFILE%\ntsvcfg\services.reg
set SVC_SAV=%USERPROFILE%\ntsvcfg\current_services_config.reg
set DCOM_BAK=%USERPROFILE%\ntsvcfg\dcom.reg
set DCOMP_BAK=%USERPROFILE%\ntsvcfg\dcomp.reg
set SMB_BAK=%USERPROFILE%\ntsvcfg\smb.reg
set DCOM_TMP=%TEMP%\dcomoff.reg
set DCOMP_TMP=%TEMP%\dcompoff.reg
set SMB_TMP=%TEMP%\smboff.reg
set FPRINT=%USERPROFILE%\ntsvcfg\FPRINT.REF
set HANDLER1=%USERPROFILE%\ntsvcfg\handler_aim.reg
set HANDLER2=%USERPROFILE%\ntsvcfg\handler_gopher.reg
set HANDLER3=%USERPROFILE%\ntsvcfg\handler_telnet.reg
set NB_TMP=%TEMP%\nb_off.vbs
set srctmp=%USERPROFILE%\~srcreate.vbs
REM *****Options*****
set SCHEDULER_ENABLED=NO
set UseXPSysRestore=YES
set RESTORE=NO
set SVC_MOD=NO
set USE_FPRINT=YES
set Deactivate_NetBIOS=YES
set RESTORE_MODE=2
REM *****APP_PATHs******
set NET=%SystemRoot%\system32\net.exe
set SC=%SystemRoot%\system32\sc.exe
set FC=%SystemRoot%\system32\fc.exe
set IPCONFIG=%SystemRoot%\system32\ipconfig.exe
echo 检查本机配置: [本地], 请等待 ...
"%net%" user "%USERNAME%" 2> nul | "%find%" /i "admin" | "%find%" /i /v "name" > nul
if errorlevel 1 (
echo " " " : [domain], please wait ...
"%net%" user "%USERNAME%" /domain 2> nul | "%find%" /i "admin" | "%find%" /i /v "name" > nul
if errorlevel 1 (
echo.
echo 失败
echo __________
echo 此项任务需要管理员权限
echo.
echo 对不起,您没有足够的权限进行此项改动...
echo 请重新以管理员身份进行登陆
echo.
goto :END
)
)
set IMPORT_OLD_FILES=FALSE
rem searching for sc.exe
if not exist "%FPRINT%" echo Checking for presence of SC.EXE ...
"%sc%" qc > nul 2>&1
if errorlevel 1 (
echo !!Failed!!
echo __________
echo [%SystemRoot%\SYSTEM32\] gefunden werden.
echo.
echo 找不到文件SC.EXE[%SystemRoot%\SYSTEM32\].
echo 请到下面的位置下载
echo.
echo.
echo -= ftp://ftp.microsoft.com/reskit/win2000/sc.zip =-
echo.
echo 请重新安装该文件
echo ======================
echo svx2kxp.cmd kann versuchen, die notwendige Datei selbst zu installieren.
echo 欢迎访问http://user.qzone.qq.com/37930909
echo.
echo 本软件正在进行尝试,请稍等
echo 网络连接中....
goto :SC_DOWNLOAD
)
if /I "%1"=="/all" (
set SELECT="/all"
goto :SKIP_MENUE
)
if /I "%1"=="/relan" (
set SELECT="/relan"
goto :SKIP_MENUE
)
if /I "%1"=="/std" (
set SELECT="/std"
goto :SKIP_MENUE
)
rem checking for modified services
if /I %CHK_SVC%==YES (
if /I %USE_FPRINT%==YES (
if exist "%FPRINT%" (
rem Creating fingerprint of current service settings...
if exist "%USERPROFILE%\svc2cmp.sav" del /F /Q "%USERPROFILE%\svc2cmp.sav"
"%sc%" query type= service state= all bufsize= 8192 | %FIND% "SERVICE_NAME" >%TEMP%\~svclist.txt
for /F "tokens=1*" %%a in (%TEMP%\~svclist.txt) do (
echo %%b >>"%USERPROFILE%\svc2cmp.sav"
"%sc%" query "%%b" | %FIND% "STATE" >>"%USERPROFILE%\svc2cmp.sav"
"%sc%" qc "%%b" | %FIND% "DISPLAY_NAME" >>"%USERPROFILE%\svc2cmp.sav"
"%SC%" qc "%%b" | %FIND% "START_TYPE" >>"%USERPROFILE%\svc2cmp.sav"
echo. >> "%USERPROFILE%\svc2cmp.sav"
)
del "%TEMP%\~svclist.txt"
"%FC%" "%FPRINT%" "%USERPROFILE%\svc2cmp.sav" >NUL
if errorlevel 1 goto :DIFF
goto OK
:DIFF
echo 检查经过改动的本机服务选项 ... 本机服务已经经过改动,分析中....
set SVC_MOD=YES
goto :MOD_END
:OK
echo 检查原来的服务..... ... OK
set SVC_MOD=NO
if exist "%USERPROFILE%\svc2cmp.sav" del /F /Q "%USERPROFILE%\svc2cmp.sav"
goto :MOD_END
:MOD_END
REM
)
)
)
set CHK_SVC=NO
if /I "%1"=="/restore" goto :RESTORE
:MENUE
if /I "%1"=="/lan" goto :SKIP_MENUE
echo.
echo -= yAng请您耐心等待 =-
echo.
echo.
echo (1) 局域网: 您使用的是局域网,程序将以此为基础进行优化
echo (2) 标 准: 进行标准的系统,网络优化
echo (3) 所 有: 对所有选项进行优化,保障您有一个更完美的系统及网络
echo (4) 恢 复: 恢复之前进行的改动。
echo ______________________________________________________________________________
echo.
echo 请选择您要进行的优化:
echo.
echo (1) 局域网: 局域网上网方式所需要的服务不变动
echo (2) 标 准: 关闭无用的端口,但保留系统服务
echo (3) 所 有: 就已知的可优化项目进行优化
echo (4) 恢 复: 恢复之前进行的一切改动
echo.
set /P CHS= wingyao提醒您选择要进行的操作: [1],[2],[3],[4], 按[M]更多选项 或者[Q]退出 选择:
if /I "%CHS%"=="1" (
set SELECT="/lan"
goto :SKIP_MENUE
)
if /I "%CHS%"=="2" (
set SELECT="/std"
goto :SKIP_MENUE
)
if /I "%CHS%"=="3" (
set SELECT="/all"
goto :SKIP_MENUE
)
if /I "%CHS%"=="4" goto :RESTORE
if /I "%CHS%"=="R" goto :RESTORE
if /I "%CHS%"=="M" goto :MORE_OPTIONS
if /I "%SVC_MOD%"=="YES" if /I "%CHS%"=="E" goto :EVALUATE_SERVICES
if /I "%CHS%"=="G" goto :CREATING_NEW_FINGERPRINT
if /I "%CHS%"=="Q" goto :QUIT
cls
goto :START
:SKIP_MENUE
rem Checking if old restorefiles exists.
rem if it is so old files will be restored before new changes
if not exist "%SVC_BAK%" goto :NO_RESTORE
if /I %RESTORE_MODE%==3 goto :NO_RESTORE
if /I %RESTORE_MODE%==4 goto :NO_RESTORE
set RESTORE=YES
echo.
echo _______________________________________________________________________
echo.
echo [选择恢复选项: %RESTORE_MODE%]
echo.
echo # Achtung: Alte Sicherungsdateien gefunden!
echo.
echo.
echo 注意: 找到可以恢复的旧配置
echo.
echo 这不是您第一次运行本程序,请仔细检查之前进行的改动
echo 确认无问题后,方可继续....
echo.
echo.
echo # Starting restore ...
goto RESTORE_EXT
:NO_RESTORE
rem query if taskplaner should run
if /I "%SYSTEM%"=="2k" goto :SKIP_SQUERY
if /I "%SYSTEM%"=="xp" (
if /I %SELECT%=="" goto :SKIP_SQUERY
if /I %SELECT%=="/all" goto :SKIP_SQUERY
if /I %XPSP2%==True (
set SCHEDULER_ENABLED=YES
goto :SKIP_SQUERY
)
)
echo.
echo.
echo Rueckfrage / Query
echo ==================
echo.
echo Soll der Dienst "Taskplaner" beendet werden?
echo.
echo Wenn sie zeitgesteuerten Aufgaben [z.B. Antiviren-Updates] oder die automati-
echo sche Erstellung von Systemwiederherstellungspunkten nicht benoetigen, druecken
echo Sie eine BELIEBIGE TASTE, um auch Port 135 [RPC] sowie Port 1025 [Taskplaner]
echo zu schliessen [empfohlen!]. Andernfalls druecken Sie "N"!
echo.
echo.
echo Should the "scheduler service" be disabled?
echo.
echo If you have time-controlled tasks [i.e. AV-Updates] or you will not set
echo automatic system restore points press ANY KEY TO CONTINUE to close port 135
echo [RPC] and port 1025 [scheduler] instantly. Otherwise press "N"
echo ___________________________________________
echo.
set /P UNDO= Taskplaner beenden - Close scheduler [y/n]?
if /I "%UNDO%"=="n" set SCHEDULER_ENABLED=YES
echo - Removing needless URL Handler [AIM,gopher,telnet]
echo [-HKEY_CLASSES_ROOT\AIM] >> "%SMB_TMP%"
echo [-HKEY_CLASSES_ROOT\gopher] >> "%SMB_TMP%"
echo [-HKEY_CLASSES_ROOT\telnet] >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
"%regedit%" /s "%SMB_TMP%"
del /F /Q "%SMB_TMP%"
if /I %SELECT%=="/all" (
echo.
echo Disabling SMB port 445 ...
echo REGEDIT4 > "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >> "%SMB_TMP%"
echo "SMBDeviceEnabled"=dword:00000000 >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
"%regedit%" /s "%SMB_TMP%"
del /F /Q "%SMB_TMP%"
set REBOOT_REQUIRED=yes
)
if /I %SELECT%=="/std" (
echo.
echo Disabling SMB port 445 ...
echo REGEDIT4 > "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >> "%SMB_TMP%"
echo "SMBDeviceEnabled"=dword:00000000 >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
"%regedit%" /s "%SMB_TMP%"
del /F /Q "%SMB_TMP%"
set REBOOT_REQUIRED=yes
)
if /I %SELECT%=="/std" goto :NB_DISABLE
if /I %SELECT%=="/all" goto :NB_DISABLE
goto :SKIP_NB_DISABLE
:NB_DISABLE
if /I %DEACTIVATE_NETBIOS%==NO (
echo.
echo. Due problems with SP2 and deactivating NetBIOS this option
echo will be skipped.
echo.
goto :SKIP_NB_DISABLE
)
rem Because of problems with SP2 Netbios:
if /I %XPSP2%==True (
echo.
echo Note:
echo -----
echo If you experiencing problems after updating Windows XP with
echo Service Pack 2 please do following:
echo.
echo set Deactivate_NetBIOS=NO
echo.
)
rem *** Thx2 Johannes Lichtenberger for the following lines using VBScript***
echo Disable NetBios on all local interfaces ...
echo.
echo On Error Resume Next>> "%nb_tmp%"
echo.>> "%nb_tmp%"
echo TcpipoverNetbios = 2 '0=NetbiosfromDHCP 1=EnableNetbios 2=DisableNetbios>> "%nb_tmp%"
echo.>> "%nb_tmp%"
echo strComputer = ".">> "%nb_tmp%"
echo Set objWMIService = GetObject("winmgmts:\\" ^& strComputer ^& "\root\cimv2")>> "%nb_tmp%"
echo Set objNICs = objWMIService.ExecQuery _>> "%nb_tmp%"
echo ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")>> "%nb_tmp%"
echo For Each objNic In objNICs>> "%nb_tmp%"
echo errTcpipNetbios = objNic.SetTCPIPNetBIOS(TcpipoverNetbios)>> "%nb_tmp%"
echo Next>> "%nb_tmp%"
"%SYSTEMROOT%\SYSTEM32\CSCRIPT.EXE" "%nb_tmp%"
del /F /Q "%nb_tmp%"
set REBOOT_REQUIRED=yes
:SKIP_NB_DISABLE
rem Skip Billboard because /all is used
if /I %SELECT%=="/all" goto :SW_ALL
if /I %SELECT%=="/std" goto :SW_ALL
if /I %SELECT%=="/relan" goto :SW_ALL
echo.
echo ___________________________________________________________________
echo.
echo *** Zusammenfassung / Result ***
echo.
echo Es wurden NICHT alle Aenderungen umgesetzt!
echo Um alle Vorschlaege von kssysteme.de umzusetzen, verwenden Sie
echo bitte den Parameter '/all' oder waehlen Sie im Menue den Punkt "3".
echo.
echo Not all changes could be performed. To change all issues listed
echo on www.ntsvcfg.de please use parameter '/all' or select item "3"!
echo ___________________________________________________________________
:SW_ALL
if /I %SELECT%=="/relan" (
rem startup: auto
echo.
echo ------------------
echo Re-enabling services ...
"%sc%" config LmHosts start= auto
"%sc%" config RemoteRegistry start= auto
"%sc%" config SamSs start= auto
"%sc%" config Winmgmt start= auto
if /I "%SYSTEM%"=="2k" (
"%sc%" config RPCSs start= auto
"%sc%" config lanmanServer start= auto
"%sc%" config seclogon start= auto
)
if /I "%SYSTEM%"=="XP" (
rem "%sc%" config SharedAccess start= auto
)
"%sc%" query RemoteRegistry | "%find%" /i "1 STOPPED" >NUL
if not errorlevel 1 "%net%" start RemoteRegistry
"%sc%" query SamSs | "%find%" /i "1 STOPPED" >NUL
if not errorlevel 1 "%net%" start SamSs
"%sc%" query LmHosts | "%find%" /i "1 STOPPED" >NUL
if not errorlevel 1 "%net%" start LmHosts
"%sc%" query Winmgmt | "%find%" /i "1 STOPPED" >NUL
if not errorlevel 1 "%net%" start Winmgmt
if /I "%SYSTEM%"=="2k" (
"%sc%" query LanmanServer | "%find%" /i "1 STOPPED" >NUL
if not errorlevel 1 "%net%" start lanmanServer
"%sc%" query RPCSs | "%find%" /i "1 STOPPED" >NUL
if not errorlevel 1 "%net%" start RPCSs
"%sc%" query Seclogon | "%find%" /i "1 STOPPED" >NUL
if not errorlevel 1 "%net%" start seclogon
)
if /I "%SYSTEM%"=="XP" (
rem "%net%" start SharedAccess
)
rem enable SMB port 445
echo.
echo ------------------
echo Enabling SMB port 445 ...
echo REGEDIT4 > "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] >> "%SMB_TMP%"
echo "SMBDeviceEnabled"=dword:00000001 >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
echo. >> "%SMB_TMP%"
"%regedit%" /s "%SMB_TMP%"
del /F /Q "%SMB_TMP%"
set REBOOT_REQUIRED=yes
)
rem Creating fingerprint of current service settings...
if exist "%FPRINT%" del /F /Q "%FPRINT%"
if /I %USE_FPRINT%==YES (
echo.
echo Creating fingerprint which will take a few seconds ...
"%sc%" query type= service state= all bufsize= 8192 | %FIND% "SERVICE_NAME" > %TEMP%\~svclist.txt
for /F "tokens=1*" %%a in (%TEMP%\~svclist.txt) do (
echo %%b >>"%FPRINT%"
"%sc%" query "%%b" | %FIND% "STATE" >>"%FPRINT%"
"%sc%" qc "%%b" | %FIND% "DISPLAY_NAME" >>"%FPRINT%"
"%SC%" qc "%%b" | %FIND% "START_TYPE" >>"%FPRINT%"
echo. >> "%FPRINT%"
)
del "%TEMP%\~svclist.txt"
echo ... done.
)
goto :END
:RESTORE
echo ____________________________________________________
echo.
echo Letzte Aenderungen zuruecknehmen [y/n]?
set /P UNDO= Undo last changes [y/n]?
if /I "%UNDO%"=="y" (
echo _______________________________________________________________
echo.
echo Hinweis:
echo ========
echo Moeglicherweise meldet Windows Fehler beim Importieren.
echo Ignorieren Sie diese mit Klick auf "OK".
echo.
echo Windows might probably report an error during importing the
echo backups. Just ignore this by clicking the "OK" button!
echo _______________________________________________________________
echo Status:
echo -------
:RESTORE_EXT
if exist "%SVC_BAK%" (
echo Importing services ...
echo ["%SVC_BAK%"]
"%regedit%" /s "%SVC_BAK%"
set action=""
)
if exist "%DCOM_BAK%" (
echo Importing DCOM ...
echo ["%DCOM_BAK%"]
"%regedit%" /s "%DCOM_BAK%"
)
if exist "%DCOMP_BAK%" (
echo Importing DCOM-standard protocols ...
echo ["%DCOMP_BAK%"]
"%regedit%" /s "%DCOMP_BAK%"
)
if exist "%SMB_BAK%" (
echo Importing SMB-settings ...
echo ["%SMB_BAK%"]
"%regedit%" /s "%SMB_BAK%"
)
if exist "%HANDLER1%" (
echo Importing URL_HANDLER AIM ...
echo ["%HANDLER1%"]
"%regedit%" /s "%HANDLER1%"
)
if exist "%HANDLER2%" (
echo Importing URL_HANDLER GOPHER ...
echo ["%HANDLER2%"]
"%regedit%" /s "%HANDLER2%"
)
if exist "%HANDLER3%" (
echo Importing URL_HANDLER TELNET ...
echo ["%HANDLER3%"]
"%regedit%" /s "%HANDLER3%"
)
rem Skipping back to next state
if /I "%RESTORE%"=="YES" goto :NO_RESTORE
echo Removing RPC Internet key ....
echo REGEDIT4 >"%USERPROFILE%\svc_fix.reg"
echo. >>"%USERPROFILE%\svc_fix.reg"
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet] >>"%USERPROFILE%\svc_fix.reg"
echo. >>"%USERPROFILE%\svc_fix.reg"
echo. >>"%USERPROFILE%\svc_fix.reg"
"%regedit%" /s "%USERPROFILE%\svc_fix.reg"
del /F /Q "%USERPROFILE%\svc_fix.reg"
rem Creating fingerprint of current service settings...
if exist "%FPRINT%" del /F /Q "%FPRINT%"
if /I %USE_FPRINT%==YES (
echo.
echo Creating fingerprint which will take a few seconds ...
"%sc%" query type= service state= all bufsize= 8192 | %FIND% "SERVICE_NAME" > %TEMP%\~svclist.txt
for /F "tokens=1*" %%a in (%TEMP%\~svclist.txt) do (
echo %%b >>"%FPRINT%"
"%sc%" query "%%b" | %FIND% "STATE" >>"%FPRINT%"
"%sc%" qc "%%b" | %FIND% "DISPLAY_NAME" >>"%FPRINT%"
"%SC%" qc "%%b" | %FIND% "START_TYPE" >>"%FPRINT%"
echo. >> "%FPRINT%"
)
del "%TEMP%\~svclist.txt"
echo ... done.
)
echo.
echo _______________________________________________________________
echo.
echo *** Zusammenfassung / Result ***
echo.
echo Die Ruecksicherung wurde ausgefuehrt. Wenn in der oberen Zeile
echo keine Statusmeldungen zu sehen sind, existierten keine rueckzu-
echo sichernden Dateien. Aktivieren Sie gegebenenfalls NetBios in
echo den Eigenschaften der jeweiligen Netzwerkkarte.
echo Bitte starten Sie abschliessend Ihren Rechner neu.
echo.
echo Restore finished. If you don't see any messages in the status
echo box above, there were no files to restore. Please reactivate
echo NetBios for each NIC you want use with it and reboot afterwards.
echo ________________________________________________________________
)
goto :END
:RESTORE_DEFAULTS
echo.
echo *** Restore Factory Settings ***
echo.
echo ______________________________________________________________________________
echo.
echo Einstellungen vor Erstanwendung des Scripts wiederherstellen (ausser NetBIOS)?
set /P UNDO= Restore defaults (before using script, except NetBIOS) [y/n]?
if /I "%UNDO%"=="y" (
echo.
echo - Restoring original service settings [if exists] ...
if exist "%SVC_BAK%.default" %regedit%" /s "%SVC_BAK%.default"
if exist "%DCOM_BAK%.default" "%regedit%" /s "%DCOM_BAK%.default"
if exist "%DCOMP_BAK%.default" "%regedit%" /s "%DCOMP_BAK%.default"
if exist "%SMB_BAK%.default" "%regedit%" /s "%SMB_BAK%.default"
if exist "%HANDLER1%.default" "%regedit%" /s "%HANDLER1%.default"
if exist "%HANDLER2%.default" "%regedit%" /s "%HANDLER2%.default"
if exist "%HANDLER3%.default" "%regedit%" /s "%HANDLER3%.default"
echo ... done.
:SC_DOWNLOAD
echo ______________________________________________________________
echo.
echo 有一优化所需要的重要文件丢失。。。
echo 找不到文件sc.exe,您想从网上下载吗?
echo.
set /P UNDO= 选择下载请按Y,不下载请按N: [y/n]?
if /I "%UNDO%"=="y" goto :SC_DOWNLOAD_OK
goto :END
:SC_DOWNLOAD_OK
if exist "%SYSTEMROOT%\sc.zip" goto :SCE
echo Generating FTP-script ...
if exist "%USERPROFILE%"\script_sc.ls del /F "%USERPROFILE%\script_sc.ls"
echo open 207.46.133.140 >"%USERPROFILE%\script_sc.ls"
echo user anonymous anonymous@aol.com >>"%USERPROFILE%\script_sc.ls"
echo type binary >>"%USERPROFILE%\script_sc.ls"
echo user anonymous anonymous@aol.com >>"%USERPROFILE%\script_sc.ls"
echo type binary >>"%USERPROFILE%\script_sc.ls"
echo get /reskit/win2000/sc.zip "%SYSTEMROOT%\System32\SC.ZIP" >>"%USERPROFILE%\script_sc.ls"
echo quit >>"%USERPROFILE%\script_sc.ls"
echo Downloading SC.EXE ...
ftp -s:"%USERPROFILE%\script_sc.ls"
del /F "%USERPROFILE%\script_sc.ls"
:SCE
if exist "%SYSTEMROOT%\System32\pkunzip.exe" goto :PKE
echo Generating FTP-script ...
if exist "%USERPROFILE%"\script_pk.ls del /F "%USERPROFILE%\script_pk.ls"
echo open ftp.uni-duesseldorf.de >"%USERPROFILE%\script_pk.ls"
echo user anonymous anonymous@aol.com >>"%USERPROFILE%\script_pk.ls"
echo type binary >>"%USERPROFILE%\script_pk.ls"
echo user anonymous anonymous@aol.com >>"%USERPROFILE%\script_pk.ls"
echo type binary >>"%USERPROFILE%\script_pk.ls"
echo get /pub/ie/pkunzip.exe "%SYSTEMROOT%\System32\pkunzip.exe" >>"%USERPROFILE%\script_pk.ls"
echo quit >>"%USERPROFILE%\script_pk.ls"
echo Downloading PKUNZIP.EXE ...
ftp -s:"%USERPROFILE%\script_pk.ls"
del /F "%USERPROFILE%\script_pk.ls"
:PKE
if not exist "%SYSTEMROOT%\System32\sc.zip" (
echo.
echo Download fehlgeschlagen. Bitte laden sie sich die Datei SC.ZIP manuell
echo herunter und kopieren diese nach %SYSTEMROOT%\.
echo.
echo Downloading SC.ZIP failed. Please download it manually an copy it to
echo %SYSTEMROOT%\.
)
if not exist "%SYSTEMROOT%\System32\pkunzip.exe" (
echo.
echo Die Datei PKUNZIP.EXE konnte nicht gefunden werden. Diese wird zum
echo Entpacken des Archivs SC.ZIP benoetigt!
echo.
echo File PKUNZIP.EXE not found. It is needed to decompress the archive SC.EXE.
)
if exist "%SYSTEMROOT%\System32\SC.ZIP" (
if exist "%SYSTEMROOT%\System32\pkunzip.exe" (
"%SYSTEMROOT%\System32\pkunzip.exe" -e "%SYSTEMROOT%\System32\sc.zip" sc.exe
)
)
move /Y sc.exe "%SYSTEMROOT%\System32\"
echo.
echo Skript wird neu gestartet ...
echo Restarting script ...
goto :START
:FIX
echo.
echo -= svc2kxp.cmd taskplaner fix =-
echo.
echo.
echo Druecken Sie "Y", um das Problem mit dem Taskplaner ("falscher Parameter")
echo unter Windows XP zu beheben.
echo.
echo Press "Y", if you want fix issue "scheduler doesn't start under Windows XP
echo after running script v2.0 - v2.1build0".
echo.
set /P UNDO= Fix problem [y/n]?
if /I "%UNDO%"=="y" (
echo REGEDIT4 >"%USERPROFILE%\svc_fix.reg"
echo. >>"%USERPROFILE%\svc_fix.reg"
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet] >>"%USERPROFILE%\svc_fix.reg"
echo. >>"%USERPROFILE%\svc_fix.reg"
echo. >>"%USERPROFILE%\svc_fix.reg"
"%regedit%" /s "%USERPROFILE%\svc_fix.reg"
del /F /Q "%USERPROFILE%\svc_fix.reg"
echo ______________________________________
echo OK. Bitte starten Sie den Rechner neu und kontrollieren Sie erneut,
echo ob hierdurch Ports geoeffnet wurden.
echo.
echo Done. Please reboot and check again for open ports ...!
)
rem Creating fingerprint of current service settings...
if exist "%FPRINT%" del /F /Q "%FPRINT%"
goto quit
if /I %USE_FPRINT%==YES (
echo.
echo Creating fingerprint which will take a few seconds ...
"%sc%" query type= service state= all bufsize= 8192 | %FIND% "SERVICE_NAME" > %TEMP%\~svclist.txt
for /F "tokens=1*" %%a in (%TEMP%\~svclist.txt) do (
echo %%b >>"%FPRINT%"
"%sc%" query "%%b" | %FIND% "STATE" >>"%FPRINT%"
"%sc%" qc "%%b" | %FIND% "DISPLAY_NAME" >>"%FPRINT%"
"%SC%" qc "%%b" | %FIND% "START_TYPE" >>"%FPRINT%"
echo. >> "%FPRINT%"
)
del "%TEMP%\~svclist.txt"
echo ... done.
)
goto :QUIT
rem **** Additional Feature List ****
:MORE_OPTIONS
cls
echo ______________________________________________________________________________
echo.
echo *** Weitere Optionen / More Options Menue ***
echo =====================================
echo.
if /I "%SVC_MOD%"=="YES" (
echo [E]...Zeigt eine Liste an, welche Dienste seit der letzten Anwendung
echo von svc2kxp.cmd veraendert wurden.
echo.
echo Shows a list with modified services since last use of scv2kxp.cmd
echo.
)
echo [G]...Generiert einen neuen Fingerprint, um Veraenderungen bei
echo Diensten zu erfassen
echo.
echo Generates a new fingerprint to correctly detect changes of
echo services
echo.
echo [S]...Sichern der aktuellen Dienstekonfiguration.
echo Saving current NT service configuration (auto/demand/disabled).
echo.
echo ______________________________________________________________________________
echo.
if /I "%SVC_MOD%"=="NO" set /P CHS= Bitte waehlen Sie/Please choose: [G], [S], ack or [Q]uit?
if /I "%SVC_MOD%"=="YES" set /P CHS= Bitte waehlen Sie/Please choose: [E], [G], [S], ack or [Q]uit?
if /I "%SVC_MOD%"=="YES" if /I "%CHS%"=="E" GOTO :EVALUATE_SERVICES
if /I "%CHS%"=="G" GOTO :CREATING_NEW_FINGERPRINT
if /I "%CHS%"=="B" (
CLS
GOTO :START
)
if /I "%CHS%"=="S" GOTO :SAVE_SVC_SETTINGS
if /I "%CHS%"=="Q" GOTO :QUIT
GOTO :MORE_OPTIONS
:EVALUATE_SERVICES
cls
echo ______________________________________________________________________________
echo.
echo *** Evaluate Services Menue ***
echo.
"%FC%" /N "%FPRINT%" "%USERPROFILE%\svc2cmp.sav"
echo ______________________________________________________________________________
echo.
set /P CHS= Bitte waehlen Sie/Please choose: ack, pdate or [Q]uit?
if /I "%CHS%"=="B" GOTO :MORE_OPTIONS
if /I "%CHS%"=="U" GOTO :CREATING_NEW_FINGERPRINT
if /I "%CHS%"=="Q" GOTO :QUIT
GOTO :MORE_OPTIONS
:SAVE_SVC_SETTINGS
cls
echo ______________________________________________________________________________
echo.
echo *** Manage current services configurations menue ***
echo --------------------------------------------
echo.
echo Soll die aktuelle Dienstekonfiguration gesichert werden?
echo.
set /P CHS= Should the current service configuration saved (y/n)?
if /I "%CHS%"=="N" GOTO :MORE_OPTIONS
if /I "%CHS%"=="Y" (
echo Saving current services settings to:
echo.
echo - %SVC_SAV%
"%regedit%" /e "%SVC_SAV%" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
echo.
echo ... Done!
echo ______________________________________________________________________________
echo.
echo Beliebige Taste druecken, um fortzufahren. Hit any key to return.
pause>NUL
)
if /I "%CHS%"=="Q" GOTO :QUIT
goto :MORE_OPTIONS
pause >NUL
goto :MORE_OPTIONS
:CREATING_NEW_FINGERPRINT
cls
echo ______________________________________________________________________________
echo.
echo *** Creating new fingerprint menue ***
echo ------------------------------
echo.
set /P CHS= Create new fingerprint [Y/N]?
if /I "%CHS%"=="Y" (
if exist "%FPRINT%" del /F /Q "%FPRINT%"
echo Creating new fingerprint which will take a few seconds ...
"%sc%" query type= service state= all bufsize= 8192 | %FIND% "SERVICE_NAME" > %TEMP%\~svclist.txt
for /F "tokens=1*" %%a in (%TEMP%\~svclist.txt) do (
echo %%b >>"%FPRINT%"
"%sc%" query "%%b" | %FIND% "STATE" >>"%FPRINT%"
"%sc%" qc "%%b" | %FIND% "DISPLAY_NAME" >>"%FPRINT%"
"%SC%" qc "%%b" | %FIND% "START_TYPE" >>"%FPRINT%"
echo. >> "%FPRINT%"
)
del "%TEMP%\~svclist.txt"
echo ... done.
echo ______________________________________________________________________________
echo.
echo [Press any key to continue]
set CHK_SVC=YES
PAUSE >NUL
)
cls
GOTO :MORE_OPTIONS
:XPSYSRESTORE
REM Creating A System Restore Point // Source Code: MS Technet Scriptcenter
echo.
echo # Creating System Restore Point [if XP SysRestore is enabled] ...
if exist "%srctmp%" del /F /Q "%srctmp%"
echo CONST DEVICE_DRIVER_INSTALL = 10 >"%srctmp%"
echo CONST BEGIN_SYSTEM_CHANGE = 100 >>"%srctmp%"
echo.>>"%srctmp%"
echo strComputer = ".">>"%srctmp%"
echo Set objWMIService = GetObject("winmgmts:" _ >>"%srctmp%"
echo ^& "{impersonationLevel=impersonate}!\\" ^& strComputer ^& "\root\default")>>"%srctmp%"
echo.>>"%srctmp%"
echo Set objItem = objWMIService.Get("SystemRestore")>>"%srctmp%"
echo errResults = objItem.CreateRestorePoint _ >>"%srctmp%"
echo ("svc2kxp.cmd created restore point", DEVICE_DRIVER_INSTALL, BEGIN_SYSTEM_CHANGE)>>"%srctmp%"
"%srctmp%"
del /F /Q "%srctmp%"
echo.
goto :XPSYSRESTORE_DONE
:END
if "%REBOOT_REQUIRED%"=="yes" (
echo.
echo ______________________________________________________
echo.
echo *** Zusammenfassung / Result ***
echo.
if /I %SELECT%=="/all" echo Es wurden alle gewuenschten Aenderungen durchgefuehrt.
if /I %SELECT%=="/std" echo Einige Dienste blieben unveraendert.
if /I %SELECT%=="/relan" echo Notwendige LAN-Einstellungen wurden aktiviert.
echo Bitte starten Sie abschliessend Ihren Rechner neu.
echo.
if /I %SELECT%=="/all" echo All changes applied successfully.
if /I %SELECT%=="/std" echo Some services stay unchanged.
if /I %SELECT%=="/relan" echo LAN settings reactivated.
echo Please reboot.
echo ______________________________________________________
)
:QUIT
echo ________________________________________________________
echo.
echo Weitere Informationen: http://www.ntsvcfg.de
echo For more informations: http://www.ntsvcfg.de/ntsvcfg_eng
echo ________________________________________________________
echo [Taste zum Beenden druecken] [Press any key to quit]
echo ------------------------------------------------------
echo.
if /I "%1"=="" pause>NUL
:QUIT_EXT
endlocal
if exist "%USERPROFILE%\svc2cmp.sav" del /F /Q "%USERPROFILE%\svc2cmp.sav"
echo.
:setsave
@echo off
color 0C
cls
echo.
echo
echo.
echo 欢迎访问 http://user.qzone.qq.com/37930909
echo.
echo ◆ 万顺达电脑yAng专用版之安全设置◆
echo.
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
echo 请选择要进行的操作,然后按回车
echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
echo.
echo.
echo 1.自动关闭有害端口
echo.
echo 2.病毒专杀+免疫(U盘病毒,威金病毒,能猫烧香
echo 蓝波...(包括了目前流行的病毒,一次性杀光并免疫)
echo.
echo 3.其它常见病毒免疫,关闭自动播放工具
echo.
echo 4.EXE关联修复
echo.
echo 5.查看进程列表,结束可疑进程
echo.
echo M.返回主菜单
echo.
echo Q.退出
echo.
:chovsafe
set choice=
set /p choice= 请选择:
IF NOT "%choice%"=="" SET choice=%choice:~0,1%
if /i "%choice%"=="1" goto killport
if /i "%choice%"=="2" goto virus
if /i "%choice%"=="3" goto imvirus
if /i "%choice%"=="4" goto EXEre
if /i "%choice%"=="5" goto renwukill
if /i "%choice%"=="M" goto menu
if /i "%choice%"=="q" goto endd
echo.
echo 选择无效,请重新输入
echo.
goto chosafe
:renwukill
cls
@echo off
color a
@echo for each ps in getobject _ >ps.vbs
@echo ("winmgmts:\\.\root\cimv2:win32_process").instances_ >>ps.vbs
@echo wscript.echo ps.handle^&vbtab^&ps.name^&vbtab^&ps.executablepath:next >>ps.vbs
cscript //nologo ps.vbs & del ps.vbs
echo.
set /p shit=请输入程序PID值,或者按M返回.然后回车
if /i "%shit%"=="M" goto menu
taskkill /pid "%shit%"
pause
goto renwukill
:EXEre
cls
echo Windows Registry Editor Version 5.00 >%systemroot%\exexf.reg
echo [HKEY_CLASSES_ROOT\exefile\shell\open\command]>>%systemroot%\exexf.reg
echo @="\"%%1\" %%*">>%systemroot%\exexf.reg
regedit /s %systemroot%\exexf.reg
del /F /Q %systemroot%\exexf.reg
cls
echo.
echo.
echo.
echo.
echo EXE关联修复完毕!
echo.
echo 按任意键返回
pause>nul
GOTO setsave
:imvirus
echo 处理此项目需要花十几秒时间,请您稍等...
@echo off
echo Windows Registry Editor Version 5.00>>Fix.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>Fix.reg
echo "AutoEndTasks"="1">>Fix.reg
echo "HungAppTimeout"="200">>Fix.reg
echo "WaitToKillAppTimeout"="200">>Fix.reg
echo "WaitTOKillService"="200">>Fix.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]>>Fix.reg
echo "WaitToKillServiceTimeout"="200">>Fix.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]>>Fix.reg
echo "EnablePrefetcher"=dword:00000001>>Fix.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
echo "SFCDisable"=dword:00000001>>Fix.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL]>>Fix.reg
echo @="0">>Fix.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>>Fix.reg
echo "AutoShareServer"=dword:00000000>>Fix.reg
echo "AutoSharewks"=dword:00000000>>Fix.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows]>>Fix.reg
echo "NoPopUpsOnBoot"=dword:00000001>>Fix.reg
echo [HKEY_CLASSES_ROOT\lnkfile]>>Fix.reg
echo @="快捷方式">>Fix.reg
echo "EditFlags"=dword:00000001>>Fix.reg
echo "NeverShowExt"="">>Fix.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace]>>Fix.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}]>>Fix.reg
echo @="Printers">>Fix.reg
echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer]>>Fix.reg
echo "Link"=hex:00,00,00,00>>Fix.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]>>Fix.reg
echo "EnablePrefetcher"=dword:00000003>>Fix.reg
echo [HKEY_USERS\.DEFAULT\Control Panel\Desktop]>>Fix.reg
echo "FontSmoothing"="2">>Fix.reg
echo "FontSmoothingType"=dword:00000002>>Fix.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
echo "MaxConnectionsPer1_0Server"=dword:00000008>>Fix.reg
echo "MaxConnectionsPerServer"=dword:00000008>>Fix.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control]>>Fix.reg
echo "WaitToKillServiceTimeout"="1000">>Fix.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Shareaza.exe]>>Fix.reg
echo "Debugger"="c:\\中国超级BT.exe">>Fix.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\4047.exe]>>Fix.reg
echo "Debugger"="c:\\中国超级BT捆绑的病毒.exe">>Fix.reg
:Choice4
set choice4=
set /p choice4= 请选择:
IF NOT "%Choice4%"=="" SET Choice3=%Choice3:~0,1%
if /i "%choice4%"=="1" goto killfun
if /i "%choice4%"=="2" goto killAuto
if /i "%choice4%"=="3" goto killUDisk
if /i "%choice4%"=="4" goto killsxs
if /i "%choice4%"=="5" goto killCOPY
if /i "%choice4%"=="6" goto killVking
if /i "%choice4%"=="7" goto killwhboy
if /i "%choice4%"=="8" goto menu
if /i "%choice4%"=="q" goto endd
echo 选择无效,请重新输入
echo.
goto Choice4
:killfun
@echo off
cls
echo Fun.xls.exe专杀工具
echo 欢迎光临http://user.qzone.qq.com/37930909
echo -----------------------------------------
echo 如果你的光驱中有光盘请先弹出然后继续!
:n
echo 您要继续吗?输入y整机杀毒开始,输入u只杀u盘,输入n退出!
:retry
set /p c=请输入您的选择(y/u/n):
if "%c%"=="y" goto s
if "%c%"=="u" goto b
if "%c%"=="n" goto t
goto retry
:b
set /p a=请输入你要查杀的盘符(e f g...):
if "%a%"=="e" goto e
if "%a%"=="f" goto f
if "%a%"=="g" goto g
if "%a%"=="h" goto h
if "%a%"=="i" goto i
if "%a%"=="j" goto j
if "%a%"=="k" goto k
if "%a%"=="l" goto l
echo 输入错误!请重新输入!&&goto b
:s
taskkill /im explorer.exe /f
taskkill /im wscript.exe /f
taskkill /im algsrvs.exe /f
start reg DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v IMJPMIG8.2 /f
start reg DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MsServer /f
start reg DELETE HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /f
start reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXplorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
start reg add HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
start reg import kill.reg
attrib c:\fun.xls.exe -h -r -a -s
attrib c:\autorun.* -h -r -a -s
del c:\autorun.* c:fun.xls.exe /f
attrib %SYSTEMROOT%\system32\fun.xls.exe -h -r -a -s
attrib %SYSTEMROOT%\system32\autorun.* -h -r -a -s
del %SYSTEMROOT%\system32\autorun.* %SYSTEMROOT%\system32\msime82.exe %SYSTEMROOT%\system32\algsrvs.exe %SYSTEMROOT%\system32\fun.xls.exe %SYSTEMROOT%\system32\msfun80.exe /f
del %temp%\~DF8785.tmp %temp%\~DFD1D6.tmp %temp%\~DFA4C3 %temp%\~DFC86B.tmp /f /q /as
del %systemroot%\ufdata2000.log /f
attrib d:\fun.xls.exe -h -r -a -s
attrib d:\autorun.* -h -r -a -s
del d:\autorun.* d:\fun.xls.exe /f
attrib e:\fun.xls.exe -h -r -a -s
attrib e:\autorun.* -h -r -a -s
del e:\autorun.* e:\fun.xls.exe /f
attrib f:\fun.xls.exe -h -r -a -s
attrib f:\autorun.* -h -r -a -s
del f:\autorun.* f:\fun.xls.exe /f
attrib g:\fun.xls.exe -h -r -a -s
attrib g:\autorun.* -h -r -a -s
del g:\autorun.* g:\fun.xls.exe /f
attrib h:\fun.xls.exe -h -r -a -s
attrib h:\autorun.* -h -r -a -s
del h:\autorun.* h:\fun.xls.exe /f
attrib i:\fun.xls.exe -h -r -a -s
attrib i:\autorun.* -h -r -a -s
del i:\autorun.* i:\fun.xls.exe /f
attrib j:\fun.xls.exe -h -r -a -s
attrib j:\autorun.* -h -r -a -s
del j:\autorun.* j:\fun.xls.exe /f
attrib k:\fun.xls.exe -h -r -a -s
attrib k:\autorun.* -h -r -a -s
del k:\autorun.* k:\fun.xls.exe /f
attrib l:\fun.xls.exe -h -r -a -s
attrib l:\autorun.* -h -r -a -s
del l:\autorun.* l:\fun.xls.exe /f
start explorer.exe
cls
if exist c:\autorun.reg echo 病毒没有清除!&&goto n
if exist c:\fun.xls.exe echo 病毒没有清除!&&goto n
echo.
echo 杀毒成功!
echo.
echo 按任意键退出。
pause
exit
:t
echo 多谢您的支持!按任意键返回。
pause >nul
goto menu
:e
attrib e:\fun.xls.exe -h -r -a -s
attrib e:\autorun.* -h -r -a -s
cls
if not exist e:\autorun.* echo 您的u盘没有病毒!&&goto t
del e:\autorun.* e:\fun.xls.exe /f
cls
if exist e:\autorun.reg echo 病毒没有清除!&&goto n
if exist e:\fun.xls.exe echo 病毒没有清除!&&goto n
goto m
:f
attrib f:\fun.xls.exe -h -r -a -s
attrib f:\autorun.* -h -r -a -s
cls
if not exist f:\autorun.* echo 您的u盘没有病毒!&&goto t
del f:\autorun.* f:\fun.xls.exe /f
cls
if exist f:\autorun.reg echo 病毒没有清除!&&goto n
if exist f:\fun.xls.exe echo 病毒没有清除!&&goto n
goto m
:h
attrib h:\fun.xls.exe -h -r -a -s
attrib h:\autorun.* -h -r -a -s
cls
if not exist h:\autorun.* echo 您的u盘没有病毒!&&goto t
del h:\autorun.* h:\fun.xls.exe /f
cls
if exist h:\autorun.reg echo 病毒没有清除!&&goto n
if exist h:\fun.xls.exe echo 病毒没有清除!&&goto n
goto m
:i
attrib i:\fun.xls.exe -h -r -a -s
attrib i:\autorun.* -h -r -a -s
cls
if not exist i:\autorun.* echo 您的u盘没有病毒!&&goto t
del i:\autorun.* i:\fun.xls.exe /f
cls
if exist i:\autorun.reg echo 病毒没有清除!&&goto n
if exist i:\fun.xls.exe echo 病毒没有清除!&&goto n
goto m
:j
attrib j:\fun.xls.exe -h -r -a -s
attrib j:\autorun.* -h -r -a -s
cls
if not exist j:\autorun.* echo 您的u盘没有病毒!&&goto t
del j:\autorun.* j:\fun.xls.exe /f
cls
if exist j:\autorun.reg echo 病毒没有清除!&&goto n
if exist j:\fun.xls.exe echo 病毒没有清除!&&goto n
goto m
:k
attrib k:\fun.xls.exe -h -r -a -s
attrib k:\autorun.* -h -r -a -s
cls
if not exist k:\autorun.* echo 您的u盘没有病毒!&&goto t
del k:\autorun.* k:\fun.xls.exe /f
cls
if exist k:\autorun.reg echo 病毒没有清除!&&goto n
if exist k:\fun.xls.exe echo 病毒没有清除!&&goto n
goto m
:l
attrib l:\fun.xls.exe -h -r -a -s
attrib l:\autorun.* -h -r -a -s
cls
if not exist l:\autorun.* echo 您的u盘没有病毒!&&goto t
del l:\autorun.* l:\fun.xls.exe /f
cls
if exist l:\autorun.reg echo 病毒没有清除!&&goto n
if exist l:\fun.xls.exe echo 病毒没有清除!&&goto n
goto m
:m
cls
echo 杀毒成功,请按任意键返回!
echo.
echo 欢迎光临http://user.qzone.qq.com/37930909
echo.
echo.
pause >nul
goto virus
:killAuto
@echo off
@echo Please wait while deleting the autoRun.inf files ....
FOR %%a IN ( C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z: ) DO ATTRIB -R -H -S -A %%a\AUTORUN.INF & DEL /F /Q /A -R -H -S -A %%a\AUTORUN.INF
cls
echo.
goto m
pause >nul
goto virus
:killUDisk
@echo +-------------------------------------+
@echo + 查杀sxs.exe、autorun.inf等等U盘病毒I+
@echo +-------------------------------------+
@echo !请先关闭所有程序!
@Pause
@echo off
@taskkill /F /im svchost.exe
@taskkill /F /im rundll32.exe
@taskkill /F /im explorer.exe
shutdown -a
attrib -h -r -s %windir%\system32\temp1.exe
attrib -h -r -s %windir%\system32\temp2.exe
attrib -h -r -s %windir%\xcopy.exe
attrib -h -r -s %windir%\svchost.exe
del /Q/F %windir%\system32\temp1.exe
del /Q/F %windir%\system32\temp2.exe
del /Q/F %windir%\xcopy.exe
del /Q/F %windir%\svchost.exe
@FOR /F "usebackq delims==" %%i IN (DefVrs.txt) DO @taskkill /F /im %%i
setlocal
set drives=C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z:
for %%d in (%drives%) do @if exist %%d (
@FOR /F "usebackq delims==" %%i IN (DefVrs.txt) DO @attrib -h -r -s %%d\%%i
@FOR /F "usebackq delims==" %%i IN (DefVrs.txt) DO @del /Q/F %%d\%%i
)
cd
c:
attrib sxs.exe -a -h -s
del /s /q /f sxs.exe
attrib autorun.inf -a -h -s
del /s /q /f autorun.inf
D:
attrib sxs.exe -a -h -s
del /s /q /f sxs.exe
attrib autorun.inf -a -h -s
del /s /q /f autorun.inf
E:
attrib sxs.exe -a -h -s
del /s /q /f sxs.exe
attrib autorun.inf -a -h -s
del /s /q /f autorun.inf
F:
attrib sxs.exe -a -h -s
del /s /q /f sxs.exe
attrib autorun.inf -a -h -s
del /s /q /f autorun.inf
G:
attrib sxs.exe -a -h -s
del /s /q /f sxs.exe
attrib autorun.inf -a -h -s
del /s /q /f autorun.inf
H:
attrib sxs.exe -a -h -s
del /s /q /f sxs.exe
attrib autorun.inf -a -h -s
del /s /q /f autorun.inf
I:
attrib sxs.exe -a -h -s
del /s /q /f sxs.exe
attrib autorun.inf -a -h -s
del /s /q /f autorun.inf
REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /va /f
cls
@echo.
goto m
pause >nul
goto virus
#########################################################################
##删除系统目录下的SXS.EXE、SVOHOST.EXE和WINSCOK.DLL文件 ##
#########################################################################
ATTRIB -R -H -S -A %SystemRoot%\System32\SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%\System32\SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%\System32\WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\WINSCOK.DLL
ATTRIB -R -H -S -A %SystemRoot%\SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%\SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%\WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%\SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\WINSCOK.DLL
ATTRIB -R -H -S -A %SystemRoot%\System\SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%\System\SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%\System\WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%\System\SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System\SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System\WINSCOK.DLL
ATTRIB -R -H -S -A %SystemRoot%\System32\dllcache\SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%\System32\dllcache\SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%\System32\dllcache\WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\dllcache\SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\dllcache\SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\dllcache\WINSCOK.DLL
#########################################################################
## 删除每个分区下的SXS.EXE和AUTORUN.INF文件 ##
#########################################################################
FOR %%a IN ( C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z: ) DO ATTRIB -R -H -S -A %%a\SXS.EXE & DEL /F /Q /A -R -H -S -A %%a\SXS.EXE & ATTRIB -R -H -S -A %%a\AUTORUN.INF & DEL /F /Q /A -R -H -S -A %%a\AUTORUN.INF
#########################################################################
## 删除注册表中自启动项 ##
#########################################################################
ECHO Windows Registry Editor Version 5.00>SoundMam.reg
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SoundMam]>>SoundMam.reg
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>SoundMam.reg
ECHO "SoundMam"=->>SoundMam.reg
REGEDIT /S SoundMam.reg
DEL /F /Q SoundMam.reg
#########################################################################
## 恢复注册表中不给设置显示隐藏文件的项目 ##
#########################################################################
ECHO Windows Registry Editor Version 5.00>SHOWALL.reg
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]>>SHOWALL.reg
ECHO "CheckedValue"=->>SHOWALL.reg
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]>>SHOWALL.reg
ECHO "CheckedValue"=dword:00000001>>SHOWALL.reg
REGEDIT /S SHOWALL.reg
DEL /F /Q SHOWALL.reg
cls
echo.
goto m
echo.
pause >nul
goto virus
:killCOPY
@echo off
cls
c:
cd \
attrib -s -h -r copy.exe
del copy.exe /F
attrib -s -h -r *.inf
del autorun.inf /F
d:
cd \
attrib -s -h -r copy.exe
del copy.exe /F
attrib -s -h -r *.inf
del autorun.inf /F
f:
cd \
attrib -s -h -r copy.exe
del copy.exe /F
attrib -s -h -r *.inf
del autorun.inf /F
e:
cd \
attrib -s -h -r copy.exe
del copy.exe /F
attrib -s -h -r *.inf
del autorun.inf /F
g:
cd \
attrib -s -h -r copy.exe
del copy.exe /F
attrib -s -h -r *.inf
del autorun.inf /F
h:
cd \
attrib -s -h -r copy.exe
del copy.exe /F
attrib -s -h -r *.inf
del autorun.inf /F
cls
echo.
@echo 修复完成。按任意键继续……请手动重启计算机!!
echo.
echo.
goto m
echo.
pause >nul
goto virus
:killVking
@ECHO OFF
cls
del c:\winnt\logo1_.exe
del c:\windows\logo1_.exe
del c:\winnt\0sy.exe
del c:\windows\0sy.exe
del c:\winnt\1sy.exe
del c:\windows\1sy.exe
del c:\winnt\2sy.exe
del c:\windows\2sy.exe
del c:\winnt\3sy.exe
del c:\windows\3sy.exe
del c:\winnt\4sy.exe
del c:\windows\4sy.exe
del c:\winnt\rundl132.exe
del c:\windows\rundl132.exe
net share c$ /d
net share d$ /d
net share e$ /d
net share F$ /d
net share G$ /d
net share h$ /d
net share i$ /d
net share j$ /d
net share admin$ /d
net share ipc$ /d
del c:\winnt\logo1_.exe
del c:\windows\logo1_.exe
del c:\windows\vdll.dll
del c:\winnt\vdll.dll
del c:\winnt\kill.exe
del c:\windows\kil.exe
del c:\winnt\sws32.dll
del c:\windows\sws32.dll
del c:\winnt\rundl132.exe
del c:\windows\rundl132.exe
echo.
echo.
echo.
echo. *****************************
echo.
echo. 正在查毒...请不要关闭......
echo.
echo. *****************************
echo.
echo.
echo.
echo.
ping 127.0.0.1 -n 5
del c:\winnt\logo1_.exe
del c:\windows\logo1_.exe
del c:\windows\vdll.dll
del c:\winnt\vdll.dll
del c:\winnt\kill.exe
del c:\windows\kil.exe
del c:\winnt\sws32.dll
del c:\windows\sws32.dll
del c:\winnt\rundl132.exe
del c:\windows\rundl132.exe
echo.
echo.
echo.
echo. *****************************
echo.
echo. 正在查毒...请不要关闭......
echo.
echo. *****************************
echo.
echo.
echo.
echo.
ping 127.0.0.1 -n 5
del c:\winnt\logo1_.exe
del c:\windows\logo1_.exe
del c:\windows\vdll.dll
del c:\winnt\vdll.dll
del c:\winnt\kill.exe
del c:\windows\kil.exe
del c:\winnt\sws32.dll
del c:\windows\sws32.dll
del c:\windows\0sy.exe
del c:\winnt\1sy.exe
del c:\windows\1sy.exe
del c:\winnt\2sy.exe
del c:\windows\2sy.exe
del c:\winnt\3sy.exe
del c:\windows\3sy.exe
del c:\winnt\4sy.exe
del c:\windows\4sy.exe
del c:\winnt\rundl132.exe
del c:\windows\rundl132.exe
del C:\winnt\Logo1_.exe
del C:\winnt\rundl132.exe
del C:\winnt\bootconf.exe
del C:\winnt\kill.exe
del C:\winnt\sws32.dll
del C:\winnt\dll.dll
del C:\winnt\vdll.dll
del C:\winnt\system32\ShellExt\svchs0t.exe
del C:\Program Files\Internet Explorer\0SY.exe
del C:\Program Files\Internet Explorer\1SY.exe
del C:\Program Files\Internet Explorer\2sy.exe
del C:\Program Files\Internet Explorer\3sy.exe
del C:\Program Files\Internet Explorer\4sy.exe
del C:\Program Files\Internet Explorer\5sy.exe
del C:\Program Files\Internet Explorer\6SY.exe
del C:\Program Files\Internet Explorer\7sy.exe
del C:\Program Files\Internet Explorer\8sy.exe
del C:\Program Files\Internet Explorer\9sy.exe
del C:\winnt\system32\Logo1_.exe
del C:\winnt\system32\rundl132.exe
del C:\winnt\system32\bootconf.exe
del C:\winnt\system32\kill.exe
del C:\winnt\system32\sws32.dll
del C:\windows\Logo1_.exe
del C:\windows\rundl132.exe
del C:\windows\bootconf.exe
del C:\windows\kill.exe
del C:\windows\sws32.dll
del C:\windows\dll.dll
del C:\windows\vdll.dll
del C:\windows\system32\ShellExt\svchs0t.exe
del C:\windows\system32\Logo1_.exe
del C:\windows\system32\rundl132.exe
del C:\windows\system32\bootconf.exe
del C:\windows\system32\kill.exe
del C:\windows\system32\sws32.dll
del c:\_desktop.ini /f/s/q/a
del d:\_desktop.ini /f/s/q/a
del e:\_desktop.ini /f/s/q/a
del f:\_desktop.ini /f/s/q/a
del g:\_desktop.ini /f/s/q/a
del h:\_desktop.ini /f/s/q/a
del i:\_desktop.ini /f/s/q/a
del j:\_desktop.ini /f/s/q/a
del k:\_desktop.ini /f/s/q/a
echo.
cls
goto m
echo.
pause >nul
goto virus
:killwhboy
@echo off
cls
color 0A
prompt $g
echo.
echo spcolsv/spoclsv病毒(熊猫烧香变种)批处理专杀
@echo 【使用说明】:强烈建议在安全模式下使用本工具进行查杀。
echo.
echo.
echo.
pause
cls
color 0a
echo.
echo.
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::停止正在运行的spcolsv.exe进程,请稍候...... ::
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
TASKKILL /F /T /IM spcolsv.exe
TASKKILL /F /T /IM spoclsv.exe
color 0a
echo.
echo.
@echo:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::删除drivers下的spcolsv.exe文件,请稍候...... ::
@echo:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ATTRIB -R -H -S -A %SystemRoot%\System32\drivers\spcolsv.exe
ATTRIB -R -H -S -A %SystemRoot%\System32\drivers\spoclsv.exe
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\drivers\spcolsv.exe
DEL /F /Q /A -R -H -S -A %SystemRoot%\System32\drivers\spoclsv.exe
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::删除每个分区下的setup.EXE和AUTORUN.INF文件,请稍候...... ::
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
FOR %%a IN ( C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z: ) DO ATTRIB -R -H -S -A %%a\setup.EXE & DEL /F /Q /A -R -H -S -A %%a\setup.EXE & ATTRIB -R -H -S -A %%a\AUTORUN.INF & DEL /F /Q /A -R -H -S -A %%a\AUTORUN.INF
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::删除注册表中自启动项,请稍候...... ::
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ECHO Windows Registry Editor Version 5.00>svcshare.reg
ECHO [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svcshare]>>svcshare.reg
ECHO [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>svcshare.reg
ECHO "svcshare"=->>svcshare.reg
REGEDIT /S svcshare.reg
DEL /F /Q svcshare.reg
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::恢复注册表中不给设置显示隐藏文件的项目,请稍候...... ::
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ECHO Windows Registry Editor Version 5.00>SHOWALL.reg
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]>>SHOWALL.reg
ECHO "CheckedValue"=->>SHOWALL.reg
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]>>SHOWALL.reg
ECHO "CheckedValue"=dword:00000001>>SHOWALL.reg
REGEDIT /S SHOWALL.reg
DEL /F /Q SHOWALL.reg
color 0a
echo.
@echo 病毒文件已清除!
echo.
goto m
echo.
pause >nul
goto virus
:endd
exit
:lmj1
@Echo off
color 0c
telnet towel.blinkenlights.nl 作者: ssdqjz 时间: 2008-1-6 21:00
=时间! && echo !ret!) else echo.