本页主题: 电脑怎么了打印 \| 加为IE收藏 \| 复制链接 \| 收藏主题 \| 上一主题 \| 下一主题

王梓枫

级别: *

精华: *
发帖: *
威望: * 点
风云币: * 元
专家分: 0 分
在线时间:(小时)
注册时间:*
最后登录:*

小中大引用推荐编辑全看复制

电脑怎么了

每次开机的时候总会弄出一个病毒来。名字是WINLOGON。EXE
杀毒的也杀不掉啊。。怎么办啊

[ 此贴被王梓枫在2007-01-25 15:19重新编辑 ]

本帖最近评分记录：

风云币:2(刘彬)

顶端 Posted: 2007-01-25 09:28 | 山东省潍坊市潍坊学院 [楼主]

heroyb

风云墙第二帅哥（第一是我小弟）

级别: 风云元老

精华: 2
发帖: 2509
威望: 2066 点
风云币: 302 元
专家分: 96 分
在线时间:892(小时)
注册时间:2006-08-22
最后登录:2018-05-17

小中大引用推荐编辑全看复制

首先确认是病毒!
是病毒的话可以使用下述批处理解决，即另存为bat或者com文件。

只支持系统盘装在C或D盘的XP系统。
系统优化的那一步可以不做，做了之后出现问题后果自负（为了尊重原作者没有修改里面的内容）。

说明：
1.此批处理包括文件删除和注册表修复。
2.不保证万无一失，使用前请做好系统备份。
3.使用方法：
先结束病毒进程WINLOGON.EXE（用IceSword即可，原来是用Procexp，两者均可用。记住是在WINDOWS文件夹中的才是病毒，在system32文件夹中的是系统关键进程，不要弄混）
再运行此批处理程序，按提示操作即可。

-------------------------
@echo off
cls
echo ***********************************************************
echo 此文件用于清除WINLOGON系列木马并修复其破坏的注册表信息
echo 警告：只适用于XP操作系统
echo 空指针制作感谢风乱舞鼎力相助并提供系统优化功能
echo ***********************************************************
echo 名称：WINLOGON系列木马修复程序
echo 功能：
echo 1. 删除木马相关文件
echo 2. 修复被木马修改的系统关联
echo 3. 部分系统优化（ADSL拨号.桌面速度.IE速度.等部分系统优化）
echo.

pause
cls
@SETLOCAL
@rem 活动代码页设为中文
@chcp 936>nul 2>nul
@echo.
@echo ************************************************************
@echo * *
@echo *　　　欢迎使用WINLOGON系列木马清除/修复程序 *
@echo * *
@echo ************************************************************

:chkOS
@echo.
@ver　find "XP"
@if "%ERRORLEVEL%"=="0" goto :XP
@echo.
@echo #您的操作系统不是Windows XP，无法使用。
@goto quit

@rem 在下面语句插不同系统的不同命令
:XP
@set UpdatePolicy=GPUpdate /Force
@goto Selection

:Selection
@rem User Choice
@echo.
@echo 请注意选择您的操作系统安装在哪个分区
@echo 我要进行功能选择:
@echo.
@echo 1：我的XP系统安装在C盘
@echo 2：我的XP系统安装在D盘
@echo 3：我想做部分系统优化（网络.桌面.速度）
@echo 4：退出
@echo.
@set /p UserSelection=请输入您的选择（1=C盘、2=D盘、3=系统优化、4=退出程序）后按回车:
@if "%UserSelection%"=="1" goto C
@if "%UserSelection%"=="2" goto D
@if "%UserSelection%"=="3" goto good
@if "%UserSelection%"=="4" goto quit
@rem 输入其他字符
@cls
@goto Selection

:C
if exist %windir%\1.com attrib -s -r -h %windir%\1.com
if exist %windir%\exeroute.exe attrib -s -r -h %windir%\exeroute.exe
if exist %windir%\explorer.com attrib -s -r -h %windir%\explorer.com
if exist %windir%\2SY.EXE attrib -s -r -h %windir%\2SY.EXE
if exist %windir%\1SY.EXE attrib -s -r -h %windir%\1SY.EXE
if exist %windir%\EXP10RER.com attrib -s -r -h %windir%\EXP10RER.com
if exist %windir%\exerouter.exe attrib -s -r -h %windir%\exerouter.exe
if exist %windir%\EXERT.exe attrib -s -r -h %windir%\EXERT.exe
if exist %windir%\finder.com attrib -s -r -h %windir%\finder.com
if exist %windir%\IO.SYS.BAK attrib -s -r -h %windir%\IO.SYS.BAK
if exist %windir%\lsass.exe attrib -s -r -h %windir%\lsass.exe
if exist %windir%\services.exe attrib -s -r -h %windir%\services.exe
if exist %windir%\SMSS.EXE attrib -s -r -h %windir%\SMSS.EXE
if exist %windir%\WINLOGON.exe attrib -s -r -h %windir%\WINLOGON.exe
if exist %windir%\debug\debugprogram.exe attrib -s -r -h %windir%\debug\debugprogram.exe
if exist %programfiles%\common~1\iexplore.pif attrib -s -r -h %programfiles%\common~1\iexplore.pif
if exist %programfiles%\intern~1\iexplore.com attrib -s -r -h %programfiles%\intern~1\iexplore.com
if exist %programfiles%\common~1\inexplore.pif attrib -s -r -h %programfiles%\common~1\inexplore.pif
if exist %programfiles%\intern~1\inexplore.com attrib -s -r -h %programfiles%\intern~1\inexplore.com
if exist %windir%\system32\command.pif attrib -s -r -h %windir%\system32\command.pif
if exist %windir%\system32\dxdiag.com attrib -s -r -h %windir%\system32\dxdiag.com
if exist %windir%\system32\finder.com attrib -s -r -h %windir%\system32\finder.com
if exist %windir%\system32\i.com attrib -s -r -h %windir%\system32\i.com
if exist %windir%\system32\msconfig.com attrib -s -r -h %windir%\system32\msconfig.com
if exist %windir%\system32\regedit.com attrib -s -r -h %windir%\system32\regedit.com
if exist %windir%\system32\rundll32.com attrib -s -r -h %windir%\system32\rundll32.com
if exist d:\pagefile.pif attrib -s -r -h d:\pagefile.pif
if exist d:\autorun.inf attrib -s -r -h d:\autorun.inf

echo ************************************************************
@echo 删除病毒文件

@echo off
if exist %windir%\1.com del %windir%\1.com
if exist %windir%\exeroute.exe del %windir%\exeroute.exe
if exist %windir%\explorer.com del %windir%\explorer.com
if exist %windir%\EXERT.exe del %windir%\EXERT.exe
if exist %windir%\finder.com del %windir%\finder.com
if exist %windir%\IO.SYS.BAK del %windir%\IO.SYS.BAK
if exist %windir%\lsass.exe del %windir%\lsass.exe
if exist %windir%\services.exe del %windir%\services.exe
if exist %windir%\SMSS.EXE del %windir%\SMSS.EXE
if exist %windir%\WINLOGON.exe del %windir%\WINLOGON.exe
if exist %windir%\debug\debugprogram.exe del %windir%\debug\debugprogram.exe
if exist %programfiles%\common~1\iexplore.pif del %programfiles%\common~1\iexplore.pif
if exist %programfiles%\intern~1\iexplore.com del %programfiles%\intern~1\iexplore.com
if exist %windir%\system32\command.pif del %windir%\system32\command.pif
if exist %windir%\system32\dxdiag.com del %windir%\system32\dxdiag.com
if exist %windir%\system32\finder.com del %windir%\system32\finder.com
if exist %windir%\system32\i.com del %windir%\system32\i.com
if exist %windir%\system32\msconfig.com del %windir%\system32\msconfig.com
if exist %windir%\system32\regedit.com del %windir%\system32\regedit.com
if exist %windir%\system32\rundll32.com del %windir%\system32\rundll32.com
if exist d:\pagefile.pif del d:\pagefile.pif
if exist d:\autorun.inf del d:\autorun.inf

@echo ***********************************************************
@echo * 已删除可能的病毒文件,按任意键修复注册表信息 *
@echo ***********************************************************

@echo Windows Registry Editor Version 5.00>Fix.reg
@echo [HKEY_CLASSES_ROOT\exefile\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2A,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]>>Fix.reg
@echo @="exefile">>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]>>Fix.reg
@echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,43,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]>>Fix.reg
@echo @=hex(2):49,00,45,00,58,00,50,00,4C,00,4F,00,52,00,45,00,2E,00,45,00,58,00,45,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\Command]>>Fix.reg
@echo @=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\print\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\Command]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,61,00,70,00,70,00,77,00,69,00,7A,00,2E,00,63,00,70,00,6C,00,2C,00,4E,00,65,00,77,00,4C,00,69,00,6E,00,6B,00,48,00,65,00,72,00,65,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\cplopen\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,65,00,6C,00,6C,00,33,00,32,00,2E,00,64,00,6C,00,6C,00,2C,00,43,00,6F,00,6E,00,74,00,72,00,6F,00,6C,00,5F,00,52,00,75,00,6E,00,44,00,4C,00,4C,00,20,00,22,00,25,00,31,00,22,00,2C,00,25,00,2A,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,64,00,6F,00,63,00,76,00,77,00,2E,00,64,00,6C,00,6C,00,2C,00,4F,00,70,00,65,00,6E,00,55,00,52,00,4C,00,20,00,6C,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,64,00,65,00,73,00,6B,00,2E,00,63,00,70,00,6C,00,2C,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,53,00,63,00,72,00,65,00,65,00,6E,00,53,00,61,00,76,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command\]>>Fix.reg
@echo @=hex(2):22,00,43,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,52,00,55,00,4E,00,44,00,4C,00,4C,00,33,00,32,00,2E,00,45,00,58,00,45,00,22,00,20,00,43,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,73,00,63,00,72,00,6F,00,62,00,6A,00,2E,00,64,00,6C,00,6C,00,2C,00,47,00,65,00,6E,00,65,00,72,00,61,00,74,00,65,00,54,00,79,00,70,00,65,00,4C,00,69,00,62,00,20,00,22,00,25,00,31,00,22,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\telnet\shell\open\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,75,00,72,00,6C,00,2E,00,64,00,6C,00,6C,00,2C,00,54,00,65,00,6C,00,6E,00,65,00,74,00,50,00,72,00,6F,00,74,00,6F,00,63,00,6F,00,6C,00,48,00,61,00,6E,00,64,00,6C,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
@echo "Shell"="Explorer.exe">>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
@echo "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,">>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
@echo "ToP"=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
@echo "TProgram"=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
@echo "TProgram"=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
@echo "Torjan Program"=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
@echo "Torjan Program"=->>Fix.reg
echo.

@pause
start /w regedit /s Fix.reg
del Fix.reg
echo.
@echo ***********************************************************
@echo * 修复已知被破坏的文件关联成功 *
@echo ***********************************************************
echo.
@echo 按任意键，返回选择
@pause
@cls
@goto Selection

:D
if exist %windir%\1.com attrib -s -r -h %windir%\1.com
if exist %windir%\exeroute.exe attrib -s -r -h %windir%\exeroute.exe
if exist %windir%\explorer.com attrib -s -r -h %windir%\explorer.com
if exist %windir%\2SY.EXE attrib -s -r -h %windir%\2SY.EXE
if exist %windir%\1SY.EXE attrib -s -r -h %windir%\1SY.EXE
if exist %windir%\EXP10RER.com attrib -s -r -h %windir%\EXP10RER.com
if exist %windir%\exerouter.exe attrib -s -r -h %windir%\exerouter.exe
if exist %windir%\EXERT.exe attrib -s -r -h %windir%\EXERT.exe
if exist %windir%\finder.com attrib -s -r -h %windir%\finder.com
if exist %windir%\IO.SYS.BAK attrib -s -r -h %windir%\IO.SYS.BAK
if exist %windir%\lsass.exe attrib -s -r -h %windir%\lsass.exe
if exist %windir%\services.exe attrib -s -r -h %windir%\services.exe
if exist %windir%\SMSS.EXE attrib -s -r -h %windir%\SMSS.EXE
if exist %windir%\WINLOGON.exe attrib -s -r -h %windir%\WINLOGON.exe
if exist %windir%\debug\debugprogram.exe attrib -s -r -h %windir%\debug\debugprogram.exe
if exist %programfiles%\common~1\iexplore.pif attrib -s -r -h %programfiles%\common~1\iexplore.pif
if exist %programfiles%\intern~1\iexplore.com attrib -s -r -h %programfiles%\intern~1\iexplore.com
if exist %programfiles%\common~1\inexplore.pif attrib -s -r -h %programfiles%\common~1\inexplore.pif
if exist %programfiles%\intern~1\inexplore.com attrib -s -r -h %programfiles%\intern~1\inexplore.com
if exist %windir%\system32\command.pif attrib -s -r -h %windir%\system32\command.pif
if exist %windir%\system32\dxdiag.com attrib -s -r -h %windir%\system32\dxdiag.com
if exist %windir%\system32\finder.com attrib -s -r -h %windir%\system32\finder.com
if exist %windir%\system32\i.com attrib -s -r -h %windir%\system32\i.com
if exist %windir%\system32\msconfig.com attrib -s -r -h %windir%\system32\msconfig.com
if exist %windir%\system32\regedit.com attrib -s -r -h %windir%\system32\regedit.com
if exist %windir%\system32\rundll32.com attrib -s -r -h %windir%\system32\rundll32.com
if exist d:\pagefile.pif attrib -s -r -h d:\pagefile.pif
if exist d:\autorun.inf attrib -s -r -h d:\autorun.inf

echo ************************************************************
@echo 删除病毒文件

@echo off
if exist %windir%\1.com del %windir%\1.com
if exist %windir%\exeroute.exe del %windir%\exeroute.exe
if exist %windir%\explorer.com del %windir%\explorer.com
if exist %windir%\EXERT.exe del %windir%\EXERT.exe
if exist %windir%\finder.com del %windir%\finder.com
if exist %windir%\IO.SYS.BAK del %windir%\IO.SYS.BAK
if exist %windir%\lsass.exe del %windir%\lsass.exe
if exist %windir%\services.exe del %windir%\services.exe
if exist %windir%\SMSS.EXE del %windir%\SMSS.EXE
if exist %windir%\WINLOGON.exe del %windir%\WINLOGON.exe
if exist %windir%\debug\debugprogram.exe del %windir%\debug\debugprogram.exe
if exist %programfiles%\common~1\iexplore.pif del %programfiles%\common~1\iexplore.pif
if exist %programfiles%\intern~1\iexplore.com del %programfiles%\intern~1\iexplore.com
if exist %windir%\system32\command.pif del %windir%\system32\command.pif
if exist %windir%\system32\dxdiag.com del %windir%\system32\dxdiag.com
if exist %windir%\system32\finder.com del %windir%\system32\finder.com
if exist %windir%\system32\i.com del %windir%\system32\i.com
if exist %windir%\system32\msconfig.com del %windir%\system32\msconfig.com
if exist %windir%\system32\regedit.com del %windir%\system32\regedit.com
if exist %windir%\system32\rundll32.com del %windir%\system32\rundll32.com
if exist d:\pagefile.pif del d:\pagefile.pif
if exist d:\autorun.inf del d:\autorun.inf

@echo ***********************************************************
@echo * 已删除可能的病毒文件,按任意键修复注册表信息 *
@echo ***********************************************************

@echo Windows Registry Editor Version 5.00>Fix.reg

@echo [HKEY_CLASSES_ROOT\exefile\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2A,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]>>Fix.reg
@echo @=hex(2):65,00,78,00,65,00,66,00,69,00,6C,00,65,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]>>Fix.reg
@echo @=hex(2):49,00,45,00,58,00,50,00,4C,00,4F,00,52,00,45,00,2E,00,45,00,58,00,45,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\Command]>>Fix.reg
@echo @=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\print\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\Command]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,61,00,70,00,70,00,77,00,69,00,7A,00,2E,00,63,00,70,00,6C,00,2C,00,4E,00,65,00,77,00,4C,00,69,00,6E,00,6B,00,48,00,65,00,72,00,65,00,20,00,25,00,31,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\cplopen\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,65,00,6C,00,6C,00,33,00,32,00,2E,00,64,00,6C,00,6C,00,2C,00,43,00,6F,00,6E,00,74,00,72,00,6F,00,6C,00,5F,00,52,00,75,00,6E,00,44,00,4C,00,4C,00,20,00,22,00,25,00,31,00,22,00,2C,00,25,00,2A,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,64,00,6F,00,63,00,76,00,77,00,2E,00,64,00,6C,00,6C,00,2C,00,4F,00,70,00,65,00,6E,00,55,00,52,00,4C,00,20,00,6C,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,64,00,65,00,73,00,6B,00,2E,00,63,00,70,00,6C,00,2C,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,53,00,63,00,72,00,65,00,65,00,6E,00,53,00,61,00,76,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command\]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,52,00,55,00,4E,00,44,00,4C,00,4C,00,33,00,32,00,2E,00,45,00,58,00,45,00,22,00,20,00,44,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,73,00,63,00,72,00,6F,00,62,00,6A,00,2E,00,64,00,6C,00,6C,00,2C,00,47,00,65,00,6E,00,65,00,72,00,61,00,74,00,65,00,54,00,79,00,70,00,65,00,4C,00,69,00,62,00,20,00,22,00,25,00,31,00,22,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\telnet\shell\open\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,75,00,72,00,6C,00,2E,00,64,00,6C,00,6C,00,2C,00,54,00,65,00,6C,00,6E,00,65,00,74,00,50,00,72,00,6F,00,74,00,6F,00,63,00,6F,00,6C,00,48,00,61,00,6E,00,64,00,6C,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
@echo "Shell"="Explorer.exe">>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
@echo "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,">>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
@echo "ToP"=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
@echo "TProgram"=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
@echo "TProgram"=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
@echo "Torjan Program"=->>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
@echo "Torjan Program"=->>Fix.reg
echo.

@pause
start /w regedit /s Fix.reg
del Fix.reg
echo.
@echo ***********************************************************
@echo * 修复已知被破坏的文件关联成功 *
@echo ***********************************************************
echo.
@echo 按任意键，返回选择
@pause
@cls
@goto Selection

:good
@cls
@echo Windows Registry Editor Version 5.00>Fix.reg

@echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
@echo "MaxConnectionsPerServer"=dword:00000020>>Fix.reg
@echo "MaxConnectionsPer1_0Server"=dword:00000020>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>>Fix.reg
@echo "SackOpts"=dword:00000001>>Fix.reg
@echo "TcpWindowSize"=dword:0003ebc0>>Fix.reg
@echo "Tcp1323Opts"=dword:00000001>>Fix.reg
@echo "DefaultTTL"=dword:00000040>>Fix.reg
@echo "EnablePMTUBHDetect"=dword:00000000>>Fix.reg
@echo "EnablePMTUDiscovery"=dword:00000001>>Fix.reg
@echo "GlobalMaxTcpWindowSize"=dword:0003ebc0>>Fix.reg

@echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
@echo "MaxConnectionsPerServer"=dword:00000020>>Fix.reg
@echo "MaxConnectionsPer1_0Server"=dword:00000020>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vxd\BIOS]>>Fix.reg
@echo "CPUPriority"=dword:00000001>>Fix.reg
@echo "PCIConcur"=dword:00000001>>Fix.reg
@echo "FastDRAM"=dword:00000001>>Fix.reg
@echo "AGPConcur"=dword:00000001>>Fix.reg

@echo[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
@echo "MaxConnectionsPer1_0Server"=dword:00000009>>Fix.reg
@echo "MaxConnectionsPerServer"=dword:00000009>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]>>Fix.reg
@echo "ConfigFileAllocSize"=dword:000001f4>>Fix.reg

@echo [HKEY_CURRENT_USER\Control Panel\desktop]>>Fix.reg
@echo "MenuShowDelay"="0">>Fix.reg

@echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]>>Fix.reg
@echo "NoRun"=dword:00000001>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\Tour>>Fix.reg
@echo "RunCount"=dword:00000000>>Fix.reg

@echo [-HKEY_CLASSES_ROOT\.zip\CompressedFolder]>>Fix.reg
@echo [-HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]>>Fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder]>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]>>Fix.reg
@echo "EnableBigLba"=dword:00000001>>Fix.reg

@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]>>Fix.reg
@echo "Enable"="Y">>Fix.reg
@echo.

echo ******************************
echo * 正在进行系统优化 *
echo ******************************
pause
start /w regedit /s Fix.reg
del Fix.reg

echo ******************************
echo * 系统优化完毕 *
echo ******************************
echo.
@echo 按任意键，返回选择
@pause
@cls
@goto Selection

:quit
exit

附件：

WINLOGON批处理.rar (4 K) 下载次数:1

顶端 Posted: 2007-01-25 11:44 | 1 楼

	帖子浏览记录版块浏览记录
风云小站 » 『求助专区』