📄 winlogon木马清除&修复.bat
字号:
if exist d:\WINDOWS\IO.SYS.BAK attrib -s -r -h d:\WINDOWS\IO.SYS.BAK
if exist d:\WINDOWS\lsass.exe attrib -s -r -h d:\WINDOWS\lsass.exe
if exist d:\windows\services.exe attrib -s -r -h d:\windows\services.exe
if exist d:\windows\SMSS.EXE attrib -s -r -h d:\windows\SMSS.EXE
if exist d:\windows\WINLOGON.exe attrib -s -r -h d:\windows\WINLOGON.exe
if exist d:\windows\debug\debugprogram.exe attrib -s -r -h d:\windows\debug\debugprogram.exe
if exist d:\progra~1\common~1\iexplore.pif attrib -s -r -h d:\progra~1\common~1\iexplore.pif
if exist d:\progra~1\intern~1\iexplore.com attrib -s -r -h d:\progra~1\intern~1\iexplore.com
if exist d:\windows\system32\command.pif attrib -s -r -h d:\windows\system32\command.pif
if exist d:\windows\system32\dxdiag.com attrib -s -r -h d:\windows\system32\dxdiag.com
if exist d:\windows\system32\finder.com attrib -s -r -h d:\windows\system32\finder.com
if exist d:\windows\system32\i.com attrib -s -r -h d:\windows\system32\i.com
if exist d:\windows\system32\msconfig.com attrib -s -r -h d:\windows\system32\msconfig.com
if exist d:\windows\system32\regedit.com attrib -s -r -h d:\windows\system32\regedit.com
if exist d:\windows\system32\rundll32.com attrib -s -r -h d:\windows\system32\rundll32.com
if exist d:\pagefile.pif attrib -s -r -h d:\pagefile.pif
if exist d:\autorun.inf attrib -s -r -h d:\autorun.inf
echo ************************************************************
@echo 删除病毒文件
@echo off
if exist d:\windows\1.com del d:\windows\1.com
if exist d:\windows\exeroute.exe del d:\windows\exeroute.exe
if exist d:\windows\explorer.com del d:\windows\explorer.com
if exist d:\WINDOWS\EXERT.exe del d:\WINDOWS\EXERT.exe
if exist d:\windows\finder.com del d:\windows\finder.com
if exist d:\WINDOWS\IO.SYS.BAK del d:\WINDOWS\IO.SYS.BAK
if exist d:\WINDOWS\lsass.exe del d:\WINDOWS\lsass.exe
if exist d:\windows\services.exe del d:\windows\services.exe
if exist d:\windows\SMSS.EXE del d:\windows\SMSS.EXE
if exist d:\windows\WINLOGON.exe del d:\windows\WINLOGON.exe
if exist d:\windows\debug\debugprogram.exe del d:\windows\debug\debugprogram.exe
if exist d:\progra~1\common~1\iexplore.pif del d:\progra~1\common~1\iexplore.pif
if exist d:\progra~1\intern~1\iexplore.com del d:\progra~1\intern~1\iexplore.com
if exist d:\windows\system32\command.pif del d:\windows\system32\command.pif
if exist d:\windows\system32\dxdiag.com del d:\windows\system32\dxdiag.com
if exist d:\windows\system32\finder.com del d:\windows\system32\finder.com
if exist d:\windows\system32\i.com del d:\windows\system32\i.com
if exist d:\windows\system32\msconfig.com del d:\windows\system32\msconfig.com
if exist d:\windows\system32\regedit.com del d:\windows\system32\regedit.com
if exist d:\windows\system32\rundll32.com del d:\windows\system32\rundll32.com
if exist d:\pagefile.pif del d:\pagefile.pif
if exist d:\autorun.inf del d:\autorun.inf
@echo ***********************************************************
@echo * 已删除可能的病毒文件,按任意键修复注册表信息 *
@echo ***********************************************************
@echo Windows Registry Editor Version 5.00>Fix.reg
@echo [HKEY_CLASSES_ROOT\exefile\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2A,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe]>>Fix.reg
@echo @=hex(2):65,00,78,00,65,00,66,00,69,00,6C,00,65,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,25,00,31,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,50,00,72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,69,00,6C,00,65,00,73,00,5C,00,49,00,6E,00,74,00,65,00,72,00,6E,00,65,00,74,00,20,00,45,00,78,00,70,00,6C,00,6F,00,72,00,65,00,72,00,5C,00,69,00,65,00,78,00,70,00,6C,00,6F,00,72,00,65,00,2E,00,65,00,78,00,65,00,22,00,20,00,2D,00,6E,00,6F,00,68,00,6F,00,6D,00,65,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]>>Fix.reg
@echo @=hex(2):49,00,45,00,58,00,50,00,4C,00,4F,00,52,00,45,00,2E,00,45,00,58,00,45,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\Command]>>Fix.reg
@echo @=->>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\print\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,25,00,31,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]>>Fix.reg
@echo @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\Command]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,61,00,70,00,70,00,77,00,69,00,7A,00,2E,00,63,00,70,00,6C,00,2C,00,4E,00,65,00,77,00,4C,00,69,00,6E,00,6B,00,48,00,65,00,72,00,65,00,20,00,25,00,31,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cplfile\shell\cplopen\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,65,00,6C,00,6C,00,33,00,32,00,2E,00,64,00,6C,00,6C,00,2C,00,43,00,6F,00,6E,00,74,00,72,00,6F,00,6C,00,5F,00,52,00,75,00,6E,00,44,00,4C,00,4C,00,20,00,22,00,25,00,31,00,22,00,2C,00,25,00,2A,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,73,00,68,00,64,00,6F,00,63,00,76,00,77,00,2E,00,64,00,6C,00,6C,00,2C,00,4F,00,70,00,65,00,6E,00,55,00,52,00,4C,00,20,00,6C,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scrfile\shell\install\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,64,00,65,00,73,00,6B,00,2E,00,63,00,70,00,6C,00,2C,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,53,00,63,00,72,00,65,00,65,00,6E,00,53,00,61,00,76,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command\]>>Fix.reg
@echo @=hex(2):22,00,44,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,52,00,55,00,4E,00,44,00,4C,00,4C,00,33,00,32,00,2E,00,45,00,58,00,45,00,22,00,20,00,44,00,3A,00,5C,00,57,00,49,00,4E,00,44,00,4F,00,57,00,53,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,73,00,63,00,72,00,6F,00,62,00,6A,00,2E,00,64,00,6C,00,6C,00,2C,00,47,00,65,00,6E,00,65,00,72,00,61,00,74,00,65,00,54,00,79,00,70,00,65,00,4C,00,69,00,62,00,20,00,22,00,25,00,31,00,22,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\telnet\shell\open\command\]>>Fix.reg
@echo @=hex(2):72,00,75,00,6E,00,64,00,6C,00,6C,00,33,00,32,00,2E,00,65,00,78,00,65,00,20,00,75,00,72,00,6C,00,2E,00,64,00,6C,00,6C,00,2C,00,54,00,65,00,6C,00,6E,00,65,00,74,00,50,00,72,00,6F,00,74,00,6F,00,63,00,6F,00,6C,00,48,00,61,00,6E,00,64,00,6C,00,65,00,72,00,20,00,6C,00,00,00>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
@echo "Shell"="Explorer.exe">>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]>>Fix.reg
@echo "Userinit"=hex(2):43,00,3A,00,5C,00,77,00,69,00,6E,00,64,00,6F,00,77,00,73,00,5C,00,73,00,79,00,73,00,74,00,65,00,6D,00,33,00,32,00,5C,00,75,00,73,00,65,00,72,00,69,00,6E,00,69,00,74,00,2E,00,65,00,78,00,65,00,00,00>>Fix.reg>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
@echo "ToP"=->>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
@echo "TProgram"=->>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
@echo "TProgram"=->>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>>Fix.reg
@echo "Torjan Program"=->>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]>>Fix.reg
@echo "Torjan Program"=->>Fix.reg
echo.
@pause
start /w regedit /s Fix.reg
del Fix.reg
echo.
@echo ***********************************************************
@echo * 修复已知被破坏的文件关联成功 *
@echo ***********************************************************
echo.
@echo 按任意键,返回选择
@pause
@cls
@goto Selection
:good
@cls
@echo Windows Registry Editor Version 5.00>Fix.reg
@echo [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
@echo "MaxConnectionsPerServer"=dword:00000020>>Fix.reg
@echo "MaxConnectionsPer1_0Server"=dword:00000020>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]>>Fix.reg
@echo "SackOpts"=dword:00000001>>Fix.reg
@echo "TcpWindowSize"=dword:0003ebc0>>Fix.reg
@echo "Tcp1323Opts"=dword:00000001>>Fix.reg
@echo "DefaultTTL"=dword:00000040>>Fix.reg
@echo "EnablePMTUBHDetect"=dword:00000000>>Fix.reg
@echo "EnablePMTUDiscovery"=dword:00000001>>Fix.reg
@echo "GlobalMaxTcpWindowSize"=dword:0003ebc0>>Fix.reg
@echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
@echo "MaxConnectionsPerServer"=dword:00000020>>Fix.reg
@echo "MaxConnectionsPer1_0Server"=dword:00000020>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vxd\BIOS]>>Fix.reg
@echo "CPUPriority"=dword:00000001>>Fix.reg
@echo "PCIConcur"=dword:00000001>>Fix.reg
@echo "FastDRAM"=dword:00000001>>Fix.reg
@echo "AGPConcur"=dword:00000001>>Fix.reg
@echo[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]>>Fix.reg
@echo "MaxConnectionsPer1_0Server"=dword:00000009>>Fix.reg
@echo "MaxConnectionsPerServer"=dword:00000009>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]>>Fix.reg
@echo "ConfigFileAllocSize"=dword:000001f4>>Fix.reg
@echo [HKEY_CURRENT_USER\Control Panel\desktop]>>Fix.reg
@echo "MenuShowDelay"="0">>Fix.reg
@echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]>>Fix.reg
@echo "NoRun"=dword:00000001>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\Tour>>Fix.reg
@echo "RunCount"=dword:00000000>>Fix.reg
@echo [-HKEY_CLASSES_ROOT\.zip\CompressedFolder]>>Fix.reg
@echo [-HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]>>Fix.reg
@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder]>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]>>Fix.reg
@echo "EnableBigLba"=dword:00000001>>Fix.reg
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]>>Fix.reg
@echo "Enable"="Y">>Fix.reg
@echo.
echo ******************************
echo * 正在进行系统优化 *
echo ******************************
pause
start /w regedit /s Fix.reg
del Fix.reg
echo ******************************
echo * 系统优化完毕 *
echo ******************************
echo.
@echo 按任意键,返回选择
@pause
@cls
@goto Selection
:quit
exit
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -