#include <GUIConstants.au3>
#NoTrayIcon
#Region ;**** 参数创建于 AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=Disk1.ico
#AutoIt3Wrapper_Outfile=USafe.exe
#AutoIt3Wrapper_Res_Comment=移动存储安全管控
#AutoIt3Wrapper_Res_Description=移动存储安全管控
#AutoIt3Wrapper_Res_Fileversion=1.2
#AutoIt3Wrapper_Res_LegalCopyright=Juyz CopyRight (C) 2008
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <File.au3>
#include <Array.au3>
#include <guiconstants.au3>
#include <Misc.au3>
Local $autorun_file, $drivers_exe_FileList
Global $var = DriveGetDrive("ALL")
Local $ShowVol[$var[0] + 2], $Checkbox[$var[0] + 2], $ShowStat[$var[0] + 2]
Global $del_filelist = ""
Global $drivers_exe_FileList_Exist = ""
Global $ChangeColorLab[99][99]
Local $StateWrite, $ButWrite, $StateLab
Local $ButLab, $StateRun, $ButRun
Local $StatHDColorDX, $StatHDColorYC, $StatHDColorMY
Local $VarRun, $VarWrite, $VarShow
Global $InpSize = 11, $InputHigh = 21, $TMP[10]
Global $BgColor = 0xCAE1FF, $OKColor = 0x008000, $NoColor = 0xFF0000, $XColor = 0x808080, $Color_AllDisk = 0x0000FF
$TxtModel = BitOR($ES_CENTER, $ES_AUTOHSCROLL, $ES_READONLY)
$ProgName = "移动存储安全管控"
$ProgVer = " V1.0"
$TMP[1] = "0x00040001"
$TMP[2] = "0x00040002"
$TMP[3] = "0x00040004"
$TMP[4] = "0x00040008"
$TMP[5] = "0x00040005"
$TMP[6] = "0x00040006"
$TMP[7] = "0x00040009"
$TMP[8] = "0x0004000a"
$TMP[9] = "0x00080000"
$NUM = $TMP[Random(1, 9)]
Dim $avArray[31]
$avArray[0] = 30
$avArray[1] = "rose.exe"
$avArray[2] = "sxs.exe"
$avArray[3] = "tfidma.exe"
$avArray[4] = "severe.exe"
$avArray[5] = "oso.exe"
$avArray[6] = "conime.exe"
$avArray[7] = "teuyen.exe"
$avArray[8] = "mpnxyl.exe"
$avArray[9] = "gfosdg.exe"
$avArray[10] = "hnunkl.exe"
$avArray[11] = "SVOHOST.exe"
$avArray[12] = "temp1.exe"
$avArray[13] = "temp2.exe"
$avArray[14] = "memsub.exe"
$avArray[15] = "shelltask.exe"
$avArray[16] = "vchost.exe"
$avArray[17] = "rundll32.exe"
$avArray[18] = "" & @TempDir & ""
$avArray[19] = "baba.exe"
$avArray[20] = "ndtstat.exe"
$avArray[21] = "msccrt.exe"
$avArray[22] = "wgs3.exe"
$avArray[23] = "wms3.exe"
$avArray[24] = "wsttrs.exe"
$avArray[25] = "mppds.exe"
$avArray[26] = "winform.exe"
$avArray[27] = "mppdys.exe"
$avArray[28] = "htpatch.exe"
$avArray[29] = "cmdbcs.exe"
$avArray[30] = "twunk32.exe"
$ProgTitle = $ProgName & $ProgVer
If WinExists($ProgTitle) Then Exit
AutoItWinSetTitle($ProgTitle)
HotKeySet("{ESC}", "_ExitProg")
Opt("WinTitleMatchMode", 2) ;1=start, 2=subStr, 3=exact, 4=advanced, -1 to -4=Nocase
If Not IsAdmin() Then MsgBox(8240, $ProgName, "您的帐户权限不足,部分功能将无法使用!")
If Not @OSType = "WIN32_NT" Or Not @OSLang = "0804" Then;判断是否支持此系统
MsgBox(8240, $ProgName, "本工具不能在本系统正确运行!", 10)
Exit
EndIf
$var_CD = DriveGetDrive("CDROM")
$var1 = DriveGetDrive("FIXED")
If $var1[0] = 0 Then
$ShowHDNo = "没有发现本地磁盘"
Else
$ShowHDNo = "共检测到 " & $var1[0] & " 个本地磁盘"
EndIf
$DiskLab = ""
$var2 = DriveGetDrive("REMOVABLE")
If @error Then
$ShowUDNo = "没有发现可移动磁盘 "
Local $var2[1]
Else
$var20 = $var2[0]
For $i = 1 To $var2[0] Step 1
If StringInStr($var2[$i], "A") Or StringInStr($var2[$i], "B") Then
$var2[0] = $var2[0] - 1
For $k = $i To $var20 - 1
$var2[$k] = $var2[$k + 1]
Next
Else
$DiskLab = $DiskLab & $var2[$i]
EndIf
Next
If $var2[0] = 0 Then
$ShowUDNo = "除软驱外,未发现其他移动存储器 "
Else
$ShowUDNo = "共检测到 " & $var2[0] & " 个移动磁盘 "
EndIf
EndIf
Local $StatHD, $StatHDColor
Func GetDiskStat($v, $i)
If DriveStatus($v[$i]) = "READY" Then
If DirGetSize("" & $v[$i] & "\autorun.inf") = -1 Then
If FileExists("" & $v[$i] & "\autorun.inf") = 1 Then
$StatHD = "已感染"
$StatHDColor = $NoColor
Else
$StatHD = "未设置"
$StatHDColor = $XColor
EndIf
Else
$StatHD = "已免疫"
$StatHDColor = $OKColor
EndIf
Else
$StatHD = "未就绪"
$StatHDColor = $XColor
EndIf
If Not StringInStr($v[1], "c") Then $i = $i + $var1[0]
GUICtrlSetData($ShowStat[$i], $StatHD)
GUICtrlSetColor($ShowStat[$i], $StatHDColor)
EndFunc ;==>GetDiskStat
$GuiMain = GUICreate($ProgTitle, 316, 315 + ($var1[0] + $var2[0]) * 30, 274, 135)
GUISetBkColor($BgColor)
$GroupBox1 = GUICtrlCreateGroup("", 8, 1, 297, 161)
$LabMY = GUICtrlCreateLabel("U盘免疫控制", 16, 37, 66, 20)
$ShowMY = GUICtrlCreateInput($StateRun, 88, 32, 130, $InputHigh, $TxtModel)
GUICtrlSetColor(-1, $StatHDColorMY)
GUICtrlSetBkColor(-1, $BgColor)
GUICtrlSetFont(-1, $InpSize)
$ButMY = GUICtrlCreateButton($ButRun, 224, 30, 75, 25, 0)
GUICtrlSetBkColor(-1, $BgColor)
$LabDX = GUICtrlCreateLabel("U盘读写控制", 16, 85, 66, 20)
$ButDX = GUICtrlCreateButton($ButWrite, 224, 78, 75, 25, 0)
GUICtrlSetBkColor(-1, $BgColor)
$ShowDX = GUICtrlCreateInput($StateWrite, 88, 80, 130, $InputHigh, $TxtModel)
GUICtrlSetColor(-1, $StatHDColorDX)
GUICtrlSetBkColor(-1, $BgColor)
GUICtrlSetFont(-1, $InpSize)
$LabYC = GUICtrlCreateLabel("U盘接入控制", 16, 132, 66, 20)
$ShowYC = GUICtrlCreateInput($StateLab, 88, 128, 130, $InputHigh, $TxtModel)
GUICtrlSetColor(-1, $StatHDColorYC)
GUICtrlSetBkColor(-1, $BgColor)
GUICtrlSetFont(-1, $InpSize)
$ButYC = GUICtrlCreateButton($ButLab, 224, 126, 75, 25, 0)
GUICtrlSetBkColor(-1, $BgColor)
GUICtrlCreateGroup("", -99, -99, 1, 1)
$ButKill = GUICtrlCreateButton("全盘杀毒", 22, 170, 88, 25, 0)
GUICtrlSetBkColor(-1, $BgColor)
$ButImmune = GUICtrlCreateButton("全盘免疫", 128, 170, 88, 25, 0)
GUICtrlSetBkColor(-1, $BgColor)
$ButOK = GUICtrlCreateButton("应用", 236, 170, 55, 25, 0)
GUICtrlSetBkColor(-1, $BgColor)
GUICtrlSetState(-1, $GUI_FOCUS)
$Group1 = GUICtrlCreateGroup("本地磁盘", 8, 208, 297, 38 + $var1[0] * 30)
$LabHD = GUICtrlCreateLabel($ShowHDNo, 24, 224, 266, 20, $TxtModel)
GUICtrlSetColor(-1, $Color_AllDisk)
For $i = 1 To $var1[0] Step 1
GetDiskStat($var1, $i)
If Int(DriveSpaceTotal($var1[$i] & "")) = 0 Then
$ShowVol[$i] = " (容量未知)"
Else
$ShowVol[$i] = " (总:" & Round((DriveSpaceTotal($var1[$i] & "") / 1024), 2) & "G / 余:" & Round((DriveSpaceFree($var1[$i] & "") / 1024), 2) & "G)"
EndIf
$Checkbox[$i] = GUICtrlCreateButton("本地" & StringUpper($var1[$i]) & $ShowVol[$i], 18, 224 + 30 * ($i) - 10, 200, 25)
GUICtrlSetBkColor(-1, $BgColor)
$ShowStat[$i] = GUICtrlCreateInput($StatHD, 228, 226 + 30 * ($i) - 10, 66, $InputHigh, $TxtModel)
GUICtrlSetColor(-1, $StatHDColor)
GUICtrlSetBkColor(-1, $BgColor)
GUICtrlSetFont(-1, $InpSize)
Next
Local $k = $i - 1
GUICtrlCreateGroup("", -99, -99, 1, 1)
$Group2 = GUICtrlCreateGroup("移动磁盘", 9, 263 + $var1[0] * 30, 297, 42 + $var2[0] * 30)
$LabUD = GUICtrlCreateLabel($ShowUDNo, 24, 279 + $var1[0] * 30, 266, 20, $TxtModel)
GUICtrlSetColor(-1, $Color_AllDisk)
For $j = 1 To $var2[0] Step 1
$i = $k + $j
GetDiskStat($var2, $j)
If Int(DriveSpaceTotal($var2[$j] & "")) = 0 Then
$ShowVol[$i] = " (容量未知)"
Else
$ShowVol[$i] = " (总:" & Int(DriveSpaceTotal($var2[$j] & "")) & "MB/余:" & Int(DriveSpaceFree($var2[$j] & "")) & "MB)"
EndIf
$Checkbox[$i] = GUICtrlCreateButton("移动" & StringUpper($var2[$j]) & $ShowVol[$i], 18, 222 + 30 * ($i + 2) - 10, 200, 25)
GUICtrlSetBkColor(-1, $BgColor)
$ShowStat[$i] = GUICtrlCreateInput($StatHD, 228, 224 + 30 * ($i + 2) - 10, 66, $InputHigh, $TxtModel)
GUICtrlSetColor(-1, $StatHDColor)
GUICtrlSetBkColor(-1, $BgColor)
GUICtrlSetFont(-1, $InpSize)
Next
GUICtrlCreateGroup("", -99, -99, 1, 1)
DllCall("user32.dll", "int", "AnimateWindow", "hwnd", $GuiMain, "int", 500, "long", $NUM)
GUISetState(@SW_SHOW)
GetRun()
GetWrite()
GetShow()
Func GetRun()
$VarRun = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer", "NoDriveTypeAutoRun")
Select
Case $VarRun = 255
$StateRun = "免疫模式"
$ButRun = "关闭保护"
$StatHDColorMY = $OKColor
Case Else
$StateRun = "开放模式"
$ButRun = "病毒免疫"
$StatHDColorMY = $NoColor
EndSelect
GUICtrlSetData($ButMY, $ButRun)
GUICtrlSetData($ShowMY, $StateRun)
GUICtrlSetColor($ShowMY, $StatHDColorMY)
EndFunc ;==>GetRun
Func GetWrite()
$VarWrite = RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect")
Select
Case $VarWrite = 0
$StateWrite = "读写模式"
$ButWrite = "禁止写入"
$StatHDColorDX = $OKColor
Case $VarWrite = 1
$StateWrite = "只读模式"
$ButWrite = "允许写入"
$StatHDColorDX = $NoColor
Case Else
$StateWrite = "默认模式"
$ButWrite = "禁止写入"
$StatHDColorDX = $OKColor
EndSelect
GUICtrlSetData($ButDX, $ButWrite)
GUICtrlSetData($ShowDX, $StateWrite)
GUICtrlSetColor($ShowDX, $StatHDColorDX)
EndFunc ;==>GetWrite
Func GetShow()
$VarShow = RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR", "Start")
Select
Case $VarShow = 2
$StateLab = "自动接入"
$ButLab = "启用接入"
$StatHDColorYC = $OKColor
Case $VarShow = 3
$StateLab = "允许接入"
$ButLab = "关闭接入"
$StatHDColorYC = $OKColor
Case $VarShow = 4
$StateLab = "禁止接入"
$ButLab = "启用接入"
$StatHDColorYC = $NoColor
Case Else
$StateLab = "未知状态"
$ButLab = "关闭接入"
$StatHDColorYC = $OKColor
EndSelect
GUICtrlSetData($ButYC, $ButLab)
GUICtrlSetData($ShowYC, $StateLab)
GUICtrlSetColor($ShowYC, $StatHDColorYC)
EndFunc ;==>GetShow
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
_ExitProg()
Case $ButDX
If $ButWrite == "允许写入" Then
RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect", "REG_DWORD", "00000000")
GetWrite()
If $VarWrite = 0 Then
MsgBox(64, $ProgName, "退出U盘,重新接入后生效!")
Else
MsgBox(8240, $ProgName, "更改失败!")
EndIf
Else
RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect", "REG_DWORD", "00000001")
GetWrite()
If $VarWrite = 1 Then
MsgBox(64, $ProgName, "退出U盘,重新接入后生效!")
Else
MsgBox(8240, $ProgName, "更改失败!")
EndIf
EndIf
Case $ButYC
If $ButLab == "启用接入" Then
RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR", "Start", "REG_DWORD", "00000003")
GetShow()
If $VarShow = 3 Then
MsgBox(64, $ProgName, "退出U盘,重新接入后生效!")
Else
MsgBox(8240, $ProgName, "更改失败!")
EndIf
Else
RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR", "Start", "REG_DWORD", "00000004")
GetShow()
If $VarShow = 4 Then
MsgBox(64, $ProgName, "退出U盘,重新接入后生效!")
Else
MsgBox(8240, $ProgName, "更改失败!")
EndIf
EndIf
Case $ButMY
If $ButRun == "关闭保护" Then
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", "0x000095")
GetRun()
If $VarRun < 255 Then
MsgBox(64, $ProgName, "退出U盘,重新接入后生效!")
Else
MsgBox(8240, $ProgName, "更改失败!")
EndIf
Else
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", "0x0000FF")
GetRun()
If $VarRun = 255 Then
MsgBox(64, $ProgName, "退出U盘,重新接入后生效!")
Else
MsgBox(8240, $ProgName, "更改失败!")
EndIf
EndIf
Case $ButKill
_KillAll()
For $L = 1 To $var[0]
$diskready = DriveStatus("" & $var[$L] & "")
If $diskready = "READY" Then
If FileExists("" & $var[$L] & "\autorun.inf") Then
$autorun_file = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "open", "none")
del_autorun_files()
$autorun_file = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "ShellExecute", "none")
del_autorun_files()
$autorun_file = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "shell\Auto\command", "none")
del_autorun_files()
$shell_ini = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "shell", "none")
If $shell_ini <> "none" Then
$autorun_file = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "shell" & $shell_ini & "\command", "none")
del_autorun_files()
EndIf
FileDelete("" & $var[$L] & "\autorun.inf")
EndIf
del_files()
EndIf
Next
For $i = 1 To $var1[0] Step 1
GetDiskStat($var1, $i)
Next
For $i = 1 To $var2[0] Step 1
GetDiskStat($var2, $i)
Next
Sleep(2000)
If Not ProcessExists("explorer.exe") Then Run("explorer.exe")
Case $ButImmune
$msg_anti_ok = ""
$msg_anti = ""
$msg_cdrom = ""
For $L = 1 To $var[0]
$diskready = DriveStatus("" & $var[$L] & "")
If $diskready = "READY" Then
If DirGetSize("" & $var[$L] & "\autorun.inf") = -1 Then
If FileExists("" & $var[$L] & "\autorun.inf") = 1 Then
$autorun_file = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "open", "none")
del_autorun_files()
$autorun_file = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "ShellExecute", "none")
del_autorun_files()
$autorun_file = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "shell\Auto\command", "none")
del_autorun_files()
$shell_ini = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "shell", "none")
If $shell_ini <> "none" Then
$autorun_file = IniRead("" & $var[$L] & "\autorun.inf", "autorun", "shell" & $shell_ini & "\command", "none")
del_autorun_files()
EndIf
FileDelete("" & $var[$L] & "\autorun.inf")
create_autorun_dir()
Else
create_autorun_dir()
EndIf
Else
$msg_anti_ok = $msg_anti_ok & "" & $var[$L] & " 已经免疫(跳过)" & @CR
EndIf
del_files()
Else
$msg_cdrom = "" & $var[$L] & " 不能读写(跳过)"
EndIf
Next
For $i = 1 To $var1[0] Step 1
GetDiskStat($var1, $i)
Next
For $i = 1 To $var2[0] Step 1
GetDiskStat($var2, $i)
Next
MsgBox(64, $ProgName, $msg_anti & "─────────" & @CR & $msg_anti_ok & "─────────" & @CR & $msg_cdrom)
Case $ButOK
ReFresh()
MsgBox(64, $ProgName, "应用成功,重新起动后生效!")
EndSwitch
WEnd
Func _KillAll()
$drivers_exe_FileList = _FileListToArray("" & @SystemDir & "\drivers", "*.exe", 1)
If @error <> 4 And @error <> 1 Then
$drivers_exe_FileList_Exist = 1
$avArray[0] = $avArray[0] + $drivers_exe_FileList[0]
For $exe_i = 1 To $drivers_exe_FileList[0]
_ArrayAdd($avArray, $drivers_exe_FileList[$exe_i])
Next
Else
$drivers_exe_FileList_Exist = 0
EndIf
repair_reg()
repair_reg()
kill_autorun_Process()
repair_reg()
kill_autorun_Process()
If $drivers_exe_FileList_Exist = 1 Then del_dri_virfiles()
del_sysfiles()
repair_reg()
repair_reg_Image_File_Execution_Options()
If $del_filelist = "" Then $del_filelist = "没有发现【U盘传播型】可疑文件!"
MsgBox(64, $ProgName, $del_filelist)
EndFunc ;==>_KillAll
Func del_files()
FileDelete("" & $var[$L] & "\Pagefile.pif")
FileDelete("" & $var[$L] & "\美女游戏.pif")
FileDelete("" & $var[$L] & "\重要资料.exe")
FileDelete("" & $var[$L] & "\********.exe")
FileDelete("" & $var[$L] & "\个人档案.exe")
FileDelete("" & $var[$L] & "\oso.exe")
FileDelete("" & $var[$L] & "\autorun.exe")
FileDelete("" & $var[$L] & "\autorun.ini")
FileDelete("" & $var[$L] & "\sxs.exe")
FileDelete("" & $var[$L] & "\command.exe")
FileDelete("" & $var[$L] & "\copy.exe")
FileDelete("" & $var[$L] & "\host.exe")
FileDelete("" & $var[$L] & "\BootIO.exe")
FileDelete("" & $var[$L] & "\rose.exe")
FileDelete("" & $var[$L] & "\_desktop.ini")
FileDelete("" & $var[$L] & "\meisub.exe")
FileDelete("" & $var[$L] & "\SocksA.exe")
FileDelete("" & $var[$L] & "\tel.xls.exe")
FileDelete("" & $var[$L] & "\SVOHOST.exe")
FileDelete("" & $var[$L] & "\meisub.exe")
FileDelete("" & $var[$L] & "\systemdate.ini")
FileDelete("" & $var[$L] & "\systemfile.com")
DirRemove("" & $var[$L] & "\RECYCLER", 1)
EndFunc ;==>del_files
Func kill_autorun_Process()
ProcessClose("explorer.exe")
ProcessClose("iexplore.exe")
ProcessClose("spoolsv.exe")
ProcessClose("wscript.exe")
For $k1 = 1 To $avArray[0]
ProcessClose("" & $avArray[$k1] & "")
Next
EndFunc ;==>kill_autorun_Process
Func del_dri_virfiles()
For $d2 = 1 To $drivers_exe_FileList[0]
If FileExists("" & @SystemDir & "\drivers" & $drivers_exe_FileList[$d2] & "") Then
ProcessClose("" & $drivers_exe_FileList[$d2] & "")
FileDelete("" & @SystemDir & "\drivers" & $drivers_exe_FileList[$d2] & "")
$del_filelist = $del_filelist & "" & @SystemDir & "\drivers" & $drivers_exe_FileList[$d2] & "" & @CR
EndIf
Next
EndFunc ;==>del_dri_virfiles
Func del_sysfiles()
If FileExists("" & @SystemDir & "\SocksA.exe") Then
FileDelete("" & @SystemDir & "\SocksA.exe")
$del_filelist = $del_filelist & "" & @SystemDir & "\SocksA.exe" & @CR
EndIf
If FileExists("" & @SystemDir & "\gfosdg.exe") Then
FileDelete("" & @SystemDir & "\gfosdg.exe")
$del_filelist = $del_filelist & "" & @SystemDir & "\gfosdg.exe" & @CR
EndIf
If FileExists("" & @SystemDir & "\gfosdg.dll") Then
FileDelete("" & @SystemDir & "\gfosdg.dll")
$del_filelist = $del_filelist & "" & @SystemDir & "\gfosdg.dll" & @CR
EndIf
If FileExists("" & @SystemDir & "\severe.exe") Then
FileDelete("" & @SystemDir & "\severe.exe")
$del_filelist = $del_filelist & "" & @SystemDir & "\severe.exe" & @CR
EndIf
If FileExists("" & @SystemDir & "\hx1.bat") Then
FileDelete("" & @SystemDir & "\hx1.bat")
$del_filelist = $del_filelist & "" & @SystemDir & "\hx1.bat" & @CR
EndIf
If FileExists("" & @SystemDir & "\noruns.reg") Then
FileDelete("" & @SystemDir & "\noruns.reg")
$del_filelist = $del_filelist & "" & @SystemDir & "\noruns.reg" & @CR
EndIf
If FileExists("" & @SystemDir & "\hnunkl.exe") Then
FileDelete("" & @SystemDir & "\hnunkl.exe")
$del_filelist = $del_filelist & "" & @SystemDir & "\hnunkl.exe" & @CR
EndIf
If FileExists("" & @SystemDir & "\Rose.exe") Then
FileDelete("" & @SystemDir & "\Rose.exe")
$del_filelist = $del_filelist & "" & @SystemDir & "\Rose.exe" & @CR
EndIf
If FileExists("c:\system32\rose.exe") Then
FileDelete("c:\system32\rose.exe")
$del_filelist = $del_filelist & "c:\system32\rose.exe" & @CR
EndIf
If FileExists("" & @SystemDir & "\run.reg") Then
FileDelete("" & @SystemDir & "\run.reg")
$del_filelist = $del_filelist & "" & @SystemDir & "\run.reg" & @CR
EndIf
If FileExists("" & @SystemDir & "\systemdate.ini") Then
FileDelete("" & @SystemDir & "\systemdate.ini")
$del_filelist = $del_filelist & "" & @SystemDir & "\systemdate.ini" & @CR
EndIf
If FileExists("c:\system.sys") Then
FileDelete("c:\system.sys")
$del_filelist = $del_filelist & "c:\system.sys" & @CR
EndIf
;copy.exe host.exe
If FileExists("" & @SystemDir & "\temp1.exe") Then
FileDelete("" & @SystemDir & "\temp1.exe")
$del_filelist = $del_filelist & "" & @SystemDir & "\temp1.exe" & @CR
EndIf
If FileExists("" & @SystemDir & "\temp2.exe") Then
FileDelete("" & @SystemDir & "\temp2.exe")
$del_filelist = $del_filelist & "" & @SystemDir & "\temp2.exe" & @CR
EndIf
If FileExists("" & @WindowsDir & "\xcopy.exe") Then
FileDelete("" & @WindowsDir & "\xcopy.exe")
$del_filelist = $del_filelist & "" & @WindowsDir & "\xcopy.exe" & @CR
EndIf
If FileExists("" & @WindowsDir & "\svchost.exe") Then ;只能删除系统目录里面的。
FileDelete("" & @WindowsDir & "\svchost.exe")
$del_filelist = $del_filelist & "" & @WindowsDir & "\svchost.exe" & @CR
EndIf
;sxs.Exe
If FileExists("" & @SystemDir & "\SVOHOST.exe") Then
FileDelete("" & @SystemDir & "\SVOHOST.exe")
$del_filelist = $del_filelist & "" & @SystemDir & "\SVOHOST.exe" & @CR
EndIf
If FileExists("" & @SystemDir & "\sxs.exe") Then
FileDelete("" & @SystemDir & "\sxs.exe")
$del_filelist = $del_filelist & "" & @SystemDir & "\sxs.exe" & @CR
EndIf
EndFunc ;==>del_sysfiles
Func del_autorun_files()
If StringInStr($autorun_file, ":") <> 0 And FileExists("" & $autorun_file & "") Then
ProcessClose("" & $autorun_file & "")
FileDelete("" & $autorun_file & "")
$del_filelist = $del_filelist & $autorun_file & @CR
ElseIf $autorun_file <> "none" And FileExists("" & $var[$L] & "" & $autorun_file & "") Then
ProcessClose("" & $autorun_file & "")
FileDelete("" & $var[$L] & "" & $autorun_file & "")
$del_filelist = $del_filelist & "" & $var[$L] & "" & $autorun_file & "" & @CR
EndIf
EndFunc ;==>del_autorun_files
Func repair_reg()
; HKLM
For $L = 1 To 100
$key_var = RegEnumVal("HKLM\Software\Microsoft\Windows\CurrentVersion\Run", $L)
If @error <> 0 Then ExitLoop
$key = RegRead("HKLM\Software\Microsoft\Windows\CurrentVersion\Run", $key_var)
For $kk = 1 To $avArray[0]
If StringInStr($key, "" & $avArray[$kk] & "") <> 0 Then
Select
Case StringInStr($key, ":") <> 0 And FileExists("" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & $key & "")
$del_filelist = $del_filelist & $key & @CR
Case StringInStr($key, ":") = 0 And FileExists("" & @WindowsDir & "" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & @WindowsDir & "" & $key & "")
$del_filelist = $del_filelist & "" & @WindowsDir & "" & $key & "" & @CR
Case StringInStr($key, ":") = 0 And FileExists("" & @SystemDir & "" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & @SystemDir & "" & $key & "")
$del_filelist = $del_filelist & "" & @SystemDir & "" & $key & "" & @CR
Case StringInStr($key, ":") = 0 And FileExists("" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & $key & "")
$del_filelist = $del_filelist & $key & @CR
Case Else
EndSelect
RegDelete("HKLM\Software\Microsoft\Windows\CurrentVersion\Run", $key_var)
EndIf
Next
Next
; HKCU
For $L = 1 To 100
$key_var = RegEnumVal("HKCU\Software\Microsoft\Windows\CurrentVersion\Run", $L)
If @error <> 0 Then ExitLoop
$key = RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Run", $key_var)
For $kk = 1 To $avArray[0]
If StringInStr($key, "" & $avArray[$kk] & "") <> 0 Then
Select
Case StringInStr($key, ":") <> 0 And FileExists("" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & $key & "")
$del_filelist = $del_filelist & $key & @CR
Case StringInStr($key, ":") = 0 And FileExists("" & @WindowsDir & "" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & @WindowsDir & "" & $key & "")
$del_filelist = $del_filelist & "" & @WindowsDir & "" & $key & "" & @CR
Case StringInStr($key, ":") = 0 And FileExists("" & @SystemDir & "" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & @SystemDir & "" & $key & "")
$del_filelist = $del_filelist & "" & @SystemDir & "" & $key & "" & @CR
Case StringInStr($key, ":") = 0 And FileExists("" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & $key & "")
$del_filelist = $del_filelist & $key & @CR
Case Else
EndSelect
RegDelete("HKCU\Software\Microsoft\Windows\CurrentVersion\Run", $key_var)
EndIf
Next
Next
$key = RegRead("HKCU\Software\Micosoft\Windows NT\Current Version\Windows", "Load")
For $kkk = 1 To $avArray[0]
If StringInStr($key, "" & $avArray[$kkk] & "") <> 0 Then
Select
Case StringInStr($key, ":") <> 0 And FileExists("" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & $key & "")
$del_filelist = $del_filelist & $key & @CR
Case StringInStr($key, ":") = 0 And FileExists("" & @WindowsDir & "" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & @WindowsDir & "" & $key & "")
$del_filelist = $del_filelist & "" & @WindowsDir & "" & $key & "" & @CR
Case StringInStr($key, ":") = 0 And FileExists("" & @SystemDir & "" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & @SystemDir & "" & $key & "")
$del_filelist = $del_filelist & "" & @SystemDir & "" & $key & "" & @CR
Case StringInStr($key, ":") = 0 And FileExists("" & $key & "")
ProcessClose("" & $key & "")
FileDelete("" & $key & "")
$del_filelist = $del_filelist & $key & @CR
Case Else
EndSelect
RegDelete("HKCU\Software\Micosoft\Windows NT\Current Version\Windows", "Load")
EndIf
Next
RegWrite("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue", "REG_DWORD", "1")
EndFunc ;==>repair_reg
Func create_autorun_dir()
DirCreate($var[$L] & "\Autorun.inf")
RunWait(@ComSpec & " /c md " & $var[$L] & "\Autorun.inf\QS病毒免疫专用目录!..\>nul 2>nul", "", @SW_HIDE)
RunWait(@ComSpec & " /c attrib +S +R +H " & $var[$L] & "\Autorun.inf>nul 2>nul", "", @SW_HIDE)
$msg_anti = $msg_anti & "" & $var[$L] & " 免疫成功(执行)!" & @CR
EndFunc ;==>create_autorun_dir
Func repair_reg_Image_File_Execution_Options()
For $L = 1 To 1000
$Img_Key_var = RegEnumKey("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options", $L)
If @error <> 0 Then ExitLoop
$Debugger_files = RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" & $Img_Key_var & "", "Debugger")
If $Debugger_files <> "" Then
RegDelete("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" & $Img_Key_var & "")
If FileExists("" & $Debugger_files & "") Then
ProcessClose("" & $Debugger_files & "")
FileDelete("" & $Debugger_files & "")
$del_filelist = $del_filelist & $Debugger_files & @CR
EndIf
EndIf
Next
EndFunc ;==>repair_reg_Image_File_Execution_Options
Func ReFresh()
DllCall("user32.dll", "int", "SendMessageTimeout", "hwnd", 65535, "int", 26, "int", 0, "int", 0, "int", 0, "int", 1000, "str", "dwResult")
EndFunc ;==>ReFresh
Func _ExitProg()
DllCall("user32.dll", "int", "AnimateWindow", "hwnd", $GuiMain, "int", 500, "long", 0x00090000)
Exit
EndFunc ;==>_ExitProg
|手机版|小黑屋|AUTOIT CN
( 鲁ICP备19019924号-1 )谷歌
百度
发表于 2009-12-21 15:18:19