|
|
#NoTrayIcon
#RequireAdmin
#include <MsgBoxConstants.au3>
#include <FileConstants.au3>
#include <WinAPIProc.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <EditConstants.au3>
#include <File.au3>
Opt("GUIOnEventMode", 1)
Opt("GUIResizeMode", $GUI_DOCKALL)
; 主界面
Global $hGUI = GUICreate("Autorun 病毒清除工具 - By Phexon", 500, 450)
GUISetBkColor(0x002F2F)
GUICtrlCreateLabel("Autorun 病毒清除工具", 150, 20, 200, 30)
GUICtrlSetFont(-1, 12, 800, 0, "微软雅黑")
GUICtrlSetColor(-1, 0x00FF00)
GUICtrlCreateLabel("制作:Phexon", 200, 60, 100, 20)
GUICtrlSetColor(-1, 0x00FF00)
Global $idLog = GUICtrlCreateEdit("", 20, 100, 460, 250, BitOR($ES_READONLY, $WS_VSCROLL, $ES_MULTILINE))
GUICtrlSetBkColor(-1, 0x000000)
GUICtrlSetColor(-1, 0x00FF00)
GUICtrlSetFont(-1, 9, 400, 0, "Consolas")
; 功能按钮
Global $btn1 = GUICtrlCreateButton("1. 仅删除病毒", 20, 370, 110, 30)
Global $btn2 = GUICtrlCreateButton("2. 删除+免疫(推荐)", 140, 370, 110, 30)
Global $btn3 = GUICtrlCreateButton("3. 禁用Autorun", 260, 370, 110, 30)
Global $btn4 = GUICtrlCreateButton("4. 取消免疫", 380, 370, 110, 30)
Global $btn5 = GUICtrlCreateButton("5. 指定盘符处理", 20, 410, 110, 30)
Global $btn6 = GUICtrlCreateButton("6. 恢复注册表", 140, 410, 110, 30)
Global $btn7 = GUICtrlCreateButton("7. 退出", 380, 410, 110, 30)
; 事件绑定
GUICtrlSetOnEvent($btn1, "_ClearAuto1")
GUICtrlSetOnEvent($btn2, "_ClearAuto2")
GUICtrlSetOnEvent($btn3, "_ClearAuto3")
GUICtrlSetOnEvent($btn4, "_ClearAuto4")
GUICtrlSetOnEvent($btn5, "_ClearAuto5")
GUICtrlSetOnEvent($btn6, "_ClearAuto6")
GUICtrlSetOnEvent($btn7, "_ExitApp")
GUISetState(@SW_SHOW, $hGUI)
; ===== 核心功能函数 =====
Func _Log($sMsg)
Local $sTime = "[" & @HOUR & ":" & @MIN & ":" & @SEC & "] "
GUICtrlSetData($idLog, $sTime & $sMsg & @CRLF & GUICtrlRead($idLog))
EndFunc
Func _KillVirProcess()
Local $aProcesses = ["SocksA.exe", "SVOHOST.exe", "AdobeR.exe", "ravmone.exe", "wincfgs.exe", _
"doc.exe", "rose.exe", "sxs.exe", "autorun.exe", "KB20060111.exe", "tel.xls.exe"]
_Log("正在终止病毒进程...")
For $i = 0 To UBound($aProcesses) - 1
While ProcessExists($aProcesses[$i])
RunWait('taskkill /F /IM "' & $aProcesses[$i] & '"', "", @SW_HIDE)
_Log("已终止进程: " & $aProcesses[$i])
WEnd
Next
EndFunc
Func _CleanRecycleBin($sDrive)
Local $aTypes = ["exe", "pif", "com", "bat"]
Local $aDirs = ["Recycler", "Recycled", "$RECYCLE.BIN"]
For $i = 0 To UBound($aDirs) - 1
Local $sPath = $sDrive & "\" & $aDirs[$i]
If FileExists($sPath) Then
For $j = 0 To UBound($aTypes) - 1
Local $aFiles = _FileListToArray($sPath, "*." & $aTypes[$j], $FLTA_FILES, True)
If IsArray($aFiles) Then
For $k = 1 To $aFiles[0]
FileDelete($aFiles[$k])
_Log("已清理回收站病毒: " & $aFiles[$k])
Next
EndIf
Next
EndIf
Next
EndFunc
; ===== 主功能 =====
Func _ClearAuto1()
_KillVirProcess()
Local $aDrives = DriveGetDrive("ALL")
For $i = 1 To $aDrives[0]
If DriveStatus($aDrives[$i] & "\") = "READY" Then
If FileExists($aDrives[$i] & "\autorun.inf") Then
Local $sVirusFile = IniRead($aDrives[$i] & "\autorun.inf", "AutoRun", "open", "")
If $sVirusFile <> "" And FileExists($aDrives[$i] & "\" & $sVirusFile) Then
FileDelete($aDrives[$i] & "\" & $sVirusFile)
_Log("已删除病毒文件: " & $aDrives[$i] & "\" & $sVirusFile)
EndIf
FileDelete($aDrives[$i] & "\autorun.inf")
_Log("已删除: " & $aDrives[$i] & "\autorun.inf")
EndIf
EndIf
Next
MsgBox($MB_ICONINFORMATION, "完成", "Autorun 病毒清除完毕!", 3)
EndFunc
Func _ClearAuto2()
_KillVirProcess()
Local $aDrives = DriveGetDrive("ALL")
For $i = 1 To $aDrives[0]
If DriveStatus($aDrives[$i] & "\") = "READY" Then
If FileExists($aDrives[$i] & "\autorun.inf") Then
Local $sVirusFile = IniRead($aDrives[$i] & "\autorun.inf", "AutoRun", "open", "")
If $sVirusFile <> "" Then
If FileExists($aDrives[$i] & "\" & $sVirusFile) Then
FileDelete($aDrives[$i] & "\" & $sVirusFile)
_Log("已删除病毒文件: " & $aDrives[$i] & "\" & $sVirusFile)
EndIf
If Not FileExists($aDrives[$i] & "\" & $sVirusFile) Then
DirCreate($aDrives[$i] & "\" & $sVirusFile)
DirCreate($aDrives[$i] & "\" & $sVirusFile & "\免疫目录不要删除...\")
FileSetAttrib($aDrives[$i] & "\" & $sVirusFile, "+SHR")
RunWait('cacls "' & $aDrives[$i] & '\' & $sVirusFile & '" /P everyone:N', "", @SW_HIDE)
_Log("已免疫: " & $aDrives[$i] & "\" & $sVirusFile)
EndIf
EndIf
FileDelete($aDrives[$i] & "\autorun.inf")
If Not FileExists($aDrives[$i] & "\autorun.inf") Then
DirCreate($aDrives[$i] & "\autorun.inf")
DirCreate($aDrives[$i] & "\autorun.inf\免疫目录不要删除...\")
FileSetAttrib($aDrives[$i] & "\autorun.inf", "+SHR")
RunWait('cacls "' & $aDrives[$i] & '\autorun.inf" /P everyone:N', "", @SW_HIDE)
_Log("已免疫: " & $aDrives[$i] & "\autorun.inf")
EndIf
EndIf
_CleanRecycleBin($aDrives[$i])
EndIf
Next
MsgBox($MB_ICONINFORMATION, "完成", "Autorun 病毒清除并免疫完毕!", 3)
EndFunc
Func _ClearAuto3()
RegWrite("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", 0xFF)
RegWrite("HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", 0xFF)
RunWait('net stop ShellHWDetection', "", @SW_HIDE)
RunWait('sc config ShellHWDetection start= disabled', "", @SW_HIDE)
Local $sRegPath = "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\"
Local $aGuid = ["{00ffa5bf-abe7-4901-aacf-4f58aa31217a}", "{41fe7eed-c47a-46f6-840a-240796fd03cf}"]
For $i = 0 To UBound($aGuid) - 1
RegWrite($sRegPath & $aGuid[$i], "SaferFlags", "REG_DWORD", 0)
RegWrite($sRegPath & $aGuid[$i], "ItemData", "REG_SZ", "?:\Recyc?")
Next
_Log("已禁用Autorun功能并增强防护")
MsgBox($MB_ICONINFORMATION, "完成", "已彻底禁用系统的Autorun自动播放功能!", 3)
EndFunc
Func _ClearAuto4()
Local $aDrives = DriveGetDrive("ALL")
For $i = 1 To $aDrives[0]
If DriveStatus($aDrives[$i] & "\") = "READY" Then
If FileExists($aDrives[$i] & "\autorun.inf") Then
RunWait('cacls "' & $aDrives[$i] & '\autorun.inf" /P everyone:F', "", @SW_HIDE)
DirRemove($aDrives[$i] & "\autorun.inf", 1)
_Log("已取消免疫: " & $aDrives[$i] & "\autorun.inf")
EndIf
Local $sVirusFile = IniRead($aDrives[$i] & "\autorun.inf", "AutoRun", "open", "")
If $sVirusFile <> "" And FileExists($aDrives[$i] & "\" & $sVirusFile) Then
RunWait('cacls "' & $aDrives[$i] & '\' & $sVirusFile & '" /P everyone:F', "", @SW_HIDE)
DirRemove($aDrives[$i] & "\" & $sVirusFile, 1)
_Log("已取消免疫: " & $aDrives[$i] & "\" & $sVirusFile)
EndIf
EndIf
Next
MsgBox($MB_ICONINFORMATION, "完成", "已解除所有盘符的免疫", 3)
EndFunc
Func _ClearAuto5()
Local $sDrive = InputBox("输入盘符", "请输入要处理的盘符(如 C:)", "", "", 200, 150)
If @error Then Return
If StringRight($sDrive, 1) <> ":" Then $sDrive &= ":"
If DriveStatus($sDrive) = "READY" Then
_KillVirProcess()
If FileExists($sDrive & "\autorun.inf") Then
Local $sVirusFile = IniRead($sDrive & "\autorun.inf", "AutoRun", "open", "")
If $sVirusFile <> "" And FileExists($sDrive & "\" & $sVirusFile) Then
FileDelete($sDrive & "\" & $sVirusFile)
_Log("已删除病毒文件: " & $sDrive & "\" & $sVirusFile)
EndIf
FileDelete($sDrive & "\autorun.inf")
DirCreate($sDrive & "\autorun.inf")
DirCreate($sDrive & "\autorun.inf\免疫目录不要删除...\")
FileSetAttrib($sDrive & "\autorun.inf", "+SHR")
RunWait('cacls "' & $sDrive & '\autorun.inf" /P everyone:N', "", @SW_HIDE)
_Log("已免疫: " & $sDrive & "\autorun.inf")
If $sVirusFile <> "" Then
DirCreate($sDrive & "\" & $sVirusFile)
DirCreate($sDrive & "\" & $sVirusFile & "\免疫目录不要删除...\")
FileSetAttrib($sDrive & "\" & $sVirusFile, "+SHR")
RunWait('cacls "' & $sDrive & '\' & $sVirusFile & '" /P everyone:N', "", @SW_HIDE)
_Log("已免疫: " & $sDrive & "\" & $sVirusFile)
EndIf
EndIf
_CleanRecycleBin($sDrive)
MsgBox($MB_ICONINFORMATION, "完成", $sDrive & " 盘处理完毕", 3)
Else
MsgBox($MB_ICONERROR, "错误", "无效的盘符或驱动器不可用", 3)
EndIf
EndFunc
Func _ClearAuto6()
RegWrite("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL", "CheckedValue", "REG_DWORD", 1)
RegDelete("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2")
RegDelete("HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun")
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Startup", "REG_SZ", @StartupDir)
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common Startup", "REG_SZ", @StartupCommonDir)
_Log("已恢复注册表默认设置")
MsgBox($MB_ICONINFORMATION, "完成", "注册表已恢复默认值", 3)
EndFunc
Func _ExitApp()
Exit
EndFunc
While 1
Sleep(100)
WEnd |
|
IP卡
狗仔卡
发表于 
收藏
支持
反对
提升卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
楼主