差異處

這裏顯示兩個版本的差異處。

--- microsoft:disable_autorun [2007/09/28 23:52]
wenpei 建立
+++ microsoft:disable_autorun [2007/09/29 00:21] (目前版本)
wenpei
@@ 行 1: / 行 1: @@
 ====== 關閉自動自動執行 ======
-WinXP 中，打開「執行」輸入「gpedit.msc」，「電腦設定」「系統管理範本」「系統」，在「關閉自動播放」上點兩下，
+===== 修改群組原則 =====
+WinXP 中，打開「執行」輸入「gpedit.msc」，「電腦設定」->「系統管理範本」->「系統」，在「關閉自動播放」上點兩下，選「已啟用」，下拉式選單選「所有磁碟機」，然後確定即可。
+===== 關閉服務 =====
+「我的電腦」上滑鼠右鍵「管理」，「電腦管理」->「服務和應用程式」->「服務」，在右邊找到「Shell Hardware Detection」服務，連續點兩下，點「停止」按鈕，然後將「啟動類型」改為「已停用」。
+====== 阻止隨身碟病毒入侵 ======
+http://www.hatea.com.tw/tech/files/DelAutorun-Virus.bat
+<code>
+@echo off
+cls
+echo.
+echo *********** Delete Autorun batch file ***********
+echo.
+echo.
+echo 此檔案除了有刪除Autorun.inf並關閉Autorun功能外
+echo 另外有刪除MountPoints2內異常機碼的功能
+echo.
+echo ==============================================
+echo.
+echo.
+echo 此批次檔執行後會關閉Autorun功能
+echo.
+echo 如果要回復Autorun功能則請將檔案放置在c:\後
+echo.
+echo 按開始 -^> 執行 -^> 輸入c:\delautorun open後按確定
+echo.
+echo 依照動作指示跑完後即可回復Autorun功能
+echo.
+echo.
+echo 如不想執行請按CTRL+C後按Y跳出或直接將視窗關閉。
+echo.
+pause
+cls
+if not "%1"=="open" goto st
+echo.
+echo 回復Autorun功能並刪除Autorun.inf資料夾
+for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
+attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
+rd %%a:\autorun.inf >nul 2>nul&&echo.&&echo 移除%%a:\Autorun.inf資料夾
+)
+echo.
+echo.
+reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveAutoRun" /f >nul 2>nul
+reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
+reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
+reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x00000091 /f >nul 2>nul
+echo 處理完畢請重新開機
+echo.
+pause
+exit
+:st
+if not exist c:\delauto goto delauto
+if exist c:\delauto\usbmons.dll attrib -r -s -h -a %windir%\system32\usbmons.dll&del %windir%\system32\usbmons.dll >nul 2>nul&del c:\delauto\usbmons.dll >nul 2>nul
+echo.
+echo 清理前次執行此批次檔暫存檔和autorun.inf資料夾
+echo.
+for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
+attrib -r -s -h +a /D /S %%a:\autorun.inf >nul 2>nul
+rd %%a:\autorun.inf >nul 2>nul
+)
+del c:\delauto\*.* /s /q >nul 2>nul
+rd c:\delauto /s /q
+:delauto
+md c:\delauto
+copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul
+if not exist %windir%\system32\usbmons.dll goto disable
+@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
+@echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
+@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
+@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
+@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
+@echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\USB Monitor] >>c:\delauto\fix.reg
+@echo "Driver"="usbmon.dll" >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbmon >>c:\delauto\fix.reg
+c:\delauto\fixreg.exe /s c:\delauto\fix.reg
+attrib -r -s -h -a %windir%\system32\usbmons.dll >nul 2>nul
+copy %windir%\system32\usbmons.dll c:\delauto\ >nul 2>nul
+echo 請於重新開機後再執行一次此程式
+echo.
+pause
+cls
+:disable
+echo.
+echo 修復磁碟點不開和關閉autorun功能
+reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f >nul 2>nul
+reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
+reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
+reg.exe add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000Ff /f >nul 2>nul
+reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f >nul 2>nul
+for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
+if exist %%a:\autorun.inf echo.&echo 刪除%%a:\Autorun.inf
+attrib -r -s -h -a %%a:\autorun.inf >nul 2>nul&del %%a:\autorun.inf /f /q >nul 2>nul
+md %%a:\autorun.inf >nul 2>nul&&echo.&&echo 創建%%a:\Autorun.inf資料夾&&attrib +r +s +h +a %%a:\autorun.inf >nul 2>nul&&echo. >>c:\delauto\autorun.txt&&fsutil fsinfo drivetype %%a: >>c:\delauto\autorun.txt&&dir/a %%a:\|find /i "autorun.inf"  >> c:\delauto\autorun.txt
+)
+echo.
+echo 刪除資源回收桶內執行檔
+for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (
+for %%b in (EXE COM PIF) do (
+attrib -r -s -h -a %%a:\RECYCLER\*.%%b /s >nul 2>nul&attrib -r -s -h -a %%a:\RECYCLED\*.%%b /s >nul 2>nul
+del %%a:\recycler\*.%%b /s /q /f >nul 2>nul&del %%a:\recycled\*.%%b /s /q /f >nul 2>nul
+))
+@echo Windows Registry Editor Version 5.00 >c:\delauto\fix.reg
+@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] >>c:\delauto\fix.reg
+@echo "CheckedValue"=dword:00000001 >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]  >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] >>c:\delauto\fix.reg
+@echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe] >>c:\delauto\fix.reg
+c:\delauto\fixreg.exe /s c:\delauto\fix.reg
+:last
+copy %windir%\regedit.exe c:\delauto\fixreg.exe >nul 2>nul
+c:\delauto\fixreg.exe /s c:\delauto\fix.reg
+attrib -r -s -h -a c:\found.??? /S /D >nul 2>nul
+del c:\found.???\*.* /s /q /f >nul 2>nul
+rd c:\found.??? >nul 2>nul
+echo.
+echo 處理完畢&pause
+cls
+echo.
+echo 以下會顯示各磁碟內Autorun.inf是否為資料夾
+echo 如果是此批次檔建立之資料夾則會顯示類似像下列文字
+echo.
+echo C: - 固定式磁碟
+echo %date% %time%  ^<DIR^>         autorun.inf
+echo.
+echo 如果沒有顯示^<DIR^>這個幾個文字則表示Autorun.inf刪除失敗請檢查電腦內其他地方是否含有病毒
+echo 另外如果是光碟機內的檔案則請忽略....
+echo.
+pause
+echo.
+type c:\delauto\autorun.txt|more
+echo.
+echo 執行完畢請重新開機。
+echo.
+pause
+exit
+</code>

Sars' History

使用者工具

網站工具

差異處

頁面工具