Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"ArpRetryCount"=dword:00000002
"arpcachelife"=dword:00000001
"ArpCacheMinReferencedLife"=dword:00000001

2。SYSTEM32文件夹中手工创建packet.dll、pthreadVc.dll、wpcap.dll三个0字节文件，赋于隐藏只读系统属性

SYSTEM32\drivers下手工创建0字节npf.sys文件，赋于隐藏只读系统属性

删除SYSTEM32文件夹中的NPPTOOLS.dll

3。ARP命令绑定网关

其中，1和2可以同时使用，2和3也可以同时使用，1和3不可以同时使用

echo     -------------------------------------------------------------------------
echo                          如:输入5然后回车=进程查杀
echo                直接回车=刷新 QQ然后回车=俺QQ空间 Q然后回车=退出
@set yslbxz=""
@set /p yslbxz=
if /I "%yslbxz%"=="1" goto 恢复专区
if /I "%yslbxz%"=="2" goto 禁止专区
if /I "%yslbxz%"=="3" goto 禁止CMD命令
if /I "%yslbxz%"=="4" goto 母盘制作
if /I "%yslbxz%"=="qq" start iexplore http://519988666.qzone.qq.com/
if /I "%yslbxz%"=="q" (exit)
goto 列表选择

echo     ----------------------------1.恢复专区----------------------------------->nul
:恢复专区
title 恢复专区-%以%
cls
echo                           ──            ──
echo                         →     恢 复 专 区    ←
echo     ----------------------------------------------------------------------
echo         %:%  ①　我的电脑-右键管理 %:% 恢复 ::
echo         %:%  ②  网络连接-本地连接 %:% ↓↓ ::
echo         %:%  ③  我的电脑-右键属性 %:%      ::
echo         %:%  ④      注 册 表      %:%      ::
echo         %:%  ⑤     文件夹选项     %:%      ::
echo         %:%  ⑥     任务栏属性     %:%      ::
echo         %:%  ⑦        右键        %:%      ::
echo         %:%  ⑧     任务管理器     %:%      ::
echo         %:%  ⑨        注消        %:%      ::
echo         %:%  ⑩     锁定计算机     %:%      ::
echo         %:%  ⑾      更改密码      %:%      ::
echo         %:%  ⑿       控制台       %:%      ::
echo         %:%  ⒀       IE下载       %:%      ::
echo         %:%  ⒁      C  M   D      %:% ↑↑ ::
echo         %:%  ⒂    INTERNET属性    %:% 恢复 ::
echo     ----------------------------------------------------------------------
echo                      如果见不到更改变化-请F5刷新.
echo     ----------------------------------------------------------------------

echo            恢复你需要的请输入对应值. 如:输入14然后回车=恢复使用CMD.
echo               按回车=刷新恢复列表 G=列表选择 QQ=俺QQ空间 Q=退出

:jzzqzl1
@set jinzhi=""
@set /p jinzhi=
if /I "%jinzhi%"=="1" goto ①1
if /I "%jinzhi%"=="2" goto ②1
if /I "%jinzhi%"=="3" goto ③1
if /I "%jinzhi%"=="4" goto ④1
if /I "%jinzhi%"=="5" goto ⑤1
if /I "%jinzhi%"=="6" goto ⑥1
if /I "%jinzhi%"=="7" goto ⑦1
if /I "%jinzhi%"=="8" goto ⑧1
if /I "%jinzhi%"=="9" goto ⑨1
if /I "%jinzhi%"=="10" goto ⑩1
if /I "%jinzhi%"=="11" goto ⑾1
if /I "%jinzhi%"=="12" goto ⑿1
if /I "%jinzhi%"=="13" goto ⒀1
if /I "%jinzhi%"=="14" goto ⒁1
if /I "%jinzhi%"=="15" goto ⒂1
if /I "%jinzhi%"=="g" goto 列表选择
if /I "%jinzhi%"=="qq" start iexplore http://519988666.qzone.qq.com/
if /I "%jinzhi%"=="q" (EXIT)
goto 恢复专区

:①1
REG ADD HKCU\Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033} /v Restrict_Run /t REG_DWORD /d 0 /F >nul
compmgmt.msc
echo         %:%  ①　我的电脑右键-管理 恢复 :: OK
goto jinzhijs1
:②1
REG DELETE "HKCU\Software\Policies\Microsoft\Windows\Network Connections" /F >nul 4>nul 2>nul
echo [Version] >%temp%\Netman.inf
echo Signature="$WINDOWS NT$" >>%temp%\Netman.inf
echo [DefaultInstall.Services] >>%temp%\Netman.inf
echo AddService=Netman,,My_AddService_Name >>%temp%\Netman.inf
echo [My_AddService_Name] >>%temp%\Netman.inf
echo ServiceType=0x20 >>%temp%\Netman.inf
echo StartType=2 >>%temp%\Netman.inf
echo ErrorControl=1 >>%temp%\Netman.inf
echo ServiceBinary=%SystemRoot%\System32\svchost.exe -k netsvcs >>%temp%\Netman.inf
rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 %temp%\Netman.inf >nul 4>nul 2>nul
net start netman >nul 4>nul 2>nul
del %temp%\Netman.inf
ncpa.cpl
echo         %:%  ②　网络连接-本地连接 恢复 :: OK
goto jinzhijs1
:③1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NopropertiesMyComputer /t REG_DWORD /d 0 /F >nul
sysdm.cpl
echo         %:%  ③　我的电脑-右键属性 恢复 :: OK
goto jinzhijs1
:④1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /F >nul
regedit
echo         %:%  ④　    注 册 表      恢复 :: OK
goto jinzhijs1
:⑤1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /F >nul
echo         %:%  ⑤　   文件夹选项     恢复 :: OK
goto jinzhijs1
:⑥1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSetTaskbar /t REG_DWORD /d 0 /F >nul
echo         %:%  ⑥　   任务栏属性     恢复 :: OK
goto jinzhijs1
:⑦1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 0 /F >nul
echo         %:%  ⑦        右键        恢复 :: OK
goto jinzhijs1
:⑧1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /F >nul
taskmgr
echo         %:%  ⑧     任务管理器     恢复 :: OK
goto jinzhijs1
:⑨1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 0 /F >nul
echo         %:%  ⑨        注消        恢复 :: OK
goto jinzhijs1
:⑩1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 0 /F >nul
echo         %:%  ⑩     锁定计算机     恢复 :: OK
goto jinzhijs1
:⑾1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 0 /F >nul
echo         %:%  ⑾      更改密码      恢复 :: OK
goto jinzhijs1
:⑿1
REG ADD HKCU\Software\Policies\Microsoft\MMC /v RestrictAuthorMode /t REG_DWORD /d 0 /F >nul
echo         %:%  ⑿       控制台       恢复 :: OK
goto jinzhijs1
:⒀1
REG ADD HKCU\Software\Policies\Microsoft\MMC /v RestrictAuthorMode /t REG_DWORD /d 0 /F >nul
echo         %:%  ⒀       IE下载       恢复 :: OK
echo    注:虽然恢复了IE下载,可是还可以用软件下载. 如:迅雷
goto jinzhijs1
:⒁1
REG ADD HKCU\Software\Policies\Microsoft\Windows\System\ /v DisableCMD /t REG_DWORD /d 0 /F >nul
echo         %:%  ⒁      C  M   D      恢复 :: OK
goto jinzhijs1
:⒂1
  ::常规
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v GeneralTab /t REG_DWORD /d 0 /F >nul
  ::安全
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v SecurityTab /t REG_DWORD /d 0 /F >nul
  ::隐私
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v PrivacyTab /t REG_DWORD /d 0 /F >nul
  ::内容
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v ContentTab /t REG_DWORD /d 0 /F >nul
  ::连接
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v ConnectionsTab /t REG_DWORD /d 0 /F >nul
  ::程序
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v ProgramsTab /t REG_DWORD /d 0 /F >nul
  ::高级
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v AdvancedTab /t REG_DWORD /d 0 /F >nul
echo         %:%  ⒂    INTERNET属性    恢复 :: OK
goto jinzhijs1

:jinzhijs1
gpupdate /force>nul
echo    ───────────────────────────────────
echo                  提醒:看不到恢复列表.直接回车可以刷新哦.
@set jinzhi=""
goto jzzqzl1

echo     ----------------------------2.禁止专区----------------------------------->nul
:禁止专区
@title 禁止专区-%以%
cls
echo                           ──            ──
echo                         →     禁 止 专 区    ←
echo     ----------------------------------------------------------------------
echo         %:%  ①　我的电脑-右键管理 %:% 禁止 ::
echo         %:%  ②  网络连接-本地连接 %:% ↓↓ ::
echo         %:%  ③  我的电脑-右键属性 %:%      ::
echo         %:%  ④      注 册 表      %:%      ::
echo         %:%  ⑤     文件夹选项     %:%      ::
echo         %:%  ⑥     任务栏属性     %:%      ::
echo         %:%  ⑦        右键        %:%      ::
echo         %:%  ⑧     任务管理器     %:%      ::
echo         %:%  ⑨        注消        %:%      ::
echo         %:%  ⑩     锁定计算机     %:%      ::
echo         %:%  ⑾      更改密码      %:%      ::
echo         %:%  ⑿       控制台       %:%      ::
echo         %:%  ⒀       IE下载       %:%      ::
echo         %:%  ⒁      C  M   D      %:% ↑↑ ::
echo         %:%  ⒂    INTERNET属性    %:% 禁止 ::
echo     ----------------------------------------------------------------------
echo                       如见不到更改变化-请F5刷新.
echo     ----------------------------------------------------------------------

echo            禁止你需要的请输入对应值. 如:输入14然后回车=禁止使用CMD.
echo               按回车=刷新禁止列表 G=列表选择 QQ=俺QQ空间 Q=退出

:jzzqzl
@set jinzhi=""
@set /p jinzhi=
if /I "%jinzhi%"=="1" goto ①
if /I "%jinzhi%"=="2" goto ②
if /I "%jinzhi%"=="3" goto ③
if /I "%jinzhi%"=="4" goto ④
if /I "%jinzhi%"=="5" goto ⑤
if /I "%jinzhi%"=="6" goto ⑥
if /I "%jinzhi%"=="7" goto ⑦
if /I "%jinzhi%"=="8" goto ⑧
if /I "%jinzhi%"=="9" goto ⑨
if /I "%jinzhi%"=="10" goto ⑩
if /I "%jinzhi%"=="11" goto ⑾
if /I "%jinzhi%"=="12" goto ⑿
if /I "%jinzhi%"=="13" goto ⒀
if /I "%jinzhi%"=="14" goto ⒁
if /I "%jinzhi%"=="15" goto ⒂
if /I "%jinzhi%"=="g" goto 列表选择
if /I "%jinzhi%"=="qq" start iexplore http://519988666.qzone.qq.com/
if /I "%jinzhi%"=="q" (EXIT)
goto 禁止专区

:①
REG ADD HKCU\Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033} /v Restrict_Run /t REG_DWORD /d 1 /F >nul
echo         %:%  ①　我的电脑右键-管理 禁止 :: OK
goto jinzhijs
:②
REG ADD "HKCU\Software\Policies\Microsoft\Windows\Network Connections" /v NC_EnableAdminProhibits /t REG_DWORD /d 1 /F >nul
REG ADD "HKCU\Software\Policies\Microsoft\Windows\Network Connections" /v NC_LanProperties /t REG_DWORD /d 1 /F >nul
echo         %:%  ②　网络连接-本地连接 禁止 :: OK
goto jinzhijs
:③
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NopropertiesMyComputer /t REG_DWORD /d 1 /F >nul
echo         %:%  ③　我的电脑-右键属性 禁止 :: OK
goto jinzhijs
:④
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /F >nul
echo         %:%  ④　    注 册 表      禁止 :: OK
goto jinzhijs
:⑤
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /F >nul
echo         %:%  ⑤　   文件夹选项     禁止 :: OK
goto jinzhijs
:⑥
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoSetTaskbar /t REG_DWORD /d 1 /F >nul
echo         %:%  ⑥　   任务栏属性     禁止 :: OK
goto jinzhijs
:⑦
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoViewContextMenu /t REG_DWORD /d 1 /F >nul
echo         %:%  ⑦        右键        禁止 :: OK
goto jinzhijs
:⑧
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /F >nul
echo         %:%  ⑧     任务管理器     禁止 :: OK
goto jinzhijs
:⑨
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /F >nul
echo         %:%  ⑨        注消        禁止 :: OK
goto jinzhijs
:⑩
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /F >nul
echo         %:%  ⑩     锁定计算机     禁止 :: OK
goto jinzhijs
:⑾
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /F >nul
echo         %:%  ⑾      更改密码      禁止 :: OK
goto jinzhijs
:⑿
REG ADD HKCU\Software\Policies\Microsoft\MMC /v RestrictAuthorMode /t REG_DWORD /d 1 /F >nul
echo         %:%  ⑿       控制台       禁止 :: OK
goto jinzhijs
:⒀
REG ADD HKCU\Software\Policies\Microsoft\MMC /v RestrictAuthorMode /t REG_DWORD /d 3 /F >nul
echo         %:%  ⒀       IE下载       禁止 :: OK
echo    注:虽然禁止了IE下载,可是还可以用软件下载. 如:迅雷
goto jinzhijs
:⒁
REG ADD HKCU\Software\Policies\Microsoft\Windows\System\ /v DisableCMD /t REG_DWORD /d 2 /F >nul
echo         %:%  ⒁      C  M   D      禁止 :: OK
goto jinzhijs
:⒂
  ::常规
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v GeneralTab /t REG_DWORD /d 1 /F >nul
  ::安全
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v SecurityTab /t REG_DWORD /d 1 /F >nul
  ::隐私
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v PrivacyTab /t REG_DWORD /d 1 /F >nul
  ::内容
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v ContentTab /t REG_DWORD /d 1 /F >nul
  ::连接
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v ConnectionsTab /t REG_DWORD /d 1 /F >nul
  ::程序
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v ProgramsTab /t REG_DWORD /d 1 /F >nul
  ::高级
REG ADD "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v AdvancedTab /t REG_DWORD /d 1 /F >nul
echo         %:%  ⒂    INTERNET属性    禁止 :: OK
goto jinzhijs

:jinzhijs
gpupdate /force>nul
echo    ───────────────────────────────────
echo                  提醒:看不到禁止列表.直接回车可以刷新哦.
goto jzzqzl

echo     ----------------------------3.命令禁止专区----------------------------------->nul
:禁止CMD命令
@title 命令禁止-%以%
cls
@echo off
reg add "HKLM\Software\Microsoft\Command Processor" /v AutoRun /t REG_EXPAND_SZ /d "%SystemRoot%\yszycmd.cmd" /f>nul 2>nul 4>nul
dir %SystemRoot%\yszycmd.cmd>nul 2>nul 4>nul
goto jzcmd2%ERRORLEVEL%
:jzcmd20
find /i "doskey"<%SystemRoot%\yszycmd.cmd>nul 2>nul 4>nul
goto jzcmd%ERRORLEVEL%
:jzcmd1
:jzcmd21
echo @echo off>  %SystemRoot%\yszycmd.cmd
echo doskey doskey =echo doskey已经禁止如有需要请联系管理员.>> %SystemRoot%\yszycmd.cmd
:jzcmd0
echo,
echo,
echo              请输入你要禁止的命令如:输入DIR然后回车=DIR命令禁止使用
echo     -------------------------------------------------------------------------
echo                直接回车=刷新 按G=列表选择 按QQ=俺QQ空间  按Q=退出
echo     -------------------------------------------------------------------------
echo       按B=去除所有禁止命令 按S=查看当前禁止的命令 按A=自定义不要禁止的命令
echo     -------------------------------------------------------------------------
echo,
echo,
set jzcmd=
set /p jzcmd=
if /I "%jzcmd%"=="g" goto 列表选择
if /I "%jzcmd%"=="qq" start iexplore http://519988666.qzone.qq.com/
if /I "%jzcmd%"=="" goto 禁止CMD命令
if /I "%jzcmd%"=="b" goto jzcmdbo
if /I "%jzcmd%"=="a" goto jzcmdzd
if /I "%jzcmd%"=="2" goto 禁止CMD命令
if /I "%jzcmd%"=="1" goto 禁止CMD命令
if /I "%jzcmd%"=="q" (exit)
if /I "%jzcmd%"=="s" goto jccmdck
%jzcmd% /?>nul 2>nul 4>nul
if /I "%ERRORLEVEL%"=="9009" goto cmdmy
find /i "%jzcmd%"<%SystemRoot%\yszycmd.cmd>nul 2>nul 4>nul
if /I "%ERRORLEVEL%"=="0" goto cmdyy
echo "%jzcmd%"|find /i" " >nul 2>nul 4>nul
if /I "%ERRORLEVEL%"=="0" goto cmdbb
echo doskey %jzcmd% =echo %jzcmd%已经禁止如有需要请联系管理员.>> %SystemRoot%\yszycmd.cmd
goto jzcmdcg

:cmdmy
echo,
echo,
echo,
echo,
echo,
echo                            你输入的命令不可用
echo                              请按任意键继续
pause >nul
goto 禁止CMD命令

:jzcmdcg
echo,
echo,
echo,
echo                      已经禁止-请按任意键继续
pause >nul
goto 禁止CMD命令

:cmdbb
echo,
echo,
echo                       此命令带空格.不可输入
echo                          请按任意键继续
pause >nul
goto 禁止CMD命令

:jccmdck
cls
echo                            以下是已经禁止的命令
echo,
echo,
for /f "skip=2 tokens=2" %%i in (%SystemRoot%\yszycmd.cmd) do echo           →◎→◎→◎→◎→◎→   %%i
echo     -------------------------------------------------------------------------
echo,
echo,
echo,
echo,
goto jzcmd0

:cmdyy
echo,
echo,
echo,
echo,
echo   ------------------此命令已经存在禁止列表中,不需多次禁止--------------------
echo                               请按任意键继续
pause >nul
goto 禁止CMD命令

:jzcmdbo
cls
del %SystemRoot%\yszycmd.cmd
echo,
echo,
echo,
echo,
echo,
echo,
echo,
echo,
echo        →◎→◎→◎→◎→◎→已经去除所有禁止命令←◎←◎←◎←◎←◎←
echo     -------------------------------------------------------------------------
echo           →◎→◎→◎→◎→◎→请按任意键继续←◎←◎←◎←◎←◎←
pause >nul
goto 禁止CMD命令

:jzcmdzd
cls
echo                            以下是已经禁止的命令
echo,
echo,
for /f "skip=2 tokens=2" %%i in (%SystemRoot%\yszycmd.cmd) do echo           →◎→◎→◎→◎→◎→   %%i
echo     -------------------------------------------------------------------------
echo,
echo,
echo,
echo,
echo                       请输入你要从禁止列表中去除的命令
echo                           G=返回禁止CMD命令 Q=退出
set zcmdzd=
set /p zcmdzd=
if /I "%zcmdzd%"=="g" goto 禁止CMD命令
if /I "%zcmdzd%"=="q" (exit)
if /I "%zcmdzd%"=="" goto jzcmdzd
%zcmdzd% /?>nul 2>nul 4>nul
if /I "%ERRORLEVEL%"=="9009" goto cmdmy
find /i "%zcmdzd%"<%SystemRoot%\yszycmd.cmd>nul 2>nul 4>nul
if /I "%ERRORLEVEL%"=="1" goto jzcmdmy11
type %SystemRoot%\yszycmd.cmd|find /v /i "%zcmdzd%">%SystemRoot%\yszycmd1.cmd
del %SystemRoot%\yszycmd.cmd
ren %SystemRoot%\yszycmd1.cmd yszycmd.cmd
echo,
echo,
echo,
echo,
echo,
echo                          已经从禁止列表中去除%zcmdzd%命令
echo                                 按任意键继续
pause >nul
goto jzcmdzd

:jzcmdmy11
echo,
echo,
echo,
echo,
echo                你输入的命令不存在禁止列表中-请确定后在来吧
echo                                按任意键继续
pause >nul
goto jzcmdzd

:cmdmy
echo,
echo,
echo,
echo,
echo                      你输入的不是命令-不要拿我来开唰哦
echo                                按任意键继续
pause >nul
goto jzcmdzd

echo     ----------------------------4.母盘制作----------------------------------->nul
:母盘制作
@title 母盘制作-%以%
:whzq
cls
echo      ----------------------------------------------------------------------
echo             %:%  ①　ARP工具与欺骗防范    %:%
echo             %:%  ②    威金病毒防范       %:%
echo             %:%  ③   关闭 默认 共享      %:%     
echo             %:%  ④    清理无用文件       %:%    
echo             %:%  ⑤     更改IE标题        %:%    
echo             %:%  ⑥显｜隐系统.隐藏文件·夹%:%  
echo             %:%  ⑦ 清除-桌面右键多余菜单 %:%  
echo      ───────────────────────────────────
echo                          请输入你需要的对应值.
echo               按回车=刷新恢复列表 G=列表选择 QQ=俺QQ空间 Q=退出
:whzq1
gpupdate /force>nul
set whzq=""
set /p   whzq=
if /i  "%whzq%"=="1" goto arpff
if /i  "%whzq%"=="2" goto wjbdff
if /i  "%whzq%"=="3" goto gbgx
if /i  "%whzq%"=="4" goto qlwj
if /i  "%whzq%"=="5" goto ggie
if /i  "%whzq%"=="6" goto xywj
if /i  "%whzq%"=="7" goto qcyj
if /i  "%whzq%"=="qq" start iexplore http://519988666.qzone.qq.com/
if /i  "%whzq%"=="q" goto exit
if /i  "%whzq%"=="g" goto 列表选择
goto whzq

::---------------------①　ARP工具与欺骗防范---------------------
:arpff
 ::使winpacp装不上.让网络执法管等没用
md %windir%\system32\packet.dll  >nul 2>nul
md %windir%\system32\pthreadVC.dll >nul 2>nul
md %windir%\system32\wpcap.dll >nul 2>nul
md %windir%\system32\drivers\npf.sys >nul 2>nul
md %windir%\system32\npptools.dll >nul 2>nul
  ::使以上添加的文件本地用户名没权限访问
echo y|cacls.exe %windir%\system32\packet.dll /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\system32\pthreadVC.dll /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\system32\wpcap.dll /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\system32\drivers\npf.sys /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\system32\npptools.dll /d system administrator guest >nul 1>nul
echo     ----------------------------------------------------------------------
echo                 已经添加防范ARP欺骗与网络执法管等工具的文件
goto whzq1

::---------------------②    威金病毒防范---------------------
:wjbdff
md %windir%\Logo1_.exe  >nul 2>nul
md %windir%\rundl132.exe  >nul 2>nul
md %windir%\0Sy.exe  >nul 2>nul
md %windir%\vDll.dll  >nul 2>nul
md %windir%\1Sy.exe  >nul 2>nul
md %windir%\2Sy.exe  >nul 2>nul
md %windir%\rundll32.exe  >nul 2>nul
md %windir%\3Sy.exe  >nul 2>nul
md %windir%\5Sy.exe  >nul 2>nul
md %windir%\1.com  >nul 2>nul
md %windir%\exerouter.exe  >nul 2>nul
md %windir%\EXP10RER.com  >nul 2>nul
md %windir%\finders.com  >nul 2>nul
md %windir%\Shell.sys  >nul 2>nul
md %windir%\smss.exe  >nul 2>nul
echo y|cacls.exe %windir%\Logo1_.exe /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\rundl132.exe /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\0Sy.exe /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\vDll.dll /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\1Sy.exe /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\2Sy.exe /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\rundll32.exe /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\3Sy.exe /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\5Sy.exe /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\1.com /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\exerouter.exe /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\EXP10RER.com /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\finders.com /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\Shell.sys /d system administrator guest >nul 1>nul
echo y|cacls.exe %windir%\smss.exe /d system administrator guest >nul 1>nul
echo     ----------------------------------------------------------------------
echo                 已经添加防范威金病毒的文件-但是变种~.exe尚是没办法
goto whzq1

::---------------------③   关闭 默认 共享---------------------
:gbgx
net share c$ /delete 2>nul
net share d$ /delete 2>nul
net share e$ /delete 2>nul
net share f$ /delete 2>nul
net share g$ /delete 2>nul
net share h$ /delete 2>nul
net share g$ /delete 2>nul
net share admin$ /delete 2>nul
net share i$ /delete 2>nul
echo Windows Registry Editor Version 5.00> c:/delshare.reg
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\LSA /v RestrictAnonymous /t REG_DWORD /d 1 /F >nul
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareWks /t REG_DWORD /d 0 /F >nul
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /v AutoShareServer /t REG_DWORD /d 0 /F >nul
echo     ----------------------------------------------------------------------
echo                               已经关闭默认共享.
goto whzq1

::---------------------④    清理无用文件---------------------
:qlwj
echo 正在清除系统垃圾文件，请稍等......
del /f /s /q %systemdrive%\*.tmp >nul 2>nul
del /f /s /q %systemdrive%\*._mp >nul 2>nul
del /f /s /q %systemdrive%\*.log >nul 2>nul
del /f /s /q %systemdrive%\*.gid >nul 2>nul
del /f /s /q %systemdrive%\*.chk >nul 2>nul
del /f /s /q %systemdrive%\*.old >nul 2>nul
del /f /s /q %systemdrive%\recycled\*.* >nul 2>nul
del /f /s /q %windir%\*.bak >nul 2>nul
del /f /s /q %windir%\prefetch\*.* >nul 2>nul
rd /s /q %windir%\temp & md %windir%\temp >nul 2>nul
del /f /q %userprofile%\cookies\*.* >nul 2>nul
del /f /q %userprofile%\recent\*.* >nul 2>nul
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*" >nul 2>nul
del /f /s /q "%userprofile%\Local Settings\Temp\*.*" >nul 2>nul
del /f /s /q "%userprofile%\recent\*.*" >nul 2>nul
echo     ----------------------------------------------------------------------
echo                               系统垃圾文件已经清理完成.
goto whzq1

::---------------------⑤     更改IE标题 ---------------------
:ggie
set yszy=""
echo    -------------------请输入你需要的IE标题.复制进去也行-------------------
echo    -------------------     直接回车=母盘专区 Q=退出    -------------------
set /p yszy=
if /i "%yszy%"=="""" (goto whzq)
if /i "%yszy%"=="q" (exit)
REG ADD "HKCU\SOFTWARE\Microsoft\Internet Explorer\Main" /v "Window Title" /t REG_SZ /d "%yszy%" /F >nul
echo     ----------------------------------------------------------------------
echo                        IE标题已经更改为 %yszy%.
goto whzq1

::--------------------- ⑥显｜隐系统.隐藏文件·夹 --------------------
:xywj
set yszy=""
echo           -------------------输入X显示 输入Y隐藏-------------------
echo    -------------------   直接回车与乱输入=母盘专区 Q=退出   -------------------
set /p yszy=
if /i "%yszy%"=="""" (goto whzq)
if /i "%yszy%"=="x" (set xy=1  &set yszy=显示  &goto xywj1)
if /i "%yszy%"=="y" (set xy=0  &set yszy=隐藏  &goto xywj1)
if /i "%yszy%"=="q" (exit)
goto whzq
:xywj1
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Hidden /t REG_DWORD /d %xy% /F >nul
echo     ----------------------------------------------------------------------
echo              系统·隐藏.文件.文件夹已经 %yszy%.刷新即可见到状态.
goto whzq1

::---------------------⑦ 清除-桌面右键多余菜单 --------------------
:qcyj
regsvr32 /u /s igfxpph.dll >nul 2>nul
reg delete HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers /f >nul
reg add HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\new /ve /d {D969A300-E7FF-11d0-A93B-00A0C90F2719} >nul
echo     ----------------------------------------------------------------------
echo                        桌面多余右键菜单已清除完成.
goto whzq1

症状：C盘根目录产生myqqbi.exe，删除后自动生成。注册表启动项未发现可疑项目。初步判断该病毒可能插入EXPLORER进程

以下是操作记录：

C:\Documents and Settings\Administrator>tasklist /m c:\a.txt

a.txt内容

图像名                       PID 模块                                        
============= ====== ================================
explorer.exe                1480 ntdll.dll, kernel32.dll, msvcrt.dll,        
                                 ADVAPI32.dll, RPCRT4.dll, GDI32.dll,        
                                 USER32.dll, SHLWAPI.dll, SHELL32.dll,        
                                 ole32.dll, OLEAUT32.dll, BROWSEUI.dll,      
                                 SHDOCVW.dll, UxTheme.dll, IMM32.DLL,        
                                 LPK.DLL, USP10.dll, comctl32.dll,            
                                 comctl32.dll, msctfime.ime, appHelp.dll,    
                                 CLBCATQ.DLL, COMRes.dll, VERSION.dll,        
                                 cscui.dll, CSCDLL.dll, themeui.dll,          
                                 Secur32.dll, MSIMG32.dll, netapi32.dll,      
                                 mqq.dll, IMAGEHLP.DLL, wininet.dll,          
                                 CRYPT32.dll, MSASN1.dll, wsock32.dll,        
                                 WS2_32.dll, WS2HELP.dll, urlmon.dll,        
                                 USERENV.dll, Msimtf.dll, MSCTF.dll,          
                                 actxprxy.dll, LINKINFO.dll, ntshrui.dll,    
                                 ATL.DLL, WINSTA.dll, webcheck.dll,          
                                 stobject.dll, BatMeter.dll, POWRPROF.dll,    
                                 SETUPAPI.dll, WTSAPI32.dll, INDICDLL.dll,    
                                 WINMM.dll, wdmaud.drv, msacm32.drv,          
                                 MSACM32.dll, midimap.dll, NETSHELL.dll,      
                                 credui.dll, iphlpapi.dll, msi.dll,          
                                 HintSock.DLL, comdlg32.dll, WINSPOOL.DRV,    
                                 shdoclc.dll, MPR.dll, drprov.dll,            
                                 ntlanman.dll, NETUI0.dll, NETUI1.dll,        
                                 NETRAP.dll, SAMLIB.dll, davclnt.dll          
 

2.查找可疑MQQ.dll文件

C:\Documents and Settings\Administrator>cd \

C:\>dir mqq.dll /s
驱动器 C 中的卷没有标签。
卷的序列号是 58D7-2D31

C:\Program Files\Outlook Express 的目录

2006-10-16  08:33            40,094 mqq.dll
               1 个文件         40,094 字节

     所列文件总数:
               1 个文件         40,094 字节
               0 个目录  3,865,825,280 可用字节

3.以mqq.dll为关键词搜索注册表，删除病毒创建的ShellExecuteHooks

[HKEY_CLASSES_ROOT\CLSID\{25E1EECB-E580-4032-97A2-A456D33820D1}\InProcServer32]
@="%ProgramFiles%\Outlook Express\mqq.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{25E1EECB-E580-4032-97A2-A456D33820D1}"=""

4.重启，删除病毒文件：
%ProgramFiles%\Outlook Express\myqqbi
%ProgramFiles%\Outlook Express\mqq.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hardware]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\A2B8DCF7]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Enum\Root\LEGACY_A2B8DCF7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

C:\WINDOWS\system32\A2B8DCF7.EXE
C:\WINDOWS\system32\A2B8DCF7T.EXE
C:\WINDOWS\System32\xeizft26.dll
C:\WINDOWS\System32\rundll.exe
C:\WINDOWS\System32\mssap.dll
C:\Program Files\Common Files\update2\Update.exe

流氓软件LinkMedia联媒直投媒体客户端分析

[HKEY_LOCAL_MACHINE\SOFTWARE\LinkMedia]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPRIP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nwsapagent]

C:\Program Files\LinkMedia
C:\WINDOWS\system32\ACSs.dll
C:\WINDOWS\system32\Nwsapagent.dll
C:\WINDOWS\system32\sdmAgent20.dll

2.批处理获得本机&网关的IP和MAC地址然后进行绑定

@echo off
:::::::::读取本机Mac地址
if exist ipconfig.txt del ipconfig.txt
ipconfig /all >ipconfig.txt
if exist phyaddr.txt del phyaddr.txt
find "Physical Address" ipconfig.txt >phyaddr.txt
for /f "skip=2 tokens=12" %%M in (phyaddr.txt) do set Mac=%%M
:::::::::读取本机ip地址
if exist IPAddr.txt del IPaddr.txt
find "IP Address" ipconfig.txt >IPAddr.txt
for /f "skip=2 tokens=15" %%I in (IPAddr.txt) do set IP=%%I
:::::::::绑定本机IP地址和MAC地址
arp -s %IP% %Mac%
:::::::::读取网关地址
if exist GateIP.txt del GateIP.txt
find "Default Gateway" ipconfig.txt >GateIP.txt
for /f "skip=2 tokens=13" %%G in (GateIP.txt) do set GateIP=%%G
:::::::::读取网关Mac地址
if exist GateMac.txt del GateMac.txt
arp -a %GateIP% >GateMac.txt
for /f "skip=3 tokens=2" %%H in (GateMac.txt) do set GateMac=%%H
:::::::::绑定网关Mac和IP
arp -s %GateIP% %GateMac%
exit

3.批处理获得本机的IP和MAC地址然后进行绑定

@echo off
for /f "tokens=1* delims=:" %%i in ('ipconfig /all^|find /i "Physical
Address"') do set mac=%%j
for /f "tokens=1* delims=:" %%i in ('ipconfig /all^|find /i "IP
Address"') do set ip=%%j
arp -s %ip:~1% %Mac:~1%

Set FSO = CreateObject("Scripting.FileSystemObject")
ShowSubfolders FSO.GetFolder(filepath)
Sub ShowSubFolders(Folder)
  For Each Subfolder in Folder.SubFolders
    Set Files = subfolder.Files
     If Files.Count <> 0 Then
     For Each File In Files
           If File.DateLastModified < Now - 30 Then   '判断是否超过30天
                 FSO.DeleteFile(Subfolder.Path & "\" & File.Name) '删除
                 'Wscript.Echo Subfolder.Path & "\" & File.Name     '显示  
           End If
           Next
     End If
     ShowSubFolders Subfolder
  Next
End Sub

[HKEY_CLASSES_ROOT\lnkfile]
@="快捷方式"

"IsShortcut"=-

[HKEY_CLASSES_ROOT\piffile]
@="指向 MS-DOS 程序的快捷方式"

"IsShortcut"=-

禁止创建“最后一次正确的配置”
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"="0"

方法一：
netsh interface ip set address "本地连接" static 192.168.0.2 255.255.255.0 192.168.0.1 1

回车待出现"确定"2字就完成了IP的改变

其中 192.168.0.2 是你本机的IP
255.255.255.0 是子掩网码
192.168.0.1 是网关
1 是确定

自己懒得到本地连接里改，就用这个吧

方法二：
netsh -c interface dump>c:\ip.txt       //把本机网络配置导出到C盘下的 ip.txt 文件中
netsh -f c:\ip.txt          //修改后再导入回本机

-----------------------------------------------------------------

执行批处理程序中的条件处理。

IF [NOT] ERRORLEVEL number command
IF [NOT] string1==string2 command
IF [NOT] EXIST filename command

  NOT               指定只有条件为 false 的情况下， Windows XP 才
                    应该执行该命令。

  ERRORLEVEL number 如果最后运行的程序返回一个等于或大于
                    指定数字的退出编码，指定条件为 true。

  string1==string2  如果指定的文字字符串匹配，指定条件为 true。

  EXIST filename    如果指定的文件名存在，指定条件为 true。

  command           如果符合条件，指定要执行的命令。如果指定的
                     条件为 FALSE，命令后可跟一个执行 ELSE
                      关键字后的命令的 ELSE 命令。

ELSE 子句必须在 IF 之后出现在同一行上。例如:

    IF EXIST filename. (
        del filename.
    ) ELSE (
        echo filename. missing.
    )

因为 del 命令需要用一个新行终止，以下子句不会有效:

IF EXIST filename. del filename. ELSE echo filename. missing

由于 ELSE 命令必须与 IF 命令的尾端在同一行上，以下子句也
不会有效:

    IF EXIST filename. del filename.
    ELSE echo filename. missing

如果都放在同一行上，以下子句有效:

    IF EXIST filename. (del filename.) ELSE echo filename. missing

如果命令扩展名被启用，IF 会如下改变:

    IF [/I] string1 compare-op string2 command
    IF CMDEXTVERSION number command
    IF DEFINED variable command

其中，比较运算符可以是:

    EQU - 等于
    NEQ - 不等于
    LSS - 小于
    LEQ - 小于或等于
    GTR - 大于
    GEQ - 大于或等于

及 /I 开关；如果该开关被指定，则说明要进行的字符串比较不分
大小写。/I 开关可以用于 IF 的 string1==string2 的形式上。这些
比较都是通用的；原因是，如果 string1 和 string2 都是由数字
组成的，字符串会被转换成数字，进行数字比较。

CMDEXTVERSION 条件的作用跟 ERRORLEVEL 的一样，除了它
是在跟与命令扩展名有关联的内部版本号比较。第一个版本
是 1。每次对命令扩展名有相当大的增强时，版本号会增加一个。
命令扩展名被停用时，CMDEXTVERSION 条件不是真的。

如果已定义环境变量，DEFINED 条件的作用跟 EXISTS 的一样，
除了它取得一个环境变量，返回的结果是 true。

如果没有名为 ERRORLEVEL 的环境变量，%ERRORLEVEL%
会扩充为 ERROLEVEL 当前数值的字符串表达式；否则，您会得到
其数值。运行程序后，以下语句说明 ERRORLEVEL 的用法:

    goto answer%ERRORLEVEL%
    :answer0
    echo Program had return code 0
    :answer1
    echo Program had return code 1

您也可以使用以上的数字比较:

    IF %ERRORLEVEL% LEQ 1 goto okay

如果没有名为 CMDCMDLINE 的环境变量，%CMDCMDLINE%
将在 CMD.EXE 进行任何处理前扩充为传递给 CMD.EXE 的原始
命令行；否则，您会得到其数值。

如果没有名为 CMDEXTVERSION 的环境变量，
%CMDEXTVERSION% 会扩充为 CMDEXTVERSION 当前数值的
字串符表达式；否则，您会得到其数值。

xp下不像Windows98那样ip协议出现问题删除重新安装即可,卸载的按钮总是灰色的.很多网友建议拔掉网卡删除协议,那样要拆机箱很麻烦.其实有个很简便的方法就是:
　

开始--运行--cmd--键入

　　netsh int ip reset c:\resetlog.txt

　　Resetlog.txt一定要指定

　　运行后的结果与删除并重新安装TCP/IP协议的效果相同

　　echo 正在清除系统垃圾文件，请稍等......

　　del /f /s /q %systemdrive%\*.tmp

　　del /f /s /q %systemdrive%\*._mp

　　del /f /s /q %systemdrive%\*.log

　　del /f /s /q %systemdrive%\*.gid

　　del /f /s /q %systemdrive%\*.chk

　　del /f /s /q %systemdrive%\*.old

　　del /f /s /q %systemdrive%\recycled\*.*

　　del /f /s /q %windir%\*.bak

　　del /f /s /q %windir%\prefetch\*.*

　　rd /s /q %windir%\temp & md %windir%\temp

　　del /f /q %userprofile%\cookies\*.*

　　del /f /q %userprofile%\recent\*.*

　　del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"

　　del /f /s /q "%userprofile%\Local Settings\Temp\*.*"

　　del /f /s /q "%userprofile%\recent\*.*"

　　echo 清除系统垃圾完成!

　　echo. & pause

　　最后将它保存，然后更名为“清除系统垃圾.bat”

假设

一：客户机C盘根目录建立Auto.vbs,Auto.bat两个文件

1.Auto.vbs

DIM objShell
set objShell=wscript.createObject("wscript.shell")
iReturn=objShell.Run("cmd.exe /C c:\Auto.bat", 0, TRUE)

2.Auto.bat:

@echo off

ping -n 3 127.0.0.1

if not exist \\Game\auto$\auto.bat start \\Movie\auto$\auto.bat

3.Auto.reg[以下内容导入注册表]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auto"="c:\\auto.vbs"

二：服务器Auto.bat:

Option Explicit
dim ServerPath,onlyone,notfinddel,WorkPath,arrWorwpath,strWorkPath,fso,wsh,WshNetwork,cName,exectime,fnum,donum,totalsize,t1,t2,tm
fnum=0
donum=0
totalsize=0
WorkPath = "F:\|D:\|C:\Download\"   '这里设置需要扫描的路径(绝对路径),使用“|”来分隔多个路径
serverpath = "\\server\log$\"      '在这里设置服务器上的共享文件夹(可写共享),用来存放删除日志
onlyone = "是"                     '设置是否只扫描一次，如果想每次运行都扫描，请改为“否”。
notfinddel = "是"      '如果本次运行没有找到任何要删除的内容，就删除日志文件，(你想每次都保留日志的话，请改为“否”)

If Right(serverpath,1) <> "\" Then serverpath = serverpath&"\"
arrWorwpath = Split(WorkPath,"|")
t1 = timer()
Set WSH = WScript.CreateObject("WScript.Shell")
wsh.run "regsvr32 /s scrrun.dll",0,true
Set fso = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = WScript.CreateObject("WScript.Network")
cName = WshNetwork.ComputerName
exectime = Now()
Dim dicdrv,logfile,logfilepath,Objdrv,drvTotalSize,drvFreeSpace
logfilepath = Replace(ServerPath&cName&".txt",":","-")
If Not fso.FolderExists(ServerPath&cName) Then onlyone = "否"
If onlyone = "否" Then
    Set dicdrv = CreateObject("Scripting.Dictionary")
    Set logfile = fso.OpenTextFile(logfilepath,8,True)
    logfile.WriteBlankLines(1)
    logfile.WriteLine "#####################################################"
    logfile.WriteLine "开始扫描--"&Now()
    logfile.WriteBlankLines(1)
    For Each strWorkPath In arrWorwpath
        If Right(strWorkPath,1) <> "\" Then strWorkPath = strWorkPath&"\"
        scan(strWorkPath)
        If Not dicdrv.Exists(UCase(Left(strWorkPath,1))&"t") Then
            Set Objdrv = fso.GetDrive(fso.GetDriveName(Left(strWorkPath,2)))
            dicdrv.add UCase(Left(strWorkPath,1))&"t",FormatNumber(Objdrv.TotalSize/1048576, 0)
            dicdrv.add UCase(Left(strWorkPath,1))&"f",FormatNumber(Objdrv.FreeSpace/1048576, 0)
        End If
    Next
    t2 = timer()
    tm=cstr(int(( (t2-t1)*10000 )+0.5)/10)
    logfile.WriteBlankLines(1)
    logfile.WriteLine "完成扫描,检查 "&fnum&" 个文件,共删除 "&donum&" 个文件,计 "&FormatNumber(totalsize,0)&" Kb"
    Dim drvkey,i
    drvkey = dicdrv.Keys
    For i = 0 To dicdrv.Count-1 Step 2
        logfile.WriteLine Left(drvkey(i),1)&"盘：总计磁盘空间 "&dicdrv.Item(drvkey(i))&" M ,剩余磁盘空间 "&dicdrv.Item(drvkey(i+1))&" M"
    Next
    logfile.WriteLine "耗时 " & tm & " 毫秒,   "&Now()
    logfile.WriteLine "#####################################################"
    logfile.WriteBlankLines(1)
    logfile.close
    If notfinddel = "是" Then
        If donum = 0 Then fso.DeleteFile logfilepath,True
    End If
    If Not fso.FolderExists(ServerPath&cName) Then fso.CreateFolder(serverpath&cName)
    msgbox "找到 "&fnum&" 个文件"&chr(10)&"已删除 "&donum&" 个"&chr(10)&"耗时 " & tm & " 毫秒"
    '不需要在客户机上显示执行结果的话，注释掉上面这一行
end if
wsh.run "regsvr32 /u /s scrrun.dll",0,true
Set WshNetwork = Nothing
Set wsh=NoThing
Set FSO=NoThing
WScript.quit

Sub scan(strfolder_)
    Dim folder_,files,file,ext,subfolders,subfolder
    'on error resume next
    Set folder_=fso.getfolder(strfolder_)
    Set files=folder_.files
    For Each file In files
        fnum = fnum+1
        ext=fso.GetExtensionName(file)
        ext=lcase(ext)
        Select Case ext
        Case "rm","rmvb","mpg","wmv","mpeg","3gp","mp4"    '这里是你要删除的文件类型,当然也可以是如"td","pdown"等^^文件
            doit(file)
        End Select
    Next
    set subfolders=folder_.subfolders
    For Each subfolder In subfolders
        If subfolder.name <> "System Volume Information" And subfolder.name <> "RECYCLER" Then
            scan(subfolder)
        End If
    Next
End Sub

Sub doit(file)
    Dim strtemp,lngsize,strsizeV
    strtemp = file.path
    lngsize = clng(file.size/1024)
    donum=donum+1
    totalsize = totalsize + lngsize
    'fso.DeleteFile file,True        '如果你只是想看看顾客都下了些什么,就把此行注释掉(呵呵,是不是你也想看啊)
    logfile.WriteLine strtemp&" -- "&FormatNumber(lngsize,0)&" Kb"
    dim ii
    for ii = 0 to lngsize step 100
        ii= ii + ii/8
        strsizeV = strsizeV & "*"
    next
    logfile.WriteLine "---"&strsizeV
end Sub

Option Explicit

''''''''''''''说明''''''''''''
'网盟-黑火制作，送给需要的朋友。
'配置文件“Listfile.ini”的格式如下：
'要删除什么(文件|目录)=要执行删除的文件夹=排除1;排除2;排除3............
'配置文件可以有多行，以便对多个目录进行操作。
'配置文件里以“/”开头的行为注释行。
'排除多个内容时，使用分号“;”进行分隔。
'↓↓↓ 配置文件例子：↓↓↓
'/配置文件开始
'目录=D:\=System Volume Information;网络游戏;单机游戏;小游戏
'目录=C:\Program Files=qq;WinRAR
'文件=D:\网络游戏=文件1.exe;文件2.exe
'/配置文件结束
'''''''''''''说明完''''''''''''

Dim Fso,Listfile,objListfile
Listfile = ""           '设置配置文件路径,如果配置文件和脚本放在一起，请保持原样

If Listfile = "" Then Listfile = "Listfile.ini"
Set Fso = CreateObject("Scripting.FileSystemObject")
On Error Resume Next
Set objListfile = Fso.OpenTextFile(Listfile,1)
If Err Then
    err.Clear
    Msgbox "没有找到配置文件 "&Listfile,16,"错误"
    WScript.quit
End If
On Error GoTo 0

Dim flnum,fdnum,t1,t2,tm
flnum=0
fdnum=0
t1 = timer()

Dim Myline,LineArr,ListArr
Do While objListfile.AtEndOfStream <> True
    Myline = LCase(Replace(objListfile.ReadLine,"==","="))
    If Left(Myline,1) = "/" Then
    'objListfile.SkipLine
    ElseIf CheckLine(Myline) = 2 Then
        LineArr = Split(Myline,"=")
        'DoFolder = LineArr(1)
        ListArr = Split(LineArr(2),";")
  'MsgBox LineArr(0)
        If LineArr(0) = "目录" Then DelFolder LineArr(1),ListArr
        If LineArr(0) = "文件" Then DelFile LineArr(1),ListArr
    End If
Loop

t2 = timer()
tm=cstr(int(( (t2-t1)*10000 )+0.5)/10)

MsgBox "扫描完毕，共删除 "&fdnum&" 个目录, "&flnum& "个文件。"& vbCrLf &"耗时 "&tm&" 毫秒",64,"执行完毕"
'不需要显示报告的话，注释掉上面这一行

Set Fso=NoThing
WScript.quit

Sub DelFolder(Folder,ListArr)
Dim objFolder,subFolders,subFolder
    Set objFolder=Fso.Getfolder(Folder)
    Set subFolders=objFolder.subFolders
    For Each subFolder In subFolders
    If Not InArray(LIstArr,LCase(subFolder.name)) Then
     On Error Resume Next
        subfolder.Delete(True)
        If Err Then
            err.Clear
            Msgbox "不能删除目录，请检查 "&subFolder,16,"错误"
        Else
        fdnum = fdnum + 1
        End If
        On Error GoTo 0
    End If
    Next
End Sub

Sub DelFile(Folder,ListArr)
Dim objFolder,Files,File
    Set objFolder=Fso.Getfolder(Folder)
    Set Files=objFolder.Files
    For Each File In Files
    If Not InArray(LIstArr,LCase(File.name)) Then
     On Error Resume Next
        File.Delete(True)
        If Err Then
            err.Clear
            Msgbox "不能删除文件，请检查 "&File,16,"错误"
        Else
        flnum = flnum + 1
        End If
        On Error GoTo 0
    End If
    Next
End Sub

Function CheckLine(strLine)
Dim LineRegExp,Matches
Set LineRegExp = New RegExp
LineRegExp.Pattern = ".=."
LineRegExp.Global = True
Set Matches = LineRegExp.Execute(strLine)
CheckLine = Matches.count
End Function

Function InArray(Myarray,StrIn)
Dim StrTemp
InArray = True
For Each StrTemp In Myarray
    If StrIn = StrTemp Then
        Exit Function
        Exit For
    End If
Next
InArray = False
End Function

现推出， 。VBS   版  Ghost 改机器名 IP地址 新版本。

AutoConfig.vbs

---------------------------------------------------------------------------

On Error Resume Next
'取得本机器的网卡物理地址： MacAddress
strComputer = "."
     Set objWMIService = GetObject("winmgmts:" _
              & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
     Set colNicConfigs = objWMIService.ExecQuery _
              ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")

            For Each objNicConfig In colNicConfigs
                  Set objNic = objWMIService.Get _
                           ("Win32_NetworkAdapter.DeviceID=" & objNicConfig.Index)
  
          '本机器的网卡物理地址写入变量 : strMacAddress
                       strMacAddress = objNic.MACAddress
  
             Next  

'读取配置文件
         dim files,file,strReadLine ,RowNumber
           Const ForReading = 1
           set files=CreateObject("Scripting.FileSystemObject")
                if files.fileexists("E:\AutoConfig\config.cfg", ForReading) then
                set file=files.opentextfile("E:\AutoConfig\config.cfg")
                 else
                msgbox("请在程序目录下放置MAC列表文件(文件名为:config.cfg)")
                 end if
                      
                           RowNumber = 0
                Do While file.AtEndOfStream <> True
                     strReadLine =  file.ReadLine
                     RowNumber = RowNumber + 1
                    If InStr(strReadLine,strMacAddress) <> 0 Then
                          ComputerConfig = Split(strReadLine , ";")
                        
                       Exit Do
                     End If
                 Loop

'修改IP地址
strComputer = "."

SubnetIPAddress = "192.168.0."
LocalIPAddress = SubnetIPAddress & RowNumber

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colNetAdapters = objWMIService.ExecQuery _
    ("Select * from Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
strIPAddress = Array(LocalIPAddress)
strSubnetMask = Array("255.255.255.0")
strGateway = Array("192.168.0.1")
strGatewayMetric = Array(1)
For Each objNetAdapter in colNetAdapters
    errEnable = objNetAdapter.EnableStatic(strIPAddress, strSubnetMask)
    errGateways = objNetAdapter.SetGateways(strGateway, strGatewaymetric)
    
Next

'修改机器名      
Set WshShell = CreateObject("Wscript.Shell")
Set Fso = CreateObject("SCripting.FileSystemObject")

WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName", ComputerConfig(0) ,"REG_SZ"
WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NV Hostname", ComputerConfig(0) ,"REG_SZ"
WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Hostname", ComputerConfig(0) ,"REG_SZ"

'修改CS-CDKEY
WshShell.RegWrite "HKCU\Software\Valve\CounterStrike\Settings\Key",  ComputerConfig(3),"REG_SZ"                    
WshShell.RegWrite "HKU\S-1-5-21-839522115-507921405-2146800195-500\Software\Valve\CounterStrike\Settings\Key", ComputerConfig(3),"REG_SZ"
WshShell.RegWrite "HKU\S-1-5-21-1085031214-220523388-839522115-500\Software\Valve\CounterStrike\Settings\Key", ComputerConfig(3),"REG_SZ"
WshShell.RegWrite "HKU\S-1-5-21-1614895754-1417001333-839522115-500\Software\Valve\CounterStrike\Settings\key", ComputerConfig(3),"REG_SZ"

'清除启动项
WshShell.RegDelete"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AutoConfig"
Set Wshell=Nothing

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Shutdown)}!\\" & strComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
    ("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
    ObjOperatingSystem.Reboot()
Next
On Error GoTo  0                    
----------------------------------------------------------------------------------------

l另存为 “     AutoConfig.vbs” 文件。

config.cfg

-----------------------------------------------------------------------------------

           [ComputerName]  [MacAddress]  [IPAddress] [CS:CDKey]  
Nh002
Nh003
Nh004
Nh005; 00:11:5B:CF:C8:12;  192.168.0.5; 3245164654063  
Nh006; 00:11:5B:BD:2F:E4;  192.168.0.6; 3385636230783    
Nh007; 00:11:5B:B3:F0:86;  192.168.0.7; 2030698167302    
Nh008; 00:11:5B:C8:C8:E1;  192.168.0.8; 7149496192146    
Nh009; 00:11:5B:CF:C6:D9;  192.168.0.9; 6823878707810    

---------------------------------------------------------------------------------

按照格式，添加 自己的机器配置。 另存为“ config.cfg”

添加启动项.reg

------------------------------------------------------------------------------

   Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConfig"="E:\\AutoConfig\\AutoConfig.vbs"

------------------------------------------------------------------------------------------------------

另存为“   添加启动项.reg”

先看说明.txt

--------------------------------------------------------------------------------------------

--------------------------------------------------------

###如有不明白的地方请联系我，

联系  
         QQ：233002600
     E-mail: digsea2000@163.com
-------------------------------------------------------

**************************************************************************************
###本程序的基本思路是:

   首先在 "Config.cfg" 文件内放置全部的机器名，网卡地址, IP地址， CS-CDKEY。

   程序运行后读取本机的网卡地址,再到 "Config.cfg" 文件内找相应的地址写在第几行,

   来确定本机的机器名. 再根据所得到的行号,来配置应该设置的IP, CS-CDKEY,等等.

###使用步骤

1.依次填好 "Config.cfg"  文件里面的机器配置

2.在母盘做好准备克盘之前将"添加启动项.reg"导入注册表

3.克盘后重启,自动设置开始

###各文件内容介绍:

  本程序主要包含4个文件：

   假设你的系统是 Win2k Pro,

Autoconfig.vbs   用于2000系统的主程序.
Config.cfg       机器配置列表
添加启动项.reg  母盘制作好后运行一下,克盘会才能自动启动主程序.
先看说明.txt     帮助说明

'Autoconfig.vbs   用于2000系统的主程序.
  如果，你能修改它，使程序更有效率。你就看着办，
  
  看不懂呢，就不用管它。

'添加启动项.reg
该文件的作用就是让克好的盘在启动后能自动运行主程序,
而主程序会在运行后自动删除这个启动项目,
所以主程序只会运行一次,以后是不会自动运行的.

注意： 文件的： 盘符，路径，文件夹名字。都是设置好的。
       如果，你改变路径。请把此文件中的配置也做相应修改。

'Config.cfg
文件内依次写入每台机器的MAC地址,保证1号写在第1行,8号写在第8行......

如你的机器直接从10号机编号,在上面预留9个空行,10号机的MAC就写在第10行

每一行的书写格式必须完整,  
                         如:
                               Nh005; 00:11:5B:CF:C8:12;  192.168.0.5;   3245164654063

因为，IP地址，是根据 MAC 所在行的 行号确定的。

如果，某个机器号不连续，请只写机器号， 把 MAC 保持留空。

**************************************************************************************

-----------------------------------------------------------------------------------------------

另存为“先看说明.txt”文件。

把以上 四个文件 放在“  E:\Autoconfig\ " 文件夹 下面。

放在别出，你要修改，“AutoConfig.vbs”，“   添加启动项.reg”

这两个文件。按照以上路径呢，你就可以，只修改你的机器配置了！~

（以下所有的程序均以等待／延迟／暂停２秒示例）

1、比较传统的设计思路，利用for解析变量%time%并存为一个时间点，再利用set计算两个时间点的时间差，最后用if判断时间差是否达到设定的暂停时间。时间精度为0.01秒，适用平台为WinNT/2K/XP/2003。
  @echo off
  setlocal enableextensions
  echo %time%
  call :ProcDelay 200
  echo %time%
  goto :EOF

  :ProcDelay delayMSec_
  setlocal enableextensions
  for /f "tokens=1-4 delims=:. " %%h in ("%time%") do set start_=%%h%%i%%j%%k
    :_procwaitloop
    for /f "tokens=1-4 delims=:. " %%h in ("%time%") do set now_=%%h%%i%%j%%k
    set /a diff_=%now_%-%start_%
  if %diff_% LSS %1 goto _procwaitloop
  endlocal & goto :EOF

2、使用Windows的VBS脚本中的sleep函数，可以动态创建这个VBS脚本，然后用Windows脚本宿主的命令行版本调用它。时间精度为0.001秒，使用平台为Win9x/WinNT系列。
  @echo off & setlocal enableextensions enabledelayedexpansion
  echo WScript.Sleep 2000 > %temp%\tmp$$$.vbs
  echo %time%
  cscript //nologo %temp%\tmp$$$.vbs
  echo %time%
  for %%f in (%temp%\tmp$$$.vbs) do if exist %%f del %%f
  endlocal & goto :EOF

3、如果你的Windows系统中正常安装了网卡的TCP/IP协议，也可以使用ping定时发送测试包，以此达到暂停一定时间的目的；-n后的数字是发送包的数目，根据植树原则，为暂停秒数加一，此法每秒有0.5%的偏差。时间精度为1秒，使用平台为Win9x/WinNT系列。
ping -n 3 127.0.0.1>nul

4、使用choice的缺省选择等待功能实现暂停，但它有个缺点，就是不能在等待途中按键，否则暂停的倒计时将自动终止。时间精度为1秒，适用平台为MS-DOS/Win9x/WinNT系列。
choice /t:y,2 /n >nul

5、德国人Herbert Kleebauer给出了一个通用方案，通过间接产生一个exe程序来实现延迟，这个程序分为DOS和Win两个模块。延迟精度为0.001秒，适用平台为MS-DOS/Win9x/WinNT。代码如下:

:: Sleep.bat - Sleep/Delay/Wait n seconds
:: Herbert Kleebauer(Germany) - 2005/05/29
:: Modified by Will Sort - 2005/06/02
@echo off
echo q | debug>nul
echo Bj@jzh`0X-`/PPPPPPa(DE(DM(DO(Dh(Ls(Lu(LX(LeZRR]EEEUYRX2Dx=>sleep.com
echo 0DxFP,0Xx.t0P,=XtGsB4o@$?PIyU WwX0GwUY Wv;ovBX2Gv0ExGIuht6>>sleep.com
echo T}{z~~@GwkBG@OEKcUt`~}@MqqBsy?seHB~_Phxr?@zAB`LrPEyoDt@Cj?>>sleep.com
echo pky_jN@QEKpEt@ij?jySjN@REKpEt@jj?jyGjN@SEKkjtlGuNw?p@pjirz>>sleep.com
echo LFvAURQ?OYLTQ@@?~QCoOL~RDU@?aU?@{QOq?@}IKuNWpe~FpeQFwH?Vkk>>sleep.com
echo _GSqoCvH{OjeOSeIQRmA@KnEFB?p??mcjNne~B?M??QhetLBgBPHexh@e=>>sleep.com
echo EsOgwTLbLK?sFU`?LDOD@@K@xO?SUudA?_FKJ@N?KD@?UA??O}HCQOQ??R>>sleep.com
echo _OQOL?CLA?CEU?_FU?UAQ?UBD?LOC?ORO?UOL?UOD?OOI?UgL?LOR@YUO?>>sleep.com
echo dsmSQswDOR[BQAQ?LUA?_L_oUNUScLOOuLOODUO?UOE@OwH?UOQ?DJTSDM>>sleep.com
echo QTqrK@kcmSULkPcLOOuLOOFUO?hwDTqOsTdbnTQrrDsdFTlnBTm`lThKcT>>sleep.com
echo @dmTkRQSoddTT~?K?OCOQp?o??Gds?wOw?PGAtaCHQvNntQv_w?A?it\EH>>sleep.com
echo {zpQpKGk?Jbs?FqokOH{T?jPvP@IQBDFAN?OHROL?Kj??pd~aN?OHROd?G>>sleep.com
echo Q??PGT~B??OC~?ipO?T?~U?p~cUo0x>>sleep.com
sleep.com>sleep.exe
del sleep.com
echo wait 2 seconds:
sleep.exe 2000

set fso=createobject("scripting.filesystemobject")
tempfilter="\\game\ps$\"& computername &".txt"
'\\game\ps$\是服务器存放配件表的位置。共享要完全享
set tempfile=fso.createtextfile(tempfilter)

strComputer = "."
Set objWMIService = Getobject("winmgmts:\\" & strComputer & "\root\cimv2")
'主板
set board =objwmiservice.execQuery("select * from win32_baseboard")
for each item in board
board2="主板:" & item.Product
next
'CPU
set cpu =objwmiservice.execQuery("select * from win32_processor")
for each item in cpu
cpu2= "CPU:" & item.Name
next
'内存
Set colItems = objWMIService.ExecQuery("Select * from Win32_PhysicalMemory",,48)
For Each objItem in colItems
a=objitem.capacity/1048576
temp=temp+objitem.capacity
n=n+1
Next
memory=temp/1048576
if n=1 then
memory2= "内存: " & n & "条" &a&"M"
else
memory2= "内存: " & n & "条" &a&"M"&" 总计"&memory&"M"
end if
'硬盘
set disk =objwmiservice.execQuery("select * from win32_diskdrive")
for each item in disk
    disk2= "硬盘: " &  item.Model
next

'显卡
set video =objwmiservice.execQuery("select * from win32_videocontroller",,48)
for each item in video
  video2= "显卡: " & item.Description
next
'网卡
set network =objwmiservice.execQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")
for each item in network
lan="网卡:" & item.description
next
tempfile.writeline(lan)

tempfile.writeline(board2)
tempfile.writeline(cpu2)
tempfile.writeline(memory2)
tempfile.writeline(disk2)
tempfile.writeline(video2)

tempfile.writeline(lan2)