[已解决]一个含流氓行为的批处理程序，谢谢各位热心饭友！

wbux

这是一个新QQ绿色版的安装卸载程序，是在一个一直很熟悉的网站下的，也没多想，就杯具了
症状：Chrome打开被改主页，个人设置完全改不回来，打开C盘隐藏文件看，什么2345、淘宝、世界之窗浏览器的配置全有，删除也没用，使用TU完全卸载再装也不行。猜测是改了注册表什么。现在把代码贴上来，希望能有人帮忙。否则要重装系统，那得累死人啊，祝各位好运！非常感谢！


@echo off &Pushd %~dp0&Title 绿化卸载
mode con cols=40 lines=11&color 2F
:Menu
Cls
echo.&echo.  ※★①.绿化
echo.&echo.  ※☆②.卸载
echo.
set /p Memories=※请输入：
if /i "%Memories%"=="1" Goto In
if /i "%Memories%"=="2" Goto Un
echo.&echo   ※输入无效，请重新输入！
pause >nul
goto menu
:In
:: 安装前结束相关进程
taskkill /f /im QQ*  >NUL 2>NUL
taskkill /f /im TXP* >NUL 2>NUL
taskkill /f /im tad* >NUL 2>NUL
:: 清理后台相关文件及注册残留
del/q "%tmp%\ts*.dat">NUL 2>NUL
del/f/q "%tmp%\*.tvl">NUL 2>NUL
del/f/q "%tmp%\*.tsd">NUL 2>NUL
del/q "%tmp%\QQSafe*.exe">NUL 2>NUL
rd/s/q "%AppData%\Tencent\QQ"2>NUL
rd/s/q "%AppData%\Tencent\Logs"2>NUL
rd/s/q "%AppData%\Tencent\Users"2>NUL
rd/s/q "%AppData%\Tencent\QTalk"2>NUL
rd/s/q "%APPDATA%\Tencent\QQDoctor"2>NUL
rd/s/q "%AppData%\Tencent\DeskUpdate"2>NUL
rd/s/q  "%AppData%\Tencent\QzoneMusic"2>NUL
rd/s/q "%ProgramData%\Tencent\QQProtect"2>NUL
rd/s/q  "%AppData%\Tencent\AndroidAssist"   2>NUL
rd/s/q  "%AppData%\Tencent\QQPhoneManager"  2>NUL
rd/s/q "%UserProfile%\AppData\Local\Tencent\QQPet"2>NUL
rd/s/q "%USERPROFILE%\Local Settings\Tencent\QQPet"2>NUL
rd/s/q "%USERPROFILE%\Local Settings\QQKartLiveUpdate"2>NUL
rd/s/q "%UserProfile%\Documents\Tencent Files\QPlus"   2>NUL
rd/s/q "%UserProfile%\My Documents\Tencent Files\QPlus"2>NUL
rd/s/q "%AllUsersProfile%\Application Data\Tencent\QQProtect"2>NUL
reg delete HKLM\SYSTEM\CurrentControlSet\services\QQProtect /F>NUL 2>NUL
for %%a in (c d e f g h i j k l m n o p q r s t u v w x y z) do rd/s/q %%a:\QQMusicCache 2>NUL
:: 注册快速登陆、上传文件控件等其它相关协议
regsvr32 /s Bin\TXSSO\Bin\SSOCommon.dll
regsvr32 /s Bin\TXSSO\Bin\npSSOAxCtrlForPTLogin.dll
regsvr32 /s Bin\TXSSO\Bin\SSOPlatform.dll
regsvr32 /s Bin\TXSSO\Qzone\QQPhotoDrawEx.dll
regsvr32 /s Bin\TXSSO\Qzone\npQQPhotoDrawEx.dll
if exist Bin\Timwp.dll regsvr32  /s Bin\Timwp.dll
if exist Bin\CPHelper.dll regsvr32 /s Bin\CPHelper.dll
if exist Bin\TXPFProxy.dll regsvr32 /s Bin\TXPFProxy.dll
if exist Bin\KernelUtil.dll regsvr32 /s Bin\KernelUtil.dll
if exist Bin\TXPlatform.exe Bin\TXPlatform.exe /RegServer
:: 设置后台终端设备老图标和传送文件介绍连接占位文件
md "%AppData%\Tencent\QQ\Misc\CSC\2052\4" >NUL 2>NUL
md "%AppData%\Tencent\QQ\Misc\CSC\2052\7" >NUL 2>NUL
md "%AppData%\Tencent\QQ\Misc\CSC\2052\8" >NUL 2>NUL
md "%AppData%\Tencent\QQ\Misc\CSC\2052\9" >NUL 2>NUL
md "%AppData%\Tencent\QQ\Misc\CSC\2052\13" >NUL 2>NUL
Echo.ClientType> "%AppData%\Tencent\QQ\Misc\CSC\2052\4\2"2>NUL
Attrib +s +h +r "%AppData%\Tencent\QQ\Misc\CSC\2052\4\2" >NUL 2>NUL
Echo.ClientType> "%AppData%\Tencent\QQ\Misc\CSC\2052\7\4"2>NUL
Attrib +s +h +r  "%AppData%\Tencent\QQ\Misc\CSC\2052\7\4" >NUL 2>NUL
Echo.ClientType> "%AppData%\Tencent\QQ\Misc\CSC\2052\7\12"2>NUL
Attrib +s +h +r "%AppData%\Tencent\QQ\Misc\CSC\2052\7\12" >NUL 2>NUL
Echo.ClientType> "%AppData%\Tencent\QQ\Misc\CSC\2052\7\16"2>NUL
Attrib+s +h +r "%AppData%\Tencent\QQ\Misc\CSC\2052\7\16" >NUL 2>NUL
Echo.ClientType> "%AppData%\Tencent\QQ\Misc\CSC\2052\7\18"2>NUL
Attrib +s +h +r "%AppData%\Tencent\QQ\Misc\CSC\2052\7\18" >NUL 2>NUL
Echo.ClientType> "%AppData%\Tencent\QQ\Misc\CSC\2052\8\1"2>NUL
Attrib +s +h +r "%AppData%\Tencent\QQ\Misc\CSC\2052\8\1" >NUL 2>NUL
Echo.ClientType> "%AppData%\Tencent\QQ\Misc\CSC\2052\9\18"2>NUL
Attrib +s +h +r "%AppData%\Tencent\QQ\Misc\CSC\2052\9\18" >NUL 2>NUL
Echo.ClientType> "%AppData%\Tencent\QQ\Misc\CSC\2052\13\1"2>NUL
Attrib +s +h +r  "%AppData%\Tencent\QQ\Misc\CSC\2052\13\1" >NUL 2>NUL
Attrib+s +h +r "%AppData%\Tencent\QQ\Misc\LogoFile" >NUL 2>NUL
:: 释放QQ便签相关文件,应用调用需要
xcopy /s/i/y Bin\TXSSO\QQApp "%AppData%\Tencent\QQ\QQApp">NUL 2>NUL
xcopy /s/i/y Bin\TXSSO\ClientType "%AppData%\Tencent\QQ\Misc\ClientType">NUL 2>NUL
xcopy /s/i/y Bin\TXSSO\SafeBase "%AppData%\Tencent\QQ">NUL 2>NUL
xcopy /s/i/y Bin\TXSSO\MainMenu "%AppData%\Tencent\QQ\Misc\MainMenu">NUL
xcopy /s/i/y Bin\TXSSO\QQProtect "%AppData%\Tencent\QQ">NUL 2>NUL
attrib +s +h +r "%AppData%\Tencent\QQ\SafeBase" >NUL 2>NUL
attrib +s +h +r "%AppData%\Tencent\QQ\QQProtect" >NUL 2>NUL
:: 设置安装版本号,企业网页会话需要
regsvr32 /s Plugin\Com.Tencent.NetDisk\Bin\QQDisk\Bin\TXFTNActiveX.dll
if exist Bin\QQExternal.exe Bin\QQExternal.exe /SetupRegister
reg add HKLM\Software\Tencent\QQ2009 /v Install /d "%~dp0\" /F>NUL
:: 设置安装路劲,安装视频留言和影音播放组件需要
reg add HKLM\Software\TENCENT\QQ2009 /v version /d "52.87.0.9597.0" /F>NUL
if exist "%WinDir%\SysWOW64" reg add HKLM\Software\Tencent\QQ2009 /v Install /d "%~dp0\" /F>NUL
if exist "%WinDir%\SysWOW64" reg add HKLM\Software\Wow6432Node\TENCENT\QQ2009 /v version /d "52.87.0.9597.0" /F>NUL
regsvr32 /s Bin\TXSSO\QzoneMusic\QQMusicAddin\wmadmod.dll
if exist Bin\TXSSO\QzoneMusic\npQzoneMusic.dll regsvr32 /s Bin\TXSSO\QzoneMusic\npQzoneMusic.dll
if exist Bin\TXSSO\QzoneMusic\QzoneMusic.dll regsvr32 /s Bin\TXSSO\QzoneMusic\QzoneMusic.dll
if exist Bin\TXSSO\QzoneMusic\QzoneMusic.exe regsvr32 /s Bin\TXSSO\QzoneMusic\QzoneMusic.exe
reg add HKCR\Interface\{D9FEA452-F2BD-4ED4-80FC-7814B46915E5} /ve /t REG_SZ /d "IMusicPlayer" /F>NUL
reg add HKCR\Interface\{D9FEA452-F2BD-4ED4-80FC-7814B46915E5}\ProxyStubClsid /ve /t REG_SZ /d "{00020424-0000-0000-C000-000000000046}" /F>NUL
reg add HKCR\Interface\{D9FEA452-F2BD-4ED4-80FC-7814B46915E5}\ProxyStubClsid32 /ve /t REG_SZ /d "{00020424-0000-0000-C000-000000000046}" /F>NUL
reg add HKCR\Interface\{D9FEA452-F2BD-4ED4-80FC-7814B46915E5}\TypeLib /ve /t REG_SZ /d "{4560D45A-97D8-47F8-8C0B-09C713FC76F9}" /F>NUL
reg add HKCR\Interface\{D9FEA452-F2BD-4ED4-80FC-7814B46915E5}\TypeLib /v version /d "1.0" /F>NUL
reg add HKCR\TypeLib\{4560D45A-97D8-47F8-8C0B-09C713FC76F9}\1.0\0\win32 /ve /t REG_SZ /d "%~dp0Bin\TXSSO\QzoneMusic\QzoneMusic.exe" /F>NUL
reg add HKCR\CLSID\{B45AB714-91D3-4F3D-99A2-D8E6827E2914} /ve /t REG_SZ /d "MusicPlayer Class" /F>NUL
reg add HKCR\CLSID\{B45AB714-91D3-4F3D-99A2-D8E6827E2914} /v AppID /d "{2865A9E2-A483-4031-A2DA-824B2FB3E848}" /F>NUL
reg add HKCR\CLSID\{B45AB714-91D3-4F3D-99A2-D8E6827E2914}\LocalServer32 /ve /t REG_SZ /d "%~dp0Bin\TXSSO\QzoneMusic\QzoneMusic.exe" /F>NUL
reg add HKCR\CLSID\{B45AB714-91D3-4F3D-99A2-D8E6827E2914}\ProgID /ve /t REG_SZ  /d "QzoneMusic.MusicPlayer.1" /F>NUL
reg add HKCR\CLSID\{B45AB714-91D3-4F3D-99A2-D8E6827E2914}\TypeLib /ve /t REG_SZ /d "{4560D45A-97D8-47F8-8C0B-09C713FC76F9}" /F>NUL
reg add HKCR\CLSID\{B45AB714-91D3-4F3D-99A2-D8E6827E2914}\VersionIndependentProgID /ve /t REG_SZ /d "QzoneMusic.MusicPlayer" /F>NUL
start Bin\QQPI.exe
mshta VBScript:Execute("Set a=CreateObject(""WScript.Shell""):Set b=a.CreateShortcut(a.SpecialFolders(""Desktop"") & ""\腾讯QQ.lnk""):b.TargetPath=""%~dp0Bin\QQ.exe"":b.WorkingDirectory=""%~dp0Bin"":b.Save:close")

:: 完成
ECHO.&ECHO. √ 绿化完成! &PAUSE >NUL 2>NUL&exit
:Un
:: 卸载前结束相关进程
taskkill /f /im QQ*  >NUL 2>NUL
taskkill /f /im TXP* >NUL 2>NUL
taskkill /f /im tad* >NUL 2>NUL
start Bin\QQPI.exe
:: 清理后台相关文件及注册残留
rd/s/q "%AppData%\Tencent\QQ"2>NUL
rd/s/q "%ProgramData%\QQPet"2>NUL
rd/s/q "%AppData%\Tencent\Users"2>NUL
rd/s/q "%AppData%\Tencent\QTalk"2>NUL
rd/s/q "%AppData%\QQAppAssistant"2>NUL
rd/s/q  "%AppData%\Tencent\Logs"2>NUL
rd/s/q "%AppData%\Tencent\TXSSO"2>NUL
rd/s/q "%AppData%\Tencent\STemp"2>NUL
rd/s/q "%AppData%\Tencent\DeskUpdate"2>NUL
rd/s/q  "%AppData%\Tencent\QzoneMusic"2>NUL
rd/s/q  "%AppData%\Tencent\AndroidAssist"2>NUL
rd/s/q  "%AppData%\Tencent\QQPhoneManager"2>NUL
rd/s/q "%AllUsersProfile%\Application Data\QQPet"2>NUL
rd/s/q "%UserProfile%\AppData\Local\Tencent\QQPet"2>NUL
rd/s/q "%USERPROFILE%\Local Settings\Tencent\QQPet"2>NUL
rd/s/q "%USERPROFILE%\Local Settings\QQKartLiveUpdate"2>NUL
rd/s/q "%ProgramData%\Tencent\QQProtect"2>NUL
rd/s/q "%AllUsersProfile%\Application Data\Tencent\QQProtect"2>NUL
rd/s/q "%UserProfile%\AppData\Local\Tencent\Misc"2>NUL
reg delete HKLM\SOFTWARE\Classes\QQPet /F>NUL 2>NUL
reg delete HKLM\SOFTWARE\Wow6432Node\Classes\QQPet /F>NUL 2>NUL
reg delete HKCU\Software\Tencent\AndroidAssistant /F>NUL 2>NUL
reg delete HKCU\Software\Classes\EMOTION.File /F    >NUL 2>NUL
reg delete HKCU\Software\Classes\EMOTION.Package /F >NUL 2>NUL
reg delete HKLM\Software\Wow6432Node\Tencent\QQ2009 /F>NUL 2>NUL
reg delete HKLM\Software\Wow6432Node\Classes\Tencent /F>NUL 2>NUL
reg delete HKLM\SYSTEM\CurrentControlSet\services\QQProtect /F>NUL 2>NUL
:: 卸载相关控件及协议
start Bin\QQPI.exe
regsvr32 /s /u Bin\TXSSO\Bin\SSOCommon.dll
regsvr32 /s /u Bin\TXSSO\Qzone\QQPhotoDrawEx.dll
regsvr32 /s /u Bin\TXSSO\Qzone\npQQPhotoDrawEx.dll
regsvr32 /s /u Bin\TXSSO\QQPhoto\QQPhotoDrawEx.dll
regsvr32 /s /u Bin\TXSSO\QQPhoto\npQQPhotoDrawEx.dll
regsvr32 /s /u Bin\TXSSO\Bin\npSSOAxCtrlForPTLogin.dll
regsvr32 /s /u Plugin\Com.Tencent.NetDisk\Bin\QQDisk\Bin\TXFTNActiveX.dll
reg delete HKCU\Software\Tencent\Plugin /F  >NUL 2>NUL
reg delete HKCU\Software\Tencent\QQ2009 /F  >NUL 2>NUL
reg delete HKLM\Software\Tencent\QQ2009 /F  >NUL 2>NUL
reg delete HKCU\Software\Classes\Tencent /F >NUL 2>NUL
reg delete HKLM\Software\Classes\Tencent /F >NUL 2>NUL
reg delete HKCU\Software\Classes\EMOTION.File /F    >NUL 2>NUL
reg delete HKCU\Software\Classes\EMOTION.Package /F >NUL 2>NUL
reg delete HKLM\Software\Wow6432Node\Tencent\QQ2009 /F>NUL 2>NUL
reg delete HKLM\Software\Wow6432Node\Classes\Tencent /F>NUL 2>NUL
if exist Bin\Timwp.dll regsvr32 /s /u Bin\Timwp.dll
if exist Bin\CPHelper.dll regsvr32 /s /u Bin\CPHelper.dll
if exist Bin\TXPFProxy.dll regsvr32 /s /u Bin\TXPFProxy.dll
if exist Bin\KernelUtil.dll regsvr32 /s /u Bin\KernelUtil.dll
if exist Bin\TXPlatform.exe Bin\TXPlatform.exe /UnregServer
if exist Bin\TXSSO\QzoneMusic\QQMusicAddin\wmadmod.dll regsvr32 /s /u Bin\TXSSO\QzoneMusic\QQMusicAddin\wmadmod.dll
if exist Bin\TXSSO\QzoneMusic\npQzoneMusic.dll regsvr32 /s /u Bin\TXSSO\QzoneMusic\npQzoneMusic.dll
if exist Bin\TXSSO\QzoneMusic\QzoneMusic.dll regsvr32 /s /u Bin\TXSSO\QzoneMusic\QzoneMusic.dll
if exist Bin\TXSSO\QzoneMusic\QzoneMusic.exe regsvr32 /s /u Bin\TXSSO\QzoneMusic\QzoneMusic.exe
for %%a in (c d e f g h i j k l m n o p q r s t u v w x y z) do rd/s/q %%a:\QQMusicCache 2>NUL
reg delete HKLM\Software\Classes\TypeLib\{4560D45A-97D8-47F8-8C0B-09C713FC76F9} /F>NUL 2>NUL
reg delete HKLM\Software\Classes\CLSID\{B45AB714-91D3-4F3D-99A2-D8E6827E2914}  /F>NUL 2>NUL
reg delete HKCR\Interface\{D9FEA452-F2BD-4ED4-80FC-7814B46915E5}  /F>NUL 2>NUL

:: 卸载完成
ECHO.&ECHO.√ 卸载完成! &PAUSE >NUL 2>NUL

anycall9696

这个批处理没有什么问题吧……你确定是这个改了你主页么

随便注册

QQ绿色版也是新下的？可能是它的文件有问题，那些exe、dll什么的，这个批处理没有干坏事，起码不是直接。也不排除凑巧，别的软件干的。

wbux

anycall9696 发表于 2013-12-27 20:26
这个批处理没有什么问题吧……你确定是这个改了你主页么

非常确定
很多人都反映了，只是站长还没出来，可能他正在想办法
现在我ghost还原一个月前的系统都没解决

wbux

随便注册 发表于 2013-12-27 20:43
QQ绿色版也是新下的？可能是它的文件有问题，那些exe、dll什么的，这个批处理没有干坏事，起码不是直接。也 ...

是新下的，原来也有另外一个，可能像你说的，注册到dll什么的了，因为还原系统都没有用

随便注册

wbux 发表于 2013-12-27 22:36
是新下的，原来也有另外一个，可能像你说的，注册到dll什么的了，因为还原系统都没有用

如果还原都不行，会不会其它分区的文件被感染了，一打开就复发？还原后不要打开其它分区，先用Winrar代替资源管理器看看文件大小，有无隐藏属性的文件。若不是，那可就麻烦了，类似鬼影病毒了。给个链接？

wbux

随便注册 发表于 2013-12-27 22:40
如果还原都不行，会不会其它分区的文件被感染了，一打开就复发？还原后不要打开其它分区，先用Winrar代 ...

应该不是病毒，主要是锁了他个人2345主页。还有浏览器自己的配置加不上
是登录了另外一版本的QQ才发现的，不知道是不是一打开就这样，因为IE浏览器不受影响
为避免某些误会，链接我私信你，其实这个站以前经常去下软件都没问题的，只是这一次
谢谢你这么快！

anycall9696

wbux 发表于 2013-12-27 22:48
应该不是病毒，主要是锁了他个人2345主页。还有浏览器自己的配置加不上
是登录了另外一版本的QQ才发现的 ...

把链接发出来，我试试，我用hips的，看看到底是什么东西在搞鬼

wbux

anycall9696 发表于 2013-12-27 23:43
把链接发出来，我试试，我用hips的，看看到底是什么东西在搞鬼

为避免误会，链接已私信传给你了。站长不是故意的，之前已经在他那里下载过许多都没问题。这个是新站长，一直也很努力。这次是疏忽。
这是火眼的报告
http://fireeye.ijinshan.com/anal ... 98c&type=1#full

fen86

只能确定批处理文件没有问题