#!/usr/bin/perl #-----------------------------------------------# # ReIE Tool # # 网吧专用IE反修改小工具 # # by ROB # # # # 本工具能恢复绝大部分被一些网站恶意篡改的内容 # # 同时自动删除一些如*.url、*.ht?...的文件 # # 对于网吧的机器来说这些文件都可称为垃圾 # # # # 可选参数有: # # -help 显示帮助信息 # # -nodel 跳过垃圾清除 # # -lock 注册表锁定 # # -unlock 注册表解锁 # #-----------------------------------------------# use strict; use Win32::Registry; #------------------------------------------------------------; our ($VERSION,$OS,%win9x,%winnt,%hkey,@delkeys,@delnames,@modifyvalues,@matchword); $VERSION = '1.2'; if ($ARGV[0] and $ARGV[0]=~ /^-help$/i) { &show_help; exit; } print "网吧专用IE反修改工具 v$VERSION\n"; print "By ROB\n\n"; while (1) { print "真的要修改吗?(y/n)"; my $ask = ; chomp $ask; last if $ask =~ /^y$/i; exit if $ask =~ /^n$/i; } if ($ENV{COMSPEC} =~ /cmd\.exe$/i) { $OS = 'WinNT'; } elsif ($ENV{COMSPEC} =~ /command\.com$/i) { $OS = 'Win9x'; } else { print "未知的操作系统,一些功能将不能使用.\n"; } #------------------------------------------------------------; %win9x = ( DESKTOP_DIR => "$ENV{WINDIR}\\Desktop", START_MENU_DIR => "$ENV{WINDIR}\\Start Menu", PROGRAMS_DIR => "$ENV{WINDIR}\\Start Menu\\Programs", STARTUP_DIR => "$ENV{WINDIR}\\Start Menu\\Programs\\启动", QUICK_LAUNCH_DIR => "$ENV{WINDIR}\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch", DESKTOP_DIR_ALLUSERS => "$ENV{WINDIR}\\All Users\\Desktop", START_MENU_DIR_ALLUSERS => "$ENV{WINDIR}\\All Users\\Start Menu", PROGRAMS_DIR_ALLUSERS => "$ENV{WINDIR}\\All Users\\Start Menu\\Programs", STARTUP_DIR_ALLUSERS => "$ENV{WINDIR}\\All Users\\Start Menu\\Programs\\启动" ); %winnt = ( DESKTOP_DIR => "$ENV{USERPROFILE}\\桌面", START_MENU_DIR => "$ENV{USERPROFILE}\\「开始」菜单", PROGRAMS_DIR => "$ENV{USERPROFILE}\\「开始」菜单\\程序", STARTUP_DIR => "$ENV{USERPROFILE}\\「开始」菜单\\程序\\启动", QUICK_LAUNCH_DIR => "$ENV{USERPROFILE}\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch", DESKTOP_DIR_ALLUSERS => "$ENV{ALLUSERSPROFILE}\\桌面", START_MENU_DIR_ALLUSERS => "$ENV{ALLUSERSPROFILE}\\「开始」菜单", PROGRAMS_DIR_ALLUSERS => "$ENV{ALLUSERSPROFILE}\\「开始」菜单\\程序", STARTUP_DIR_ALLUSERS => "$ENV{ALLUSERSPROFILE}\\「开始」菜单\\程序\\启动" ); #------------------------------------------------------------; %hkey = ( HKEY_CLASSES_ROOT => $HKEY_CLASSES_ROOT, HKEY_CURRENT_USER => $HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE => $HKEY_LOCAL_MACHINE ); #------------------------------------------------------------; @delkeys = ( ["HKEY_CLASSES_ROOT","CLSID\\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}","",""], ["HKEY_CLASSES_ROOT","CLSID\\{0D43FE01-F093-11CF-8940-00A0C9054228}","",""], ["HKEY_CURRENT_USER","Software\\Policies\\Microsoft\\Internet Explorer","",""], ["HKEY_CURRENT_USER","Software\\Microsoft\\Internet Explorer\\MENUext","",""] ); @delnames = ( ["HKEY_CURRENT_USER","SOFTWARE\\Microsoft\\Internet Explorer\\Main","Window Title",""], ["HKEY_CURRENT_USER","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run","",""], ["HKEY_CURRENT_USER","Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","NoViewContextMenu",""], ["HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run","",""], ["HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Internet Explorer\\Main","Window Title",""], ["HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WinLogon","LegalNoticeCaption",""], ["HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WinLogon","LegalNoticeText",""], ["HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Ratings","Key",""] ); @modifyvalues = ( ["HKEY_CLASSES_ROOT","CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}","","回收站"], ["HKEY_CLASSES_ROOT","CLSID\\{21EC2020-3AEA-1069-A2DD-08002B30309D}","","控制面板"], ["HKEY_CLASSES_ROOT","CLSID\\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}","","计划任务"], ["HKEY_CLASSES_ROOT","CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}","","打印机"], ["HKEY_CLASSES_ROOT","CLSID\\{992cffa0-f557-101a-88ec-00dd010ccc48}","","拨号网络"], ["HKEY_CLASSES_ROOT","CLSID\\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}","","Web 文件夹"], ["HKEY_CURRENT_USER","Control Panel\\International","sTimeFormat","H:mm:ss"], ["HKEY_CURRENT_USER","SOFTWARE\\Microsoft\\Internet Explorer\\Main","Search Page",'http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'], ["HKEY_CURRENT_USER","SOFTWARE\\Microsoft\\Internet Explorer\\Main","Start Page","about:blank"], ["HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Internet Explorer\\Main","Default_Page_URL",'http://www.microsoft.com/windows/ie_intl/cn/start/'], ["HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Internet Explorer\\Main","Default_Search_URL",'http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'], ["HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Internet Explorer\\Main","Search Page",'http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'], ["HKEY_LOCAL_MACHINE","SOFTWARE\\Microsoft\\Internet Explorer\\Main","Start Page",'http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home'] ); @matchword = ( 'IEXPLORE\.EXE', '\.html?$', '\.ht[atwx]$', '\.url$', '^http:\/\/', '^www\.', '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', '\.com$', '\.net$', '\.org$', '\.cn$', '\.biz$', '\.info$' ); #====================================================================================; if ($ARGV[0] and $ARGV[0]=~/^-(lock|unlock)$/i) { ®_on_off($1); print "\n注册表锁定成功!\n" if $1 =~ /^lock$/i; print "\n注册表解锁成功!\n" if $1 =~ /^unlock$/i; exit; } #------------------------------------------------------------; if ((!$ARGV[0]) or ($ARGV[0]!~ /^-nodel$/i)) { my $count = 0; print "\n清除垃圾...\n"; if ($OS eq 'Win9x') { $count = &del_trash_files(\%win9x); } elsif ($OS eq 'WinNT') { $count = &del_trash_files(\%winnt); } print "$count 个文件被删除!\n"; } #------------------------------------------------------------; print "\n修复注册表...\n"; foreach my $delkey (@delkeys) { my $keyobj; while ($hkey{$delkey->[0]}->Open($delkey->[1],$keyobj)) { &del_keys($keyobj); } } foreach my $delname (@delnames) { my $keyobj; my $status = $hkey{$delname->[0]} -> Open($delname->[1],$keyobj); if ($status) { $keyobj -> DeleteValue($delname->[2]); $keyobj -> Close(); } } foreach my $modifyvalue (@modifyvalues) { my $keyobj; my $status = $hkey{$modifyvalue->[0]} -> Open($modifyvalue->[1],$keyobj); if ($status) { $keyobj -> SetValueEx($modifyvalue->[2],0,REG_SZ,$modifyvalue->[3]); $keyobj -> Close(); } } #--------------------------; { my ($keyobj,%values,@names); my $status = $hkey{HKEY_CURRENT_USER} -> Open("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",$keyobj); if ($status){ $keyobj -> GetValues(\%values); @names = sort keys(%values); foreach my $value_name (@names) { my $data = $values{$value_name}->[2]; foreach my $word (@matchword) { if ($data=~/$word/i) { $keyobj -> DeleteValue($value_name); } } } $keyobj -> Close(); } } #--------------------------; { my ($keyobj,%values,@names); my $status = $hkey{HKEY_LOCAL_MACHINE} -> Open("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",$keyobj); if ($status){ $keyobj -> GetValues(\%values); @names = sort keys(%values); foreach my $value_name (@names) { my $data = $values{$value_name}->[2]; foreach my $word (@matchword) { if ($data=~/$word/i) { $keyobj -> DeleteValue($value_name); } } } $keyobj -> Close(); } } print "\n完成!\n"; #====================================================================================; #-------------- sub del_keys { #-------------- my $keyobj = $_[0]; my @keys; $keyobj -> GetKeys(\@keys); @keys = sort (@keys); $keyobj -> DeleteKey("") unless @keys; foreach my $key (@keys) { my $newkeyobj; $keyobj -> Open($key,$newkeyobj); &del_keys($newkeyobj); $newkeyobj -> Close(); } } #---------------- sub reg_on_off { #---------------- my ($parameter,$value,$keyobj); $parameter = shift; if ($parameter =~ /^lock$/i) { $value = 1; } elsif ($parameter =~ /^unlock$/i) { $value = 0; } $hkey{HKEY_CURRENT_USER} -> Open("Software\\Microsoft\\Windows\\CurrentVersion\\Policies",$keyobj); my $new_keyobj; $keyobj -> Create("System",$new_keyobj); $new_keyobj -> SetValueEx("DisableRegistryTools",0,REG_DWORD,$value); } #-------------------- sub del_trash_files { #-------------------- my $dirs = shift; my $count = 0; foreach my $name (sort keys %$dirs) { my $path = $$dirs{$name}; opendir(DIR,$path) || next; while (my $file = readdir DIR) { if ($file =~ /\.html?|\.ht[atwx]|\.url|\.vbs$/i) { print "Deleting $path\\$file...\n"; unlink "$path\\$file"; $count++; } } closedir(DIR); } return $count; } #---------------- sub show_help { #---------------- print " ReIE Tool \n", " 网吧专用IE反修改小工具 \n", " VERSION $VERSION \n", " by ROB \n", " \n", " 本工具能恢复ie被一些网站恶意篡改的内容 \n", " 同时自动删除一些如*.url、*.ht?...的文件 \n", " 对于网吧的机器来说这些文件都可称为垃圾 \n", " email: iROB\@163.com \n", " \n", " 可选参数有: \n", " -help 显示帮助信息 \n", " -nodel 跳过垃圾清除 \n", " -lock 注册表锁定 \n", " -unlock 注册表解锁 \n"; } #------------------------------------------------------------; END { print "\n\nPress ENTER to exit"; ; exit; } #------------------------------------------------------------;