中国DOS联盟

-- 联合DOS 推动DOS 发展DOS --

联盟域名：www.cn-dos.net 论坛域名：www.cn-dos.net/forum
DOS，代表着自由开放与发展，我们努力起来，学习FreeDOS和Linux的自由开放与GNU精神，共同创造和发展美好的自由与GNU GPL世界吧！

游客: 注册 | 登录 | 命令行 | 搜索 | 上传 | 帮助 »

中国DOS联盟论坛 » DOS批处理 & 脚本技术（批处理室） » 【讨论】告别杀软，打造个性化绿色系统

English/Chinese Fix Translation

plp626
银牌会员

钻石会员

积分 2278
发帖 1020
注册 2007-11-19
状态离线

『楼主』: 【讨论】告别杀软，打造个性化绿色系统使用 LLM 解释/回答一下

【讨论】告别杀软，打造个性化绿色系统
在本论坛发此贴不知合适否，但是觉得和批处理的一些命令还是很密切的，如reg，Secedit，cacls，等
先发了看看大家的意见
-----------------------------------------
我的思路大概是如下：
我想杀毒主要还是在防：

中毒无非是病毒改了系统文件，或在系统中加入了某些文件，现在我想用对目录或文件设置权限+监视文件修改创建的方法，来告别杀软，
那么主要就是文件的监视，网上有注册表监视，系统文件监视的好多软件，选择一个绿色小巧功能实用的即可(最好自己写一个，这样发现异常自己知道怎么处理)

所以我得出下面两条：
1. 先安装所有自习喜欢的软件(绿色版的)，保证无毒环境
2. 用低于管理员权限的账户使用系统，并时刻监视系统文件的更改，

-----------------------------------------

我才疏学浅，只是这个想法，如果大家觉得我是在做梦，那就算了，我只想知道我这个想法离现实的距离

Last edited by plp626 on 2009-9-3 at 05:17 ]

山外有山，人外有人；低调做人，努力做事。

进入网盘(各种工具)~~ 空间~~cmd学习

2009-9-3 05:13

查看资料发短消息网志

编辑帖子回复引用回复

yishanju
银牌会员

[b]看你妹啊[/b]

积分 1488
发帖 1357
注册 2006-5-20
状态离线

『第 2 楼』: 使用 LLM 解释/回答一下

我现在，一般都是自己把系统毁了，跟病毒无关

保持打系统，浏览器，其它软件补丁
再装个ARP防火墙
平时下载安装软件慎重，不去垃圾站下载东西。
这才是防

在得病之前注意卫生，打预防针，这才是防

有问题请发论坛或者自行搜索,再短消息问我的统统是SB

2009-9-3 05:59

查看资料发短消息网志

编辑帖子回复引用回复

523066680
银牌会员

SuperCleaner

积分 2362
发帖 1133
注册 2008-2-2
状态离线

『第 3 楼』: 使用 LLM 解释/回答一下

哎，平常浏览正常网站，下载东西时别随便找到就下，外部u盘来的时候先查查。

想看h的时候进程管着点系统盘限制点，看完了没事就解除限制。就这样。

综合型编程论坛

我的作品索引

2009-9-3 08:01

查看资料发送邮件访问主页发短消息网志 OICQ

OICQ

(523066680)

编辑帖子回复引用回复

radem
高级用户

CMD感染者

积分 691
发帖 383
注册 2008-5-23
状态离线

『第 4 楼』: 使用 LLM 解释/回答一下

搞个影子系统即可

2009-9-3 10:14

查看资料发短消息网志

编辑帖子回复引用回复

plp626
银牌会员

钻石会员

积分 2278
发帖 1020
注册 2007-11-19
状态离线

『第 5 楼』: 使用 LLM 解释/回答一下

我想说下，
任何一个喜欢学习的人，都不甘心用一个"不信任"的任何软件,包括windows系统
不装杀软我还要上黑客网站，还要上bluemovienet，还要运行可疑文件，
我不想因为不装杀软让我的自由受到限制，我想自己一定会因此付出代价，但是一定会学到操作系统的许多知识，一定学到病毒防治的核心技术，说白了就是想知道怎么感染上病毒，然后轻易的删掉病毒，

山外有山，人外有人；低调做人，努力做事。

进入网盘(各种工具)~~ 空间~~cmd学习

2009-9-3 12:54

查看资料发短消息网志

编辑帖子回复引用回复

Hanyeguxing
银牌会员

正在学习中的菜鸟...

积分 1039
发帖 897
注册 2009-3-1
来自在地狱中仰望天堂
状态离线

『第 6 楼』: 使用 LLM 解释/回答一下

首先，我们必须得下载程序，一个通过下载得到的程序，就存在着风险。
要想使用这个软件，就必须安装或运行。安装或运行就需要权限，特别是安装过程。
只要得到这个权限，那么电脑就由他做主了。。。
在安装过程中，一些文件被写入，或是程序被运行，我们是不好监控并判断的。。。因为我们也不知道他到底是干什么的。

批处理之家 http://bbs.bathome.net/forum-5-1.html

2009-9-3 13:45

查看资料发送邮件发短消息网志

编辑帖子回复引用回复

yishanju
银牌会员

[b]看你妹啊[/b]

积分 1488
发帖 1357
注册 2006-5-20
状态离线

『第 7 楼』: 使用 LLM 解释/回答一下

那就应该放虚拟机里运行了，随便你折腾，

有问题请发论坛或者自行搜索,再短消息问我的统统是SB

2009-9-3 17:53

查看资料发短消息网志

编辑帖子回复引用回复

523066680
银牌会员

SuperCleaner

积分 2362
发帖 1133
注册 2008-2-2
状态离线

『第 8 楼』: 使用 LLM 解释/回答一下

耶某人要的是手动解决问题。
话说是谁谁谁的不足之处，让杀软赚了钱，让我们折腾……

Last edited by 523066680 on 2009-9-3 at 21:42 ]

综合型编程论坛

我的作品索引

2009-9-3 21:38

查看资料发送邮件访问主页发短消息网志 OICQ

OICQ

(523066680)

编辑帖子回复引用回复

qinchun36
高级用户

据说是李先生

积分 609
发帖 400
注册 2008-4-23
状态离线

『第 9 楼』: 使用 LLM 解释/回答一下

不可行！

我曾经也试过不用杀软，对于普通的病毒似乎可以防范，但是现在很多病毒都是感染型的，把自己加到EXE文件里面，并不更改系统设置，我的很多软件都变成一样的图标，郁闷死了

2009-9-3 22:44

查看资料发送邮件发短消息网志 OICQ

OICQ

(182484135)

编辑帖子回复引用回复

slore
铂金会员

积分 5212
发帖 2478
注册 2007-2-8
状态离线

『第 10 楼』: 使用 LLM 解释/回答一下

assoc._xe=exefile

我能改得基本都改了，不能改得exe就压包备份了。或者直接上只有读取权限

S smile 微笑,L love 爱,O optimism 乐观,R relax 放松,E enthusiasm 热情...Slore

2009-9-3 22:53

查看资料发短消息网志

编辑帖子回复引用回复

plp626
银牌会员

钻石会员

积分 2278
发帖 1020
注册 2007-11-19
状态离线

『第 11 楼』: 使用 LLM 解释/回答一下

Originally posted by yishanju at 2009-9-3 05:53 PM:
那就应该放虚拟机里运行了，随便你折腾，

虚拟机的运行机理我也不甚了解，再说病毒搞掉虚拟机也是很容易的事情，

现在暂时用还原精灵(当然病毒要搞掉它也是容易的)，安装后的文件少，方便研究，

山外有山，人外有人；低调做人，努力做事。

进入网盘(各种工具)~~ 空间~~cmd学习

2009-9-3 23:44

查看资料发短消息网志

编辑帖子回复引用回复

xswdong
中级用户

积分 216
发帖 129
注册 2007-2-14
状态离线

『第 12 楼』: 使用 LLM 解释/回答一下

楼主的建议很好,我也是最近才把nod32 给卸载了仅仅用个风云防火墙加软件策略 ntfs权限注册表权限对于小毒是可以防范的大家不妨看看卡饭的瓦斯曲的批处理:
@echo off
color 2f
Set Prog=瓦斯曲-自启动（目录＆注册表键值）保护
Set L1=　　　　　　　 ╭───────────────────╮
Set L2=　　　　　　╭─┤%Prog% ├─╮
Set L3=　　　　　　│ ╰───────────────────╯　│
Set L4=　　　　　　│==============================================│
Set L5=　　　　　　│ 仅供网友们交流　翻版不究 │
Set L6=　　　　　　╰───────────────────────╯
set ofn=[1 17 8]
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /s |find /I "AUTORUNR" >nul 2>nul||set ofn=[8]
if "%ofn%"=="[1 17 8]" (
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /f /v "AUTORUNR" >nul 2>nul
set caclsRF=F
set endr=取消!!
set endra=启用！“保护”，请重新运行本程序
)
if "%ofn%"=="[8]" (
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /v "AUTORUNR" /t reg_sz /d "瓦斯曲-自启动（目录＆注册表键值）保护" /f >nul 2>nul
set caclsRF=R
set endr=启用!!
set endra=取消！“保护”，请重新运行本程序
echo 去除危险命令USER权限……
echo 无条件禁止自动运行特性防范病毒……
echo 修复磁盘打开关联……
echo 清除不用的自动加载键值……
)
Title %endr%瓦斯曲-自启动（目录＆注册表键值）保护
:::无条件禁止自动运行特性防范病毒……
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul
:::修复磁盘打开关联……
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul
:::清除自动加载键值……
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SoundMam /f>nul 2>nul
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wincfgs /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
:::修改目录权限防止病毒或木马等破坏系统 ……
CALL :cacls_exe
Echo %endr%自启动目录权限保护 ……
Echo %endr%自启动目录权限保护 ……>list
echo Y|cacls "%USERPROFILE%\「开始」菜单\程序\启动" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%USERPROFILE%\「开始」菜单\程序\启动" /E /C /R Administrator >nul 2>nul
echo Y|cacls "%ALLUSERSPROFILE%\「开始」菜单\程序\启动" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%ALLUSERSPROFILE%\「开始」菜单\程序\启动" /E /C /R Administrator >nul 2>nul
Echo %endr%%SystemRoot%目录权限保护 ……
Echo %endr%%SystemRoot%目录权限保护 ……>>list
Cacls "%SystemRoot%" /T /E /C /R Administrator >nul 2>nul
echo Y|cacls "%SystemRoot%" /T /C /E /P Administrators:%caclsRF%>nul 2>nul
Echo %endr%策略权限保护 ……
Echo %endr%策略权限保护 ……>>list
echo Y|cacls "%SystemRoot%\system32\grouppolicy" /T /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
:::去除危险命令USER权限
Cacls %SystemRoot%\regedit.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cmd.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net1.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\tftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\at.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\telnet.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shell32.dll /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nbtstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\reged32t.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\attrib.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cscript.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\debug.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\hostname.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\msppcnfg.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\mstsc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nslookup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regedt32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regsvr32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\sc.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shadow.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\share.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\xcopy.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edlin.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ping.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\route.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\finger.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\posix.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\atsvc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\qbasic.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\runonce.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\syskey.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\secfixup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rdisk.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edit.com /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rexec.exe /E /R Users >nul 2>nul
if "%ofn%"=="[8]" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P everyone:N>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P everyone:N>nul 2>nul
)
if "%ofn%"=="[1 17 8]" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
)
if exist Cacls.exe del /A /F /S /Q Cacls.exe >nul 2>nul
::::修改注册表自动运行键值权限防止病毒或木马等破坏系统 ……
CALL :regini_exe
Echo %endr%所有用户自启动注册表键值值保护……
Echo %endr%所有用户自启动注册表键值值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户资源管理器注册表键值保护……
Echo %endr%所有用户资源管理器注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户IE注册表键值保护……
Echo %endr%所有用户IE注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户初始化程序注册表键值保护……
Echo %endr%所有用户初始化程序注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windows %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%免疫恶意网页木马注册表键值保护……
Echo %endr%免疫恶意网页木马注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969EA-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户自启动注册表键值保护……
Echo %endr%本地用户自启动注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户资源管理器注册表键值保护……
Echo %endr%本地用户资源管理器注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户IE注册表键值保护……
Echo %endr%本地用户IE注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户初始化程序注册表键值保护……
Echo %endr%本地用户初始化程序注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Inifilemapping %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%服务驱动驱动注册表键值保护……
Echo %endr%服务驱动驱动注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%默认用户自启动注册表键值保护……
Echo %endr%默认用户自启动注册表键值保护……>>list
>regini.ini Echo HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %ofn%
regini.exe regini.ini >nul 2>nul
if exist regini.* del /A /F /S /Q regini.* >nul 2>nul
CALL END.CMD
goto :eof
:cacls_exe
@echo bs=_>xx.vbs
@echo

The building owner's suggestion is very good. I also recently uninstalled nod32. Just using Fengyun Firewall plus software policies, NTFS permissions, and registry permissions can prevent small viruses. Everyone might as well take a look at the batch processing of Wasqu from Carf:
@echo off
color 2f
Set Prog=Wasqu - Self - Startup (Directory & Registry Key Value) Protection
Set L1=　　　　　　　 ╭───────────────────╮
Set L2=　　　　　　╭─┤%Prog% ├─╮
Set L3=　　　　　　│ ╰───────────────────╯　│
Set L4=　　　　　　│==============================================│
Set L5=　　　　　　│ For netizens' communication　 Piracy is not investigated │
Set L6=　　　　　　╰───────────────────────╯
set ofn=
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /s |find /I "AUTORUNR" >nul 2>nul||set ofn=
if "%ofn%"=="" (
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /f /v "AUTORUNR" >nul 2>nul
set caclsRF=F
set endr=Cancel!!
set endra=Enable! "Protection", please re - run this program
)
if "%ofn%"=="" (
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /v "AUTORUNR" /t reg_sz /d "Wasqu - Self - Startup (Directory & Registry Key Value) Protection" /f >nul 2>nul
set caclsRF=R
set endr=Enable!!
set endra=Cancel! "Protection", please re - run this program
echo Remove dangerous command USER permissions……
echo Unconditionally prohibit automatic running characteristics to prevent viruses……
echo Repair disk open association……
echo Clear unused automatic loading key values……
)
Title %endr%Wasqu - Self - Startup (Directory & Registry Key Value) Protection
:::Unconditionally prohibit automatic running characteristics to prevent viruses……
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul
:::Repair disk open association……
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul
:::Clear automatic loading key values……
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SoundMam /f>nul 2>nul
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wincfgs /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
:::Modify directory permissions to prevent viruses or trojans from damaging the system ……
CALL :cacls_exe
Echo %endr%Self - startup directory permission protection ……
Echo %endr%Self - startup directory permission protection ……>list
echo Y|cacls "%USERPROFILE%\「Start」Menu\Programs\Startup" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%USERPROFILE%\「Start」Menu\Programs\Startup" /E /C /R Administrator >nul 2>nul
echo Y|cacls "%ALLUSERSPROFILE%\「Start」Menu\Programs\Startup" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%ALLUSERSPROFILE%\「Start」Menu\Programs\Startup" /E /C /R Administrator >nul 2>nul
Echo %endr%%SystemRoot% directory permission protection ……
Echo %endr%%SystemRoot% directory permission protection ……>>list
Cacls "%SystemRoot%" /T /E /C /R Administrator >nul 2>nul
echo Y|cacls "%SystemRoot%" /T /C /E /P Administrators:%caclsRF%>nul 2>nul
Echo %endr%Policy permission protection ……
Echo %endr%Policy permission protection ……>>list
echo Y|cacls "%SystemRoot%\system32\grouppolicy" /T /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
:::Remove dangerous command USER permissions
Cacls %SystemRoot%\regedit.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cmd.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net1.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\tftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\at.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\telnet.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shell32.dll /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nbtstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\reged32t.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\attrib.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cscript.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\debug.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\hostname.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\msppcnfg.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\mstsc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nslookup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regedt32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regsvr32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\sc.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shadow.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\share.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\xcopy.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edlin.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ping.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\route.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\finger.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\posix.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\atsvc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\qbasic.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\runonce.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\syskey.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\secfixup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rdisk.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edit.com /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rexec.exe /E /R Users >nul 2>nul
if "%ofn%"=="" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P everyone:N>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P everyone:N>nul 2>nul
)
if "%ofn%"=="" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
)
if exist Cacls.exe del /A /F /S /Q Cacls.exe >nul 2>nul
::::Modify registry automatic running key value permissions to prevent viruses or trojans from damaging the system ……
CALL :regini_exe
Echo %endr%All users' self - startup registry key value protection……
Echo %endr%All users' self - startup registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users' Explorer registry key value protection……
Echo %endr%All users' Explorer registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users' IE registry key value protection……
Echo %endr%All users' IE registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users' initialization program registry key value protection……
Echo %endr%All users' initialization program registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windows %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Immune malicious web page trojan registry key value protection……
Echo %endr%Immune malicious web page trojan registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969EA-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user self - startup registry key value protection……
Echo %endr%Local user self - startup registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user Explorer registry key value protection……
Echo %endr%Local user Explorer registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user IE registry key value protection……
Echo %endr%Local user IE registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user initialization program registry key value protection……
Echo %endr%Local user initialization program registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Inifilemapping %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Service driver registry key value protection……
Echo %endr%Service driver registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Default user self - startup registry key value protection……
Echo %endr%Default user self - startup registry key value protection……>>list
>regini.ini Echo HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %ofn%
regini.exe regini.ini >nul 2>nul
if exist regini.* del /A /F /S /Q regini.* >nul 2>nul
CALL END.CMD
goto :eof
:cacls_exe
@echo bs=_>xx.vbs
@echo

2009-9-4 02:41

查看资料发送邮件发短消息网志

编辑帖子回复引用回复

xswdong
中级用户

积分 216
发帖 129
注册 2007-2-14
状态离线

『第 13 楼』: 使用 LLM 解释/回答一下

@echo off
color 2f
Set Prog=瓦斯曲-自启动（目录＆注册表键值）保护
Set L1=　　　　　　　 ╭───────────────────╮
Set L2=　　　　　　╭─┤%Prog% ├─╮
Set L3=　　　　　　│ ╰───────────────────╯　│
Set L4=　　　　　　│==============================================│
Set L5=　　　　　　│ 仅供网友们交流　翻版不究 │
Set L6=　　　　　　╰───────────────────────╯
set ofn=[1 17 8]
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /s |find /I "AUTORUNR" >nul 2>nul||set ofn=[8]
if "%ofn%"=="[1 17 8]" (
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /f /v "AUTORUNR" >nul 2>nul
set caclsRF=F
set endr=取消!!
set endra=启用！“保护”，请重新运行本程序
)
if "%ofn%"=="[8]" (
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /v "AUTORUNR" /t reg_sz /d "瓦斯曲-自启动（目录＆注册表键值）保护" /f >nul 2>nul
set caclsRF=R
set endr=启用!!
set endra=取消！“保护”，请重新运行本程序
echo 去除危险命令USER权限……
echo 无条件禁止自动运行特性防范病毒……
echo 修复磁盘打开关联……
echo 清除不用的自动加载键值……
)
Title %endr%瓦斯曲-自启动（目录＆注册表键值）保护
:::无条件禁止自动运行特性防范病毒……
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul
:::修复磁盘打开关联……
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul
:::清除自动加载键值……
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SoundMam /f>nul 2>nul
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wincfgs /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
:::修改目录权限防止病毒或木马等破坏系统 ……
CALL :cacls_exe
Echo %endr%自启动目录权限保护 ……
Echo %endr%自启动目录权限保护 ……>list
echo Y|cacls "%USERPROFILE%\「开始」菜单\程序\启动" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%USERPROFILE%\「开始」菜单\程序\启动" /E /C /R Administrator >nul 2>nul
echo Y|cacls "%ALLUSERSPROFILE%\「开始」菜单\程序\启动" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%ALLUSERSPROFILE%\「开始」菜单\程序\启动" /E /C /R Administrator >nul 2>nul
Echo %endr%%SystemRoot%目录权限保护 ……
Echo %endr%%SystemRoot%目录权限保护 ……>>list
Cacls "%SystemRoot%" /T /E /C /R Administrator >nul 2>nul
echo Y|cacls "%SystemRoot%" /T /C /E /P Administrators:%caclsRF%>nul 2>nul
Echo %endr%策略权限保护 ……
Echo %endr%策略权限保护 ……>>list
echo Y|cacls "%SystemRoot%\system32\grouppolicy" /T /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
:::去除危险命令USER权限
Cacls %SystemRoot%\regedit.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cmd.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net1.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\tftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\at.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\telnet.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shell32.dll /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nbtstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\reged32t.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\attrib.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cscript.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\debug.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\hostname.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\msppcnfg.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\mstsc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nslookup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regedt32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regsvr32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\sc.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shadow.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\share.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\xcopy.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edlin.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ping.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\route.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\finger.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\posix.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\atsvc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\qbasic.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\runonce.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\syskey.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\secfixup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rdisk.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edit.com /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rexec.exe /E /R Users >nul 2>nul
if "%ofn%"=="[8]" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P everyone:N>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P everyone:N>nul 2>nul
)
if "%ofn%"=="[1 17 8]" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
)
if exist Cacls.exe del /A /F /S /Q Cacls.exe >nul 2>nul
::::修改注册表自动运行键值权限防止病毒或木马等破坏系统 ……
CALL :regini_exe
Echo %endr%所有用户自启动注册表键值值保护……
Echo %endr%所有用户自启动注册表键值值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户资源管理器注册表键值保护……
Echo %endr%所有用户资源管理器注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户IE注册表键值保护……
Echo %endr%所有用户IE注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户初始化程序注册表键值保护……
Echo %endr%所有用户初始化程序注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windows %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%免疫恶意网页木马注册表键值保护……
Echo %endr%免疫恶意网页木马注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969EA-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户自启动注册表键值保护……
Echo %endr%本地用户自启动注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户资源管理器注册表键值保护……
Echo %endr%本地用户资源管理器注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户IE注册表键值保护……
Echo %endr%本地用户IE注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户初始化程序注册表键值保护……
Echo %endr%本地用户初始化程序注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Inifilemapping %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%服务驱动驱动注册表键值保护……
Echo %endr%服务驱动驱动注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%默认用户自启动注册表键值保护……
Echo %endr%默认用户自启动注册表键值保护……>>list
>regini.ini Echo HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %ofn%
regini.exe regini.ini >nul 2>nul
if exist regini.* del /A /F /S /Q regini.* >nul 2>nul
CALL END.CMD
goto :eof
:cacls_exe
@echo bs=_>xx.vbs
@echo

@echo off
color 2f
Set Prog=Gas Song - Self - Starting (Directory & Registry Key Value) Protection
Set L1=　　　　　　　 ╭───────────────────╮
Set L2=　　　　　　╭─┤%Prog% ├─╮
Set L3=　　　　　　│ ╰───────────────────╯　│
Set L4=　　　　　　│==============================================│
Set L5=　　　　　　│ For netizens to communicate　 Piracy is not investigated │
Set L6=　　　　　　╰───────────────────────╯
set ofn=
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /s |find /I "AUTORUNR" >nul 2>nul||set ofn=
if "%ofn%"=="" (
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /f /v "AUTORUNR" >nul 2>nul
set caclsRF=F
set endr=Cancel!!
set endra=Enable! "Protection", please re - run this program
)
if "%ofn%"=="" (
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /v "AUTORUNR" /t reg_sz /d "Gas Song - Self - Starting (Directory & Registry Key Value) Protection" /f >nul 2>nul
set caclsRF=R
set endr=Enable!!
set endra=Cancel! "Protection", please re - run this program
echo Remove dangerous command USER permissions……
echo Unconditionally prohibit automatic operation characteristics to prevent viruses……
echo Repair disk open association……
echo Clear unused automatic loading key values……
)
Title %endr%Gas Song - Self - Starting (Directory & Registry Key Value) Protection
:::Unconditionally prohibit automatic operation characteristics to prevent viruses……
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul
:::Repair disk open association……
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul
:::Clear automatic loading key values……
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SoundMam /f>nul 2>nul
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wincfgs /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
:::Modify directory permissions to prevent viruses or trojans from damaging the system ……
CALL :cacls_exe
Echo %endr%Self - starting directory permission protection ……
Echo %endr%Self - starting directory permission protection ……>list
echo Y|cacls "%USERPROFILE%\「Start」Menu\Programs\Startup" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%USERPROFILE%\「Start」Menu\Programs\Startup" /E /C /R Administrator >nul 2>nul
echo Y|cacls "%ALLUSERSPROFILE%\「Start」Menu\Programs\Startup" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%ALLUSERSPROFILE%\「Start」Menu\Programs\Startup" /E /C /R Administrator >nul 2>nul
Echo %endr%%SystemRoot% directory permission protection ……
Echo %endr%%SystemRoot% directory permission protection ……>>list
Cacls "%SystemRoot%" /T /E /C /R Administrator >nul 2>nul
echo Y|cacls "%SystemRoot%" /T /C /E /P Administrators:%caclsRF%>nul 2>nul
Echo %endr%Policy permission protection ……
Echo %endr%Policy permission protection ……>>list
echo Y|cacls "%SystemRoot%\system32\grouppolicy" /T /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
:::Remove dangerous command USER permissions
Cacls %SystemRoot%\regedit.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cmd.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net1.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\tftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\at.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\telnet.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shell32.dll /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nbtstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\reged32t.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\attrib.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cscript.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\debug.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\hostname.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\msppcnfg.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\mstsc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nslookup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regedt32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regsvr32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\sc.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shadow.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\share.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\xcopy.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edlin.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ping.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\route.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\finger.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\posix.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\atsvc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\qbasic.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\runonce.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\syskey.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\secfixup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rdisk.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edit.com /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rexec.exe /E /R Users >nul 2>nul
if "%ofn%"=="" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P everyone:N>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P everyone:N>nul 2>nul
)
if "%ofn%"=="" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
)
if exist Cacls.exe del /A /F /S /Q Cacls.exe >nul 2>nul
::::Modify registry automatic operation key value permissions to prevent viruses or trojans from damaging the system ……
CALL :regini_exe
Echo %endr%All users self - starting registry key value protection……
Echo %endr%All users self - starting registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users Explorer registry key value protection……
Echo %endr%All users Explorer registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users IE registry key value protection……
Echo %endr%All users IE registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users initialization program registry key value protection……
Echo %endr%All users initialization program registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windows %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Immune malicious web page trojan registry key value protection……
Echo %endr%Immune malicious web page trojan registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969EA-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user self - starting registry key value protection……
Echo %endr%Local user self - starting registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user Explorer registry key value protection……
Echo %endr%Local user Explorer registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user IE registry key value protection……
Echo %endr%Local user IE registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user initialization program registry key value protection……
Echo %endr%Local user initialization program registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Inifilemapping %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Service driver driver registry key value protection……
Echo %endr%Service driver driver registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Default user self - starting registry key value protection……
Echo %endr%Default user self - starting registry key value protection……>>list
>regini.ini Echo HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %ofn%
regini.exe regini.ini >nul 2>nul
if exist regini.* del /A /F /S /Q regini.* >nul 2>nul
CALL END.CMD
goto :eof
:cacls_exe
@echo bs=_>xx.vbs
@echo

2009-9-4 02:42

查看资料发送邮件发短消息网志

编辑帖子回复引用回复

xswdong
中级用户

积分 216
发帖 129
注册 2007-2-14
状态离线

『第 14 楼』: 使用 LLM 解释/回答一下

对于感染型病毒防御不大容易总不能每个目录每个文件都设置只读运行权限吧

2009-9-4 02:48

查看资料发送邮件发短消息网志

编辑帖子回复引用回复

plp626
银牌会员

钻石会员

积分 2278
发帖 1020
注册 2007-11-19
状态离线

『第 15 楼』: 使用 LLM 解释/回答一下

Originally posted by xswdong at 2009-9-4 02:48 AM:
对于感染型病毒防御不大容易总不能每个目录每个文件都设置只读运行权限吧

你贴的代码得好好精简下。。。。

---------------------------------------------
" 感染型" 的病毒？我懂你的意思，

文件监视不是用批处理来做的，那岂不是笑话了，大家别想歪了，

还是那句话批处理只做：非交互的，双击即可搞定的设置性的工作

山外有山，人外有人；低调做人，努力做事。

进入网盘(各种工具)~~ 空间~~cmd学习

2009-9-4 03:14

查看资料发短消息网志

编辑帖子回复引用回复

请注意：您目前尚未注册或登录，请您注册或登录以使用论坛的各项功能，例如发表和回复帖子等。

可打印版本 | 推荐给朋友 | 订阅主题 | 收藏主题

论坛跳转: