|
plp626
银牌会员
     钻石会员
积分 2278
发帖 1020
注册 2007-11-19
状态 离线
|
『楼 主』:
【讨论】告别杀软,打造个性化绿色系统
使用 LLM 解释/回答一下
【讨论】告别杀软,打造个性化绿色系统
在本论坛发此贴不知合适否,但是觉得和批处理的一些命令还是很密切的,如reg,Secedit,cacls,等
先发了看看大家的意见
-----------------------------------------
我的思路大概是如下:
我想杀毒主要还是在防:
中毒无非是病毒改了系统文件,或在系统中加入了某些文件,现在我想用对目录或文件设置权限+监视文件修改创建的方法,来告别杀软,
那么主要就是文件的监视,网上有注册表监视,系统文件监视的好多软件,选择一个绿色小巧功能实用的即可(最好自己写一个,这样发现异常自己知道怎么处理)
所以我得出下面两条:
1. 先安装所有自习喜欢的软件(绿色版的),保证无毒环境
2. 用低于管理员权限的账户使用系统,并时刻 监视系统文件的更改,
-----------------------------------------
我才疏学浅,只是这个想法,如果大家觉得我是在做梦,那就算了,我只想知道我这个想法离现实的距离
Last edited by plp626 on 2009-9-3 at 05:17 ]
【Discussion】Farewell to Antivirus Software, Build a Personalized Green System
I don't know if it's appropriate to post this thread in this forum, but I think it's closely related to some commands of batch processing, such as reg, Secedit, cacls, etc.
I'll post it first and see everyone's opinions.
-----------------------------------------
My idea is roughly as follows:
I think antivirus mainly lies in prevention:
Virus infection is nothing more than the virus modifying system files or adding some files to the system. Now I want to use the method of setting permissions for directories or files + monitoring file modifications and creations to bid farewell to antivirus software.
So the main thing is file monitoring. There are many software for registry monitoring and system file monitoring on the Internet. Choose a green, small-sized and practical one (preferably write one by yourself, so that if something abnormal is found, you know how to deal with it).
So I come to the following two points:
1. First install all the software you like (green versions), to ensure a virus-free environment.
2. Use an account with lower than administrator privileges to use the system, and always monitor the changes of system files.
-----------------------------------------
I'm not very knowledgeable, just this idea. If everyone thinks I'm daydreaming, then forget it. I just want to know how far this idea is from reality.
Last edited by plp626 on 2009-9-3 at 05:17 ]
|

山外有山,人外有人;低调做人,努力做事。
进入网盘(各种工具)~~ 空间~~cmd学习 |
|
2009-9-3 05:13 |
|
|
yishanju
银牌会员
     [b]看你妹啊[/b]
积分 1488
发帖 1357
注册 2006-5-20
状态 离线
|
『第 2 楼』:
使用 LLM 解释/回答一下
我现在,一般都是自己把系统毁了,跟病毒无关
保持打系统,浏览器,其它软件补丁
再装个ARP防火墙
平时下载安装软件慎重,不去垃圾站下载东西。
这才是防
在得病之前注意卫生,打预防针,这才是防
I am currently, generally, destroying the system myself, and it has nothing to do with viruses
Keep patching the system, browsers, and other software
Also install an ARP firewall
Be careful when downloading and installing software at ordinary times, and don't download things from garbage stations.
This is prevention
Pay attention to hygiene and get vaccinated before getting sick, this is prevention
|

有问题请发论坛或者自行搜索,再短消息问我的统统是SB |
|
2009-9-3 05:59 |
|
|
523066680
银牌会员
     SuperCleaner
积分 2362
发帖 1133
注册 2008-2-2
状态 离线
|
『第 3 楼』:
使用 LLM 解释/回答一下
哎,平常浏览正常网站,下载东西时别随便找到就下,外部u盘来的时候先查查。
想看h的时候 进程管着点 系统盘限制点,看完了没事就解除限制。就这样。
Hey, usually when browsing normal websites and downloading things, don't just download randomly when you find something. When an external USB drive comes, first check it.
When watching adult content, keep an eye on processes, restrict the system drive, and after watching, lift the restriction when没事. That's it.
|

综合型编程论坛
我的作品索引 |
|
2009-9-3 08:01 |
|
|
radem
高级用户
    CMD感染者
积分 691
发帖 383
注册 2008-5-23
状态 离线
|
|
2009-9-3 10:14 |
|
|
plp626
银牌会员
     钻石会员
积分 2278
发帖 1020
注册 2007-11-19
状态 离线
|
『第 5 楼』:
使用 LLM 解释/回答一下
我想说下,
任何一个喜欢学习的人,都不甘心用一个"不信任"的任何软件,包括windows系统
不装杀软我还要上黑客网站,还要上bluemovienet,还要运行可疑文件,
我不想因为不装杀软让我的自由受到限制,我想自己一定会因此付出代价,但是一定会学到操作系统的许多知识,一定学到病毒防治的核心技术,说白了就是想知道怎么感染上病毒,然后轻易的删掉病毒,
I want to say,
Any person who likes to learn is not willing to use any software with "no trust", including the Windows system.
If I don't install an antivirus, I still need to go to hacker websites, still need to go to bluemovienet, still need to run suspicious files.
I don't want my freedom to be restricted because I don't install an antivirus.
I think I will pay the price for this, but I will definitely learn many knowledge about the operating system, definitely learn the core technology of virus prevention and control. To put it simply, I just want to know how to get infected with a virus, and then easily delete the virus
|

山外有山,人外有人;低调做人,努力做事。
进入网盘(各种工具)~~ 空间~~cmd学习 |
|
2009-9-3 12:54 |
|
|
Hanyeguxing
银牌会员
     正在学习中的菜鸟...
积分 1039
发帖 897
注册 2009-3-1 来自 在地狱中仰望天堂
状态 离线
|
『第 6 楼』:
使用 LLM 解释/回答一下
首先,我们必须得下载程序,一个通过下载得到的程序,就存在着风险。
要想使用这个软件,就必须安装或运行。安装或运行就需要权限,特别是安装过程。
只要得到这个权限,那么电脑就由他做主了。。。
在安装过程中,一些文件被写入,或是程序被运行,我们是不好监控并判断的。。。因为我们也不知道他到底是干什么的。
First of all, we must download the program. A program obtained through downloading has risks.
To use this software, you must install or run it. Installing or running requires permissions, especially during the installation process.
As long as this permission is obtained, then the computer is at its mercy...
During the installation process, some files are written or the program is run, and it is difficult for us to monitor and judge... Because we don't know what it is actually doing.
|

批处理之家 http://bbs.bathome.net/forum-5-1.html |
|
2009-9-3 13:45 |
|
|
yishanju
银牌会员
     [b]看你妹啊[/b]
积分 1488
发帖 1357
注册 2006-5-20
状态 离线
|
『第 7 楼』:
使用 LLM 解释/回答一下
那就应该放虚拟机里运行了,随便你折腾,
Then it should be run in a virtual machine. Do whatever you want to tinker with.
|

有问题请发论坛或者自行搜索,再短消息问我的统统是SB |
|
2009-9-3 17:53 |
|
|
523066680
银牌会员
     SuperCleaner
积分 2362
发帖 1133
注册 2008-2-2
状态 离线
|
『第 8 楼』:
使用 LLM 解释/回答一下
耶 某人要的是手动解决问题。
话说是谁谁谁的不足之处,让杀软赚了钱,让我们折腾……
Last edited by 523066680 on 2009-9-3 at 21:42 ]
Yeah, someone wants to solve the problem manually.
It's about whose shortcomings have made the antivirus software earn money and made us toss around...
Last edited by 523066680 on 2009-9-3 at 21:42 ]
|

综合型编程论坛
我的作品索引 |
|
2009-9-3 21:38 |
|
|
qinchun36
高级用户
    据说是李先生
积分 609
发帖 400
注册 2008-4-23
状态 离线
|
『第 9 楼』:
使用 LLM 解释/回答一下
不可行!
我曾经也试过不用杀软,对于普通的病毒似乎可以防范,但是现在很多病毒都是感染型的,把自己加到EXE文件里面,并不更改系统设置,我的很多软件都变成一样的图标,郁闷死了
Not feasible!
I once also tried without antivirus software. It seemed possible to prevent ordinary viruses, but now many viruses are infection - type, adding themselves to EXE files, and not changing system settings. Many of my software have become the same icon. So depressed!
|
|
2009-9-3 22:44 |
|
|
slore
铂金会员
      
积分 5212
发帖 2478
注册 2007-2-8
状态 离线
|
『第 10 楼』:
使用 LLM 解释/回答一下
assoc._xe=exefile
我能改得基本都改了,不能改得exe就压包备份了。或者直接上只有读取权限
assoc._xe=exefile
I have changed as much as I can, and for the EXEs that can't be changed, I backed them up in compressed packages. Or just set them to have only read permissions
|

S smile 微笑,L love 爱,O optimism 乐观,R relax 放松,E enthusiasm 热情...Slore |
|
2009-9-3 22:53 |
|
|
plp626
银牌会员
     钻石会员
积分 2278
发帖 1020
注册 2007-11-19
状态 离线
|
『第 11 楼』:
使用 LLM 解释/回答一下
Originally posted by yishanju at 2009-9-3 05:53 PM:
那就应该放虚拟机里运行了,随便你折腾,
虚拟机的运行机理我也不甚了解,再说病毒搞掉虚拟机也是很容易的事情,
现在暂时用还原精灵(当然病毒要搞掉它也是容易的),安装后的文件少,方便研究,
Originally posted by yishanju at 2009-9-3 05:53 PM:
Then it should be run in a virtual machine, you can mess around casually,
I don't know much about the operating mechanism of virtual machines. Besides, it's very easy for a virus to damage the virtual machine.
Now I'm temporarily using the restore wizard (of course, it's easy for a virus to remove it). The number of files after installation is small, which is convenient for research.
|

山外有山,人外有人;低调做人,努力做事。
进入网盘(各种工具)~~ 空间~~cmd学习 |
|
2009-9-3 23:44 |
|
|
xswdong
中级用户
  
积分 216
发帖 129
注册 2007-2-14
状态 离线
|
『第 12 楼』:
使用 LLM 解释/回答一下
楼主的建议很好,我也是最近才把nod32 给卸载了 仅仅用个风云防火墙 加软件策略 ntfs权限 注册表权限 对于小毒是可以防范的 大家不妨看看卡饭的瓦斯曲的批处理:
@echo off
color 2f
Set Prog=瓦斯曲-自启动(目录&注册表键值)保护
Set L1= ╭───────────────────╮
Set L2= ╭─┤%Prog% ├─╮
Set L3= │ ╰───────────────────╯ │
Set L4= │==============================================│
Set L5= │ 仅供网友们交流 翻版不究 │
Set L6= ╰───────────────────────╯
set ofn=[1 17 8]
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /s |find /I "AUTORUNR" >nul 2>nul||set ofn=[8]
if "%ofn%"=="[1 17 8]" (
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /f /v "AUTORUNR" >nul 2>nul
set caclsRF=F
set endr=取消!!
set endra=启用!“保护”,请重新运行本程序
)
if "%ofn%"=="[8]" (
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /v "AUTORUNR" /t reg_sz /d "瓦斯曲-自启动(目录&注册表键值)保护" /f >nul 2>nul
set caclsRF=R
set endr=启用!!
set endra=取消!“保护”,请重新运行本程序
echo 去除危险命令USER权限……
echo 无条件禁止自动运行特性防范病毒……
echo 修复磁盘打开关联……
echo 清除不用的自动加载键值……
)
Title %endr%瓦斯曲-自启动(目录&注册表键值)保护
:::无条件禁止自动运行特性防范病毒……
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul
:::修复磁盘打开关联……
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul
:::清除自动加载键值……
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SoundMam /f>nul 2>nul
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wincfgs /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
:::修改目录权限防止病毒或木马等破坏系统 ……
CALL :cacls_exe
Echo %endr%自启动目录权限保护 ……
Echo %endr%自启动目录权限保护 ……>list
echo Y|cacls "%USERPROFILE%\「开始」菜单\程序\启动" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%USERPROFILE%\「开始」菜单\程序\启动" /E /C /R Administrator >nul 2>nul
echo Y|cacls "%ALLUSERSPROFILE%\「开始」菜单\程序\启动" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%ALLUSERSPROFILE%\「开始」菜单\程序\启动" /E /C /R Administrator >nul 2>nul
Echo %endr%%SystemRoot%目录权限保护 ……
Echo %endr%%SystemRoot%目录权限保护 ……>>list
Cacls "%SystemRoot%" /T /E /C /R Administrator >nul 2>nul
echo Y|cacls "%SystemRoot%" /T /C /E /P Administrators:%caclsRF%>nul 2>nul
Echo %endr%策略权限保护 ……
Echo %endr%策略权限保护 ……>>list
echo Y|cacls "%SystemRoot%\system32\grouppolicy" /T /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
:::去除危险命令USER权限
Cacls %SystemRoot%\regedit.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cmd.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net1.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\tftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\at.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\telnet.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shell32.dll /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nbtstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\reged32t.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\attrib.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cscript.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\debug.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\hostname.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\msppcnfg.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\mstsc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nslookup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regedt32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regsvr32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\sc.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shadow.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\share.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\xcopy.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edlin.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ping.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\route.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\finger.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\posix.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\atsvc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\qbasic.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\runonce.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\syskey.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\secfixup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rdisk.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edit.com /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rexec.exe /E /R Users >nul 2>nul
if "%ofn%"=="[8]" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P everyone:N>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P everyone:N>nul 2>nul
)
if "%ofn%"=="[1 17 8]" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
)
if exist Cacls.exe del /A /F /S /Q Cacls.exe >nul 2>nul
::::修改注册表自动运行键值权限防止病毒或木马等破坏系统 ……
CALL :regini_exe
Echo %endr%所有用户自启动注册表键值值保护……
Echo %endr%所有用户自启动注册表键值值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户资源管理器注册表键值保护……
Echo %endr%所有用户资源管理器注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户IE注册表键值保护……
Echo %endr%所有用户IE注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户初始化程序注册表键值保护……
Echo %endr%所有用户初始化程序注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windows %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%免疫恶意网页木马注册表键值保护……
Echo %endr%免疫恶意网页木马注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969EA-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户自启动注册表键值保护……
Echo %endr%本地用户自启动注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户资源管理器注册表键值保护……
Echo %endr%本地用户资源管理器注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户IE注册表键值保护……
Echo %endr%本地用户IE注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户初始化程序注册表键值保护……
Echo %endr%本地用户初始化程序注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Inifilemapping %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%服务驱动驱动注册表键值保护……
Echo %endr%服务驱动驱动注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%默认用户自启动注册表键值保护……
Echo %endr%默认用户自启动注册表键值保护……>>list
>regini.ini Echo HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %ofn%
regini.exe regini.ini >nul 2>nul
if exist regini.* del /A /F /S /Q regini.* >nul 2>nul
CALL END.CMD
goto :eof
:cacls_exe
@echo bs=_>xx.vbs
@echo
The building owner's suggestion is very good. I also recently uninstalled nod32. Just using Fengyun Firewall plus software policies, NTFS permissions, and registry permissions can prevent small viruses. Everyone might as well take a look at the batch processing of Wasqu from Carf:
@echo off
color 2f
Set Prog=Wasqu - Self - Startup (Directory & Registry Key Value) Protection
Set L1= ╭───────────────────╮
Set L2= ╭─┤%Prog% ├─╮
Set L3= │ ╰───────────────────╯ │
Set L4= │==============================================│
Set L5= │ For netizens' communication Piracy is not investigated │
Set L6= ╰───────────────────────╯
set ofn=
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /s |find /I "AUTORUNR" >nul 2>nul||set ofn=
if "%ofn%"=="" (
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /f /v "AUTORUNR" >nul 2>nul
set caclsRF=F
set endr=Cancel!!
set endra=Enable! "Protection", please re - run this program
)
if "%ofn%"=="" (
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /v "AUTORUNR" /t reg_sz /d "Wasqu - Self - Startup (Directory & Registry Key Value) Protection" /f >nul 2>nul
set caclsRF=R
set endr=Enable!!
set endra=Cancel! "Protection", please re - run this program
echo Remove dangerous command USER permissions……
echo Unconditionally prohibit automatic running characteristics to prevent viruses……
echo Repair disk open association……
echo Clear unused automatic loading key values……
)
Title %endr%Wasqu - Self - Startup (Directory & Registry Key Value) Protection
:::Unconditionally prohibit automatic running characteristics to prevent viruses……
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul
:::Repair disk open association……
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul
:::Clear automatic loading key values……
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SoundMam /f>nul 2>nul
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wincfgs /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
:::Modify directory permissions to prevent viruses or trojans from damaging the system ……
CALL :cacls_exe
Echo %endr%Self - startup directory permission protection ……
Echo %endr%Self - startup directory permission protection ……>list
echo Y|cacls "%USERPROFILE%\「Start」Menu\Programs\Startup" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%USERPROFILE%\「Start」Menu\Programs\Startup" /E /C /R Administrator >nul 2>nul
echo Y|cacls "%ALLUSERSPROFILE%\「Start」Menu\Programs\Startup" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%ALLUSERSPROFILE%\「Start」Menu\Programs\Startup" /E /C /R Administrator >nul 2>nul
Echo %endr%%SystemRoot% directory permission protection ……
Echo %endr%%SystemRoot% directory permission protection ……>>list
Cacls "%SystemRoot%" /T /E /C /R Administrator >nul 2>nul
echo Y|cacls "%SystemRoot%" /T /C /E /P Administrators:%caclsRF%>nul 2>nul
Echo %endr%Policy permission protection ……
Echo %endr%Policy permission protection ……>>list
echo Y|cacls "%SystemRoot%\system32\grouppolicy" /T /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
:::Remove dangerous command USER permissions
Cacls %SystemRoot%\regedit.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cmd.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net1.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\tftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\at.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\telnet.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shell32.dll /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nbtstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\reged32t.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\attrib.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cscript.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\debug.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\hostname.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\msppcnfg.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\mstsc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nslookup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regedt32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regsvr32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\sc.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shadow.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\share.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\xcopy.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edlin.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ping.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\route.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\finger.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\posix.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\atsvc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\qbasic.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\runonce.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\syskey.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\secfixup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rdisk.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edit.com /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rexec.exe /E /R Users >nul 2>nul
if "%ofn%"=="" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P everyone:N>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P everyone:N>nul 2>nul
)
if "%ofn%"=="" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
)
if exist Cacls.exe del /A /F /S /Q Cacls.exe >nul 2>nul
::::Modify registry automatic running key value permissions to prevent viruses or trojans from damaging the system ……
CALL :regini_exe
Echo %endr%All users' self - startup registry key value protection……
Echo %endr%All users' self - startup registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users' Explorer registry key value protection……
Echo %endr%All users' Explorer registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users' IE registry key value protection……
Echo %endr%All users' IE registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users' initialization program registry key value protection……
Echo %endr%All users' initialization program registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windows %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Immune malicious web page trojan registry key value protection……
Echo %endr%Immune malicious web page trojan registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969EA-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user self - startup registry key value protection……
Echo %endr%Local user self - startup registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user Explorer registry key value protection……
Echo %endr%Local user Explorer registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user IE registry key value protection……
Echo %endr%Local user IE registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user initialization program registry key value protection……
Echo %endr%Local user initialization program registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Inifilemapping %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Service driver registry key value protection……
Echo %endr%Service driver registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Default user self - startup registry key value protection……
Echo %endr%Default user self - startup registry key value protection……>>list
>regini.ini Echo HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %ofn%
regini.exe regini.ini >nul 2>nul
if exist regini.* del /A /F /S /Q regini.* >nul 2>nul
CALL END.CMD
goto :eof
:cacls_exe
@echo bs=_>xx.vbs
@echo
|
|
2009-9-4 02:41 |
|
|
xswdong
中级用户
  
积分 216
发帖 129
注册 2007-2-14
状态 离线
|
『第 13 楼』:
使用 LLM 解释/回答一下
@echo off
color 2f
Set Prog=瓦斯曲-自启动(目录&注册表键值)保护
Set L1= ╭───────────────────╮
Set L2= ╭─┤%Prog% ├─╮
Set L3= │ ╰───────────────────╯ │
Set L4= │==============================================│
Set L5= │ 仅供网友们交流 翻版不究 │
Set L6= ╰───────────────────────╯
set ofn=[1 17 8]
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /s |find /I "AUTORUNR" >nul 2>nul||set ofn=[8]
if "%ofn%"=="[1 17 8]" (
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /f /v "AUTORUNR" >nul 2>nul
set caclsRF=F
set endr=取消!!
set endra=启用!“保护”,请重新运行本程序
)
if "%ofn%"=="[8]" (
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /v "AUTORUNR" /t reg_sz /d "瓦斯曲-自启动(目录&注册表键值)保护" /f >nul 2>nul
set caclsRF=R
set endr=启用!!
set endra=取消!“保护”,请重新运行本程序
echo 去除危险命令USER权限……
echo 无条件禁止自动运行特性防范病毒……
echo 修复磁盘打开关联……
echo 清除不用的自动加载键值……
)
Title %endr%瓦斯曲-自启动(目录&注册表键值)保护
:::无条件禁止自动运行特性防范病毒……
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul
:::修复磁盘打开关联……
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul
:::清除自动加载键值……
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SoundMam /f>nul 2>nul
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wincfgs /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
:::修改目录权限防止病毒或木马等破坏系统 ……
CALL :cacls_exe
Echo %endr%自启动目录权限保护 ……
Echo %endr%自启动目录权限保护 ……>list
echo Y|cacls "%USERPROFILE%\「开始」菜单\程序\启动" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%USERPROFILE%\「开始」菜单\程序\启动" /E /C /R Administrator >nul 2>nul
echo Y|cacls "%ALLUSERSPROFILE%\「开始」菜单\程序\启动" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%ALLUSERSPROFILE%\「开始」菜单\程序\启动" /E /C /R Administrator >nul 2>nul
Echo %endr%%SystemRoot%目录权限保护 ……
Echo %endr%%SystemRoot%目录权限保护 ……>>list
Cacls "%SystemRoot%" /T /E /C /R Administrator >nul 2>nul
echo Y|cacls "%SystemRoot%" /T /C /E /P Administrators:%caclsRF%>nul 2>nul
Echo %endr%策略权限保护 ……
Echo %endr%策略权限保护 ……>>list
echo Y|cacls "%SystemRoot%\system32\grouppolicy" /T /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
:::去除危险命令USER权限
Cacls %SystemRoot%\regedit.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cmd.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net1.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\tftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\at.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\telnet.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shell32.dll /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nbtstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\reged32t.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\attrib.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cscript.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\debug.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\hostname.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\msppcnfg.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\mstsc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nslookup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regedt32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regsvr32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\sc.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shadow.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\share.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\xcopy.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edlin.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ping.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\route.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\finger.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\posix.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\atsvc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\qbasic.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\runonce.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\syskey.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\secfixup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rdisk.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edit.com /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rexec.exe /E /R Users >nul 2>nul
if "%ofn%"=="[8]" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P everyone:N>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P everyone:N>nul 2>nul
)
if "%ofn%"=="[1 17 8]" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
)
if exist Cacls.exe del /A /F /S /Q Cacls.exe >nul 2>nul
::::修改注册表自动运行键值权限防止病毒或木马等破坏系统 ……
CALL :regini_exe
Echo %endr%所有用户自启动注册表键值值保护……
Echo %endr%所有用户自启动注册表键值值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户资源管理器注册表键值保护……
Echo %endr%所有用户资源管理器注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户IE注册表键值保护……
Echo %endr%所有用户IE注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%所有用户初始化程序注册表键值保护……
Echo %endr%所有用户初始化程序注册表键值保护……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windows %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%免疫恶意网页木马注册表键值保护……
Echo %endr%免疫恶意网页木马注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969EA-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户自启动注册表键值保护……
Echo %endr%本地用户自启动注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户资源管理器注册表键值保护……
Echo %endr%本地用户资源管理器注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户IE注册表键值保护……
Echo %endr%本地用户IE注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%本地用户初始化程序注册表键值保护……
Echo %endr%本地用户初始化程序注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Inifilemapping %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%服务驱动驱动注册表键值保护……
Echo %endr%服务驱动驱动注册表键值保护……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%默认用户自启动注册表键值保护……
Echo %endr%默认用户自启动注册表键值保护……>>list
>regini.ini Echo HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %ofn%
regini.exe regini.ini >nul 2>nul
if exist regini.* del /A /F /S /Q regini.* >nul 2>nul
CALL END.CMD
goto :eof
:cacls_exe
@echo bs=_>xx.vbs
@echo
@echo off
color 2f
Set Prog=Gas Song - Self - Starting (Directory & Registry Key Value) Protection
Set L1= ╭───────────────────╮
Set L2= ╭─┤%Prog% ├─╮
Set L3= │ ╰───────────────────╯ │
Set L4= │==============================================│
Set L5= │ For netizens to communicate Piracy is not investigated │
Set L6= ╰───────────────────────╯
set ofn=
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /s |find /I "AUTORUNR" >nul 2>nul||set ofn=
if "%ofn%"=="" (
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /f /v "AUTORUNR" >nul 2>nul
set caclsRF=F
set endr=Cancel!!
set endra=Enable! "Protection", please re - run this program
)
if "%ofn%"=="" (
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WSQ" /v "AUTORUNR" /t reg_sz /d "Gas Song - Self - Starting (Directory & Registry Key Value) Protection" /f >nul 2>nul
set caclsRF=R
set endr=Enable!!
set endra=Cancel! "Protection", please re - run this program
echo Remove dangerous command USER permissions……
echo Unconditionally prohibit automatic operation characteristics to prevent viruses……
echo Repair disk open association……
echo Clear unused automatic loading key values……
)
Title %endr%Gas Song - Self - Starting (Directory & Registry Key Value) Protection
:::Unconditionally prohibit automatic operation characteristics to prevent viruses……
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_BINARY /d ffffff03 /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 0x000000df /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d 0x00000001 /f>nul 2>nul
:::Repair disk open association……
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f>nul 2>nul
:::Clear automatic loading key values……
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SoundMam /f>nul 2>nul
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v wincfgs /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /f>nul 2>nul
:::Modify directory permissions to prevent viruses or trojans from damaging the system ……
CALL :cacls_exe
Echo %endr%Self - starting directory permission protection ……
Echo %endr%Self - starting directory permission protection ……>list
echo Y|cacls "%USERPROFILE%\「Start」Menu\Programs\Startup" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%USERPROFILE%\「Start」Menu\Programs\Startup" /E /C /R Administrator >nul 2>nul
echo Y|cacls "%ALLUSERSPROFILE%\「Start」Menu\Programs\Startup" /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
Cacls "%ALLUSERSPROFILE%\「Start」Menu\Programs\Startup" /E /C /R Administrator >nul 2>nul
Echo %endr%%SystemRoot% directory permission protection ……
Echo %endr%%SystemRoot% directory permission protection ……>>list
Cacls "%SystemRoot%" /T /E /C /R Administrator >nul 2>nul
echo Y|cacls "%SystemRoot%" /T /C /E /P Administrators:%caclsRF%>nul 2>nul
Echo %endr%Policy permission protection ……
Echo %endr%Policy permission protection ……>>list
echo Y|cacls "%SystemRoot%\system32\grouppolicy" /T /C /P everyone:R Administrators:%caclsRF% SYSTEM:%caclsRF%>nul 2>nul
:::Remove dangerous command USER permissions
Cacls %SystemRoot%\regedit.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cmd.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\net1.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\tftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\at.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\telnet.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shell32.dll /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nbtstat.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\reged32t.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\attrib.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ftp.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\cscript.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\debug.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ddeshare.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\hostname.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\msppcnfg.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\mstsc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\netsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\nslookup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regedt32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\regsvr32.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\sc.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\shadow.exe /e /R Users >nul 2>nul
Cacls %SystemRoot%\System32\share.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\xcopy.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edlin.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\ping.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\route.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\finger.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\posix.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rsh.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\atsvc.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\qbasic.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\runonce.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\syskey.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\secfixup.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rdisk.exe /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\edit.com /E /R Users >nul 2>nul
Cacls %SystemRoot%\System32\rexec.exe /E /R Users >nul 2>nul
if "%ofn%"=="" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P everyone:N>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P everyone:N>nul 2>nul
)
if "%ofn%"=="" (
echo Y|Cacls.exe %SystemRoot%\System32\Cacls.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
echo Y|Cacls.exe %SystemRoot%\System32\regini.exe /C /P Administrators:F SYSTEM:F>nul 2>nul
)
if exist Cacls.exe del /A /F /S /Q Cacls.exe >nul 2>nul
::::Modify registry automatic operation key value permissions to prevent viruses or trojans from damaging the system ……
CALL :regini_exe
Echo %endr%All users self - starting registry key value protection……
Echo %endr%All users self - starting registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users Explorer registry key value protection……
Echo %endr%All users Explorer registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users IE registry key value protection……
Echo %endr%All users IE registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%All users initialization program registry key value protection……
Echo %endr%All users initialization program registry key value protection……>>list
>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Windows %ofn%
>>regini.ini Echo HKEY_CURRENT_USER\Software\Microsoft\Windows nt\Currentversion\Winlogon %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Immune malicious web page trojan registry key value protection……
Echo %endr%Immune malicious web page trojan registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969EA-F192-11D4-A65F-0040963251E5} %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user self - starting registry key value protection……
Echo %endr%Local user self - starting registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonce %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Runonceex %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user Explorer registry key value protection……
Echo %endr%Local user Explorer registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Policies\Explorer %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\User shell folders %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user IE registry key value protection……
Echo %endr%Local user IE registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Local user initialization program registry key value protection……
Echo %endr%Local user initialization program registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\Software\Microsoft\Windows nt\Currentversion\Inifilemapping %ofn%
>>regini.ini Echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Service driver driver registry key value protection……
Echo %endr%Service driver driver registry key value protection……>>list
>regini.ini Echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services %ofn%
regini.exe regini.ini >nul 2>nul
Echo %endr%Default user self - starting registry key value protection……
Echo %endr%Default user self - starting registry key value protection……>>list
>regini.ini Echo HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run %ofn%
regini.exe regini.ini >nul 2>nul
if exist regini.* del /A /F /S /Q regini.* >nul 2>nul
CALL END.CMD
goto :eof
:cacls_exe
@echo bs=_>xx.vbs
@echo
|
|
2009-9-4 02:42 |
|
|
xswdong
中级用户
  
积分 216
发帖 129
注册 2007-2-14
状态 离线
|
『第 14 楼』:
使用 LLM 解释/回答一下
对于感染型病毒防御不大容易 总不能每个目录每个文件都设置只读运行权限吧
Defending on infective viruses is not easy. You can't set read-only and run permissions for every directory and every file.
|
|
2009-9-4 02:48 |
|
|
plp626
银牌会员
     钻石会员
积分 2278
发帖 1020
注册 2007-11-19
状态 离线
|
『第 15 楼』:
使用 LLM 解释/回答一下
Originally posted by xswdong at 2009-9-4 02:48 AM:
对于感染型病毒防御不大容易 总不能每个目录每个文件都设置只读运行权限吧
你贴的代码得好好精简下。。。。
---------------------------------------------
" 感染型" 的病毒?我懂你 的意思,
文件监视不是用批处理来做的,那岂不是笑话了,大家别想歪了,
还是那句话 批处理只做:非交互的,双击即可搞定的设置性的工作
Originally posted by xswdong at 2009-9-4 02:48 AM:
It's not easy to defend against infective viruses. You can't set read-only and run permissions for each directory and each file, can you?
You need to streamline the code you pasted...
---------------------------------------------
"Infective" viruses? I understand what you mean,
File monitoring is not done with batch processing, that would be ridiculous, don't get it wrong,
Still the same sentence Batch processing only does non-interactive, double-click-to-set work
|

山外有山,人外有人;低调做人,努力做事。
进入网盘(各种工具)~~ 空间~~cmd学习 |
|
2009-9-4 03:14 |
|