- 帖子
- 4
- 积分
- 27
- 技术
- 0
- 捐助
- 0
- 注册时间
- 2010-11-1
|
2楼
发表于 2011-6-24 12:48
| 只看该作者
下面是完整代码:
------------------------------------
@echo off
:begin
color 9e
SETLOCAL
rem 活动代码页设为中文
chcp 936>nul 2>nul
echo.
rem 加载……
rem 先对流氓程序进行无条件运行限制
if exist StopRigue.exe StopRigue.exe
if exist UnActiveX.reg regedit /s UnActiveX.reg
:CHKS
echo.
rem 检测操作系统版本
ver|find "2000" > nul 2>nul
if "%ERRORLEVEL%"=="0" goto :2000
ver|find "XP" > nul 2>nul
if "%ERRORLEVEL%"=="0" goto :xp2k3
ver|find "Microsoft Windows [版本 5" > nul 2>nul
if "%ERRORLEVEL%"=="0" goto :XP2k3
echo.
echo 对不起,本程序仅支持 Windows 2000/XP/2003。
goto end
rem 判断操作系统并分配策略操作命令
:2000
set UpdatePolicy=secedit /refreshpolicy machine_policy>nul 2>nul
goto compatible
:XP2k3
set UpdatePolicy=GPUpdate /Force>nul 2>nul
goto compatible
:compatible
rem 设置FS变量,假定为NTFS
set FS=NTFS
rem 检测系统分区文件系统类型
CACLS %SystemRoot% | find "SYSTEM"> nul 2>nul
rem 如果检测到NTFS格式
if "%ERRORLEVEL%"=="0" goto maketmp
:fat
cls
rem 如果不是NTFS则将变量设置为FAT
set FS=FAT
rem 以突出颜色显示以提请注意
color 4f
echo.
echo 注意您的系统分区没有采用 NTFS 文件系统,因此不能对系统目录进行保护!
echo.
echo 是否现在就开始将系统分区转换为 NTFS 文件系统?
set /p CONVERT= 请选择(Y/N):
if /I "%CONVERT%"=="y" goto CONVERT
if /I "%CONVERT%"=="n" goto begin
if "%CONVERT%"=="" goto fat
rem 如果是其他输入则返回
goto fat
:CONVERT
rem 这里转换系统分区为 NTFS
echo.
echo 确定转换后,请重新启动计算机,然后重新运行本程序!
convert %SystemDrive% /FS:NTFS /V
pause>nul
rem 转换后退出
goto end
:maketmp
rem 兼容性准备
if not exist %SystemRoot%\Lastgood\nul md %SystemRoot%\Lastgood>nul 2>nul
if not exist %SystemRoot%\comsetup.log echo .>%SystemRoot%\comsetup.log>nul 2>nul
rem 测试TEMP是否存在并试图先修复
md %SystemRoot%\TEMP>nul 2>nul
if not exist %SystemRoot%\TEMP goto fixtemp
goto start
:fixtemp
rem 万一系统目录被保护且临时目录被删除,则自动创建并恢复权限
cacls %SystemRoot%|find "EveryoneDENY)">nul
if "%errorlevel%"=="0" cacls %SystemRoot% /E /C /R everyone>nul 2>nul
md %SystemRoot%\TEMP>nul 2>nul
if "%errorlevel%"=="1" goto start
setacl -on %SystemRoot% -ot file -actn ace -ace "n:Everyone;m:deny;p:add_subdir;i:np">nul 2>nul
setacl -on %SystemRoot% -ot file -actn ace -ace "n:Everyone;m:deny;p:add_file;i:np">nul 2>nul
goto start
:start
rem 状态检测
set syss=系统目录:未保护
set pros=程序目录:未保护
set diypros=自定义目录:未保护
set regacl=注册表入口:未保护
cacls %SystemRoot%|find "Everyone:(DENY)">nul
if "%errorlevel%"=="0" set syss=系统目录:已固化
cacls "%ProgramFiles%"|find "Everyone:(DENY)">nul
if "%errorlevel%"=="0" set pros=程序目录:已固化
rem 自定义目录固化提示,应该选用全局变量(首页界面支持的全局变量)
cacls %obj%|find "Everyone:(DENY)">nul
if "%errorlevel%"=="0" set diypros=自定义目录:已固化
rem 单独判断注册表入口是否固化
setacl -on HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run -ot reg -actn list|find "deny">nul
if "%errorlevel%"=="0" set regacl=注册表入口:已固化
rem 文件访问变量参数
rem 禁止Everyone所有权限
set AllDeny=-ot file -actn ace -ace "n:Everyone;m:deny;p:full;i:sc"
rem 禁止添加子目录,不包含子文件夹
set NoAddSubdir=-ot file -actn ace -ace "n:Everyone;m:deny;p:add_subdir,write_dacl,write_owner;i:np"
rem 允许添加子文件夹,不包含子文件夹
set AddSubdir=-ot file -actn ace -ace "n:Everyone;m:deny;p:add_subdir,write_dacl,write_owner;i:np"
rem 禁止添加子目录,包含子文件夹
set NoAddSubdirs=-ot file -actn ace -ace "n:Everyone;m:deny;p:add_subdir,write_dacl,write_owner;i:sc"
rem 允许添加子文件夹,包含子文件夹
set AddSubdirs=-ot file -actn ace -ace "n:Everyone;m:grant;p:add_subdir,write_dacl,write_owner;i:sc"
rem 禁止添加文件,不包含子文件夹
set NoAddFile=-ot file -actn ace -ace "n:Everyone;m:deny;p:add_file,write_dacl,write_owner;i:np"
rem 允许添加文件,不包含子文件夹
set AddFile=-ot file -actn ace -ace "n:Everyone;m:grant;p:file,write_dacl,write_owner;i:np"
rem 禁止添加文件,包含子文件夹
set NoAddFiles=-ot file -actn ace -ace "n:Everyone;m:deny;p:add_file,write_dacl,write_owner;i:sc"
rem 允许添加文件,包含子文件夹
set AddFiles=-ot file -actn ace -ace "n:Everyone;m:grant;p:add_file,write_dacl,write_owner;i:sc"
rem 禁止服务
set SRV= -ot reg -actn ace -ace "n:Everyone;m:grant;p:set_val,write_dacl,write_owner;i:np"
set SERV= -ot srv -actn ace -ace "n:Everyone;m:grant;p:full;i:sc"
color 9e
cls
SET Choice=
echo.
echo 系统固化设置向导 深山红叶制作 分区格式:%FS%
echo -------------------------------------------------------------
echo.
echo 本工具用于固化干净的系统,以免除各种病毒木马及恶意程序的感染。
echo.
echo 【注意】
echo ①安装新软件时如果出错,请先临时取消系统和程序目录固化!
echo ②本程序不能替代杀毒软件,请确保要安装的程序干净无害!
echo.
echo [1] 简单固化系统(允许向系统目录植入文件,不允许新建文件夹)
echo [2] * 强力固化系统(推荐!不允许向系统目录植入文件和新建文件夹)
echo [3] 取消系统固化
echo -------------------------------------------------------------
echo [4] * 固化程序目录(不允许向 Program Files 新建文件夹)
echo [5] 取消程序目录固化
echo -------------------------------------------------------------
echo [6] * 自定义固化程序目录(不允许向 自定义目录 新建文件夹)
echo [7] 取消自定义固化(允许子目录 需要指定自定义目录)
echo -------------------------------------------------------------
echo [8] * 单独固化注册表自动加载入口
echo [9] 取消注册表自动加载入口的固化 [Q] 退出
echo -------------------------------------------------------------
echo 当前状态- %syss% %pros%
echo 当前状态- %diypros% %regacl%
echo.
echo.
SET /P Choice= 请选择要进行的操作:
echo %Choice%|find /i ":" && goto :start
IF NOT '%Choice%'=='' SET Choice=%Choice:~0,1%
if /i "%choice%"=="" GOTO back
IF /I '%Choice%'=='1' GOTO low
IF /I '%Choice%'=='2' GOTO power
IF /I '%Choice%'=='3' GOTO undo
IF /I '%Choice%'=='4' GOTO program
IF /I '%Choice%'=='5' GOTO unprogram
IF /I '%Choice%'=='6' GOTO diyfile
IF /I '%Choice%'=='7' GOTO undiyonefile
IF /I '%Choice%'=='8' GOTO regprotect
IF /I '%Choice%'=='9' GOTO unreg
IF /I '%Choice%'=='q' GOTO back
GOTO Start
:back
if exist main.cmd call main.cmd
:unreg
echo.
rem 取消注册表保护……
rem 以下是供取消保护用的变量
set ACT= -ot reg -actn ace -ace "n:Everyone;m:grant;p:create_subkey,set_val"
rem 取消以登录或注销脚本形式自动加载恶意程序的防范
set ACTS= -ot reg -actn ace -ace "n:Everyone;m:grant;p:set_val"
rem 取消拒绝访问注册表项的变量,是专针对恶性程序的
set ACTDeny= -ot reg -actn ace -ace "n:Everyone;m:grant;p:full"
rem 取消系统服务创建控制变量
set SRV= -ot reg -actn ace -ace "n:%USERNAME%;m:grant;p:set_val;i:sc,so"
rem 取消阻止创建新服务(仅当前账户)
set SERV= -ot srv -actn ace -ace "n:Everyone;m:grant;p:full;i:sc"
goto regdo
:program
cls
echo.
echo.
echo 【注意】
echo.
echo 强烈建议在安装好必需应用程序后再进行程序目录的锁定!
echo.
echo 锁定程序文件夹后,您将不能直接在程序目录创建文件夹,
echo 如果要安装应用程序,请安装到预置的几个分类子文件夹中即可!
echo 预置的分类文件夹
echo.
echo !NetTools —— 建议存放网络相关工具
echo !EditTools —— 建议存放编辑相关工具
echo !SysTools —— 系统维护相关工具
echo !ImageTools —— 建议存放图像相关工具
echo !OtherTools —— 存放其他类型工具
echo.
echo 如果您明白上述建议,请按任意键继续……
Pause>nul
rem 预创建分类子目录
echo.
echo 设置系统,可能需要几分钟,请稍候……
if not exist "%ProgramFiles%\!NetTools\nul" md "%ProgramFiles%\!NetTools">nul 2>nul
if not exist "%ProgramFiles%\!EditTools\nul" md "%ProgramFiles%\!EditTools">nul 2>nul
if not exist "%ProgramFiles%\!SysTools\nul" md "%ProgramFiles%\!SysTools">nul 2>nul
if not exist "%ProgramFiles%\!ImageTools\nul" md "%ProgramFiles%\!ImageTools">nul 2>nul
if not exist "%ProgramFiles%\!OtherTools\nul" md "%ProgramFiles%\!OtherTools">nul 2>nul
rem 保护当前目录,不包含子目录
rem 禁止添加文件,不包含子目录
setacl -on "%ProgramFiles%" %NoAddFile%>nul 2>nul
rem 禁止添加子文件夹,不包含子目录
setacl -on "%ProgramFiles%" %NoAddSubdir%>nul 2>nul
rem 保护公用程序目录
md "%ProgramFiles%\Common Files\SAN">nul 2>nul
attrib +h "%ProgramFiles%\Common Files\SAN">nul 2>nul
md "%ProgramFiles%\Common Files\upd">nul 2>nul
attrib +h "%ProgramFiles%\Common Files\upd">nul 2>nul
setacl -on "%ProgramFiles%\Common Files\SAN\" %AllDeny%>nul 2>nul
setacl -on "%ProgramFiles%\Common Files\UPD\" %AllDeny%>nul 2>nul
setacl -on "%ProgramFiles%\Common Files" %NoAddSubdir%>nul 2>nul
setacl -on "%ProgramFiles%\Common Files" %NoAddFile%>nul 2>nul
rem 保护IE等其他目录
setacl -on "%ProgramFiles%\Internet Explorer" %NoAddSubdir%>nul 2>nul
setacl -on "%ProgramFiles%\Internet Explorer" %NoAddFile%>nul 2>nul
cacls "%ProgramFiles%\Internet Explorer\iedw.exe" /E /C /T /R everyone>nul 2>nul
setacl -on "%ProgramFiles%\Messenger" %NoAddSubdir%>nul 2>nul
setacl -on "%ProgramFiles%\Messenger" %NoAddFile%>nul 2>nul
setacl -on "%ProgramFiles%\MSN Messenger" %NoAddSubdir%>nul 2>nul
setacl -on "%ProgramFiles%\MSN Messenger" %NoAddFile%>nul 2>nul
setacl -on "%ProgramFiles%\Windows NT" %NoAddSubdir%>nul 2>nul
setacl -on "%ProgramFiles%\Windows NT" %NoAddFile%>nul 2>nul
echo.
echo 程序目录固化完成,任意键返回……
Pause>nul
goto start
:unprogram
cacls "%ProgramFiles%" /E /C /R everyone>nul 2>nul
cacls "%ProgramFiles%\Common Files\" /E /C /R everyone>nul 2>nul
cacls "%ProgramFiles%\Internet Explorer" /E /C /R everyone>nul 2>nul
echo.
echo 取消程序目录固化完成,任意键返回……
Pause>nul
goto start
:diyfile
cls
echo.
echo.
echo 【注意】
echo.
echo 强烈建议在安装好必需应用程序后再进行程序目录的锁定!
echo.
echo 锁定程序文件夹后,您将不能直接在程序目录创建文件夹,
echo 如果要安装应用程序,请安装到预置的几个分类子文件夹中即可!
echo.
echo [1]返回主菜单
echo [2]固化自定义目录(包含子目录)
echo [3]固化自定义目录(不包含子目录)
echo [4]请输入要创建的预置分类文件夹的路径(自定义路径+文件名+后缀):
echo.
set choice=
set /p choice= 输入您的选择(1/2/3):
echo %choice%|find /i ":" && goto :diyfile
if /i "%choice%"=="" goto :Start
if /i "%choice%"=="1" goto :Start
if /i "%choice%"=="2" goto :guhua1
if /i "%choice%"=="3" goto :guhua2
if /i "%choice%"=="4" goto :quming
GOTO :diyfile
:quming
cls
echo.
echo 请输入路径,路径需要双引号括符(支持拖放):
set object=
set /p object=
echo %object%|find /i ":" && goto :diyinOK
if not "%ERRORLEVEL%"=="0" goto error
:error
echo.
echo 错误!要求输入完整的路径和文件名(或目录名)!
echo 例如:C:\Program Files\wsearch
echo 任意键返回重新输入……
pause>nul
cls
goto :diyfile
:diyinOK
for /f %%a in (%object%) do chkntfs %%~da|find /i "NTFS" &&goto :diyinOK1
echo.
echo 对不起,你创建的路径所在分区不是 NTFS 格式,
echo 请先转换目标分区为 NTFS 格式再进行相关路径的设定
echo 按任意键重新输入路径……
pause>nul
cls
goto :diyfile
:diyinOK1
cls
rem 预创建分类子目录
echo.
echo 设置系统,可能需要几分钟,请稍候……
if not exist %object% md %object%>nul 2>nul
rem 保护当前目录,不包含子目录
echo.
echo 创建预置分类文件夹成功!
echo.
echo [1] 继续创建其他的预置分类文件夹
echo [2] 返回主菜单
set choice=
set /p choice= 输入您的选择(1/2):
echo %choice%|find /i ":" && goto :diyinOK1
if /i "%choice%"=="" goto :diyfile
if /i "%choice%"=="1" goto :quming
if /i "%choice%"=="2" goto :diyfile
goto :diyfile
:guhua1
cls
echo.
echo C盘格式比较特殊,输入路径为:"c:\"(带双引号)
echo.
echo 请输入固化路径,路径需要双引号括符(支持拖放):
set obj=
set /p obj=
echo %obj%|find /i ":" &&goto :guhuaOK1
if not "%ERRORLEVEL%"=="0" goto guhuaerror1
:guhuaerror1
echo.
echo 错误!要求输入完整的路径和文件名(或目录名)!
echo 例如:C:\Program Files\wsearch
echo 任意键返回重新输入……
pause>nul
cls
goto :diyfile
:guhuaOK1
for /f %%a in (%obj%) do chkntfs %%~da|find /i "NTFS" &&goto :guhuaOKNo2
echo.
echo 对不起,你创建的路径所在分区不是 NTFS 格式,
echo 请先转换目标分区为 NTFS 格式再进行相关路径的设定
echo 按任意键重新输入路径……
pause>nul
cls
goto :diyfile
:guhuaOKNo2
if /i not exist %obj% (
echo 对不起,你输入的目标并不存在,
echo 任意键返回重新输入……
pause>nul
goto :diyfile
)
echo.
rem 针对“%SystemDrive%\”目录固化,界面输入内容:"c:\",要带双引号
if /i %obj%=="c:\" (
set obj=%obj:"=%
)
echo.
rem 禁止添加文件,包含子目录
setacl -on %obj% %NoAddFile%>nul 2>nul
setacl -on %obj% %NoAddFiles%>nul 2>nul
rem 禁止添加子文件夹,包含子目录
setacl -on %obj% %NoAddSubdir%>nul 2>nul
setacl -on %obj% %NoAddSubdirs%>nul 2>nul
echo.
echo 程序目录固化完成,任意键返回……
echo.
echo [1] 继续固化其他的程序目录
echo [2] 返回主菜单
set choice=
set /p choice= 输入您的选择(1/2):
echo %choice%|find /i ":" && goto :guhuaOKNo2
if /i "%choice%"=="" goto :diyfile
if /i "%choice%"=="1" goto :guhua1
if /i "%choice%"=="2" goto :diyfile
goto :diyfile
:guhua2
cls
echo.
echo C盘格式比较特殊,输入路径为:"c:\"(带双引号)
echo.
echo 请输入固化路径,路径需要双引号括符(支持拖放):
set obj=
set /p obj=
echo %obj%|find /i ":" &&goto :guhuaOK2
if not "%ERRORLEVEL%"=="0" goto guhuaerror2
:guhuaerror2
echo.
echo 错误!要求输入完整的路径和文件名(或目录名)!
echo 例如:C:\Program Files\wsearch
echo 任意键返回重新输入……
pause>nul
cls
goto :diyfile
:guhuaOK2
for /f %%a in (%obj%) do chkntfs %%~da|find /i "NTFS" &&goto :guhuaOKNo
echo.
echo 对不起,你创建的路径所在分区不是 NTFS 格式,
echo 请先转换目标分区为 NTFS 格式再进行相关路径的设定
echo 按任意键重新输入路径……
pause>nul
cls
goto :diyfile
:guhuaOKNo
if /i not exist %obj% (
echo 对不起,你输入的目标并不存在,
echo 任意键返回重新输入……
pause>nul
goto :diyfile
)
echo.
rem 针对“%SystemDrive%\”目录固化,界面输入内容:"c:\",要带双引号
if /i %obj%=="c:\" (
set obj=%obj:"=%
)
echo.
rem 禁止添加文件,不包含子目录
setacl -on %obj% %NoAddFile%>nul 2>nul
rem 禁止添加子文件夹,不包含子目录
setacl -on %obj% %NoAddSubdir%>nul 2>nul
echo.
echo 程序目录固化完成,任意键返回……
echo.
echo [1] 继续固化其他的程序目录
echo [2] 返回主菜单
set choice=
set /p choice= 输入您的选择(1/2):
echo %choice%|find /i ":" && goto :guhuaOKNo
if /i "%choice%"=="" goto :diyfile
if /i "%choice%"=="1" goto :guhua2
if /i "%choice%"=="2" goto :diyfile
goto :diyfile
:undiyonefile
cls
echo.
echo.
echo [1]返回主菜单
echo [2]请输入要取消自定义目录固化的路径(包含子目录):
echo [3]请输入要取消自定义目录固化的路径(不包含子目录):
echo.
set choice=
set /p choice= 输入您的选择(1/2/3):
echo %choice%|find /i ":" && goto :undiyonefile
if /i "%choice%"=="" goto :Start
if /i "%choice%"=="1" goto :Start
if /i "%choice%"=="2" goto :delguhua
if /i "%choice%"=="3" goto :delguhuaTwo
GOTO :undiyonefile
:delguhua
cls
echo.
echo C盘格式比较特殊,输入路径为:"c:\"(带双引号)
echo.
echo 请输入路径,路径需要双引号括符(支持拖放):
set object=
set /p object=
echo %object%|find /i ":" && goto :delghOK
if not "%ERRORLEVEL%"=="0" goto :delgherror
:delgherror
echo.
echo 错误!要求输入完整的路径和文件名(或目录名)!
echo 例如:C:\Program Files\wsearch
echo 任意键返回重新输入……
pause>nul
cls
goto :undiyonefile
:delghOK
for /f %%a in (%object%) do chkntfs %%~da|find /i "NTFS" &&goto :delghOK1
echo.
echo 对不起,你创建的路径所在分区不是 NTFS 格式,
echo 请先转换目标分区为 NTFS 格式再进行相关路径的设定
echo 按任意键重新输入路径……
pause>nul
cls
goto :undiyonefile
:delghOK1
cacls %object% /E /C /R everyone>nul 2>nul
rem “/T”参数允许子目录取消固化操作
cacls %object% /E /C /T /R everyone>nul 2>nul
rem 针对“%SystemDrive%\”目录固化的恢复
cacls %object%\ /E /C /R everyone>nul 2>nul
rem “/T”参数允许子目录取消固化操作
cacls %object%\ /E /C /T /R everyone>nul 2>nul
echo.
echo 取消自定义固化完成,任意键返回……
Pause>nul
goto :undiyonefile
:delguhuaTwo
cls
echo.
echo C盘格式比较特殊,输入路径为:"c:\"(带双引号)
echo.
echo 请输入路径,路径需要双引号括符(支持拖放):
set object=
set /p object=
echo %object%|find /i ":" && goto :delghTwoOK
if not "%ERRORLEVEL%"=="0" goto :delghTwoerror
:delghTwoerror
echo.
echo 错误!要求输入完整的路径和文件名(或目录名)!
echo 例如:C:\Program Files\wsearch
echo 任意键返回重新输入……
pause>nul
cls
goto :undiyonefile
:delghTwoOK
for /f %%a in (%object%) do chkntfs %%~da|find /i "NTFS" &&goto :delghTwoOK1
echo.
echo 对不起,你创建的路径所在分区不是 NTFS 格式,
echo 请先转换目标分区为 NTFS 格式再进行相关路径的设定
echo 按任意键重新输入路径……
pause>nul
cls
goto :undiyonefile
:delghTwoOK1
cacls %object% /E /C /R everyone>nul 2>nul
rem 针对“%SystemDrive%\”目录固化的恢复
cacls %object%\ /E /C /R everyone>nul 2>nul
echo.
echo 取消自定义固化完成,任意键返回……
Pause>nul
goto start
:low
rem fixtemp
if not exist %SystemRoot%\TEMP\nul cacls %SystemRoot% /E /C /R everyone>nul 2>nul
if not exist %SystemRoot%\TEMP\nul md %SystemRoot%\TEMP>nul 2>nul
echo.
rem 设置系统,可能需要几分钟,请稍候……
rem Windows 目录
rem 保护当前目录,禁止创建目录/文件,允许复制写入文件,不包含子目录
setacl -on %SystemRoot% %NoAddSubdir%>nul 2>nul
rem System32 目录
rem 禁止创建目录/文件,允许复制写入文件,包含子目录
setacl -on %SystemRoot% %NoAddSubdirs%>nul 2>nul
goto free
:power
rem fixtemp
color 9e
cls
echo.
echo.
echo 固化系统目录前,请先安装好所有必需的应用程序和硬件驱动!
echo 固化系统后,某些应用程序及硬件驱动可能无法安装!!!!!
echo.
echo 请检查:声卡、显示卡、打印机、扫描仪、MP3 等设备的驱动
echo 是否已经安装妥当!Office 等应用程序是否安装完毕!
echo.
SET /P Choice= 是否继续执行固化?请选择(Y/N):
IF /I '%Choice%'=='Y' GOTO protectsys
IF /I '%Choice%'=='N' GOTO start
IF /I '%Choice%'=='' GOTO power
:protectsys
if not exist %SystemRoot%\TEMP\nul cacls %SystemRoot% /E /C /R everyone>nul 2>nul
if not exist %SystemRoot%\TEMP\nul md %SystemRoot%\TEMP>nul 2>nul
echo.
rem 设置系统,可能需要几分钟,请稍候……
rem 保护系统根目录
setacl -on %SystemDrive%\ %NoAddFile%>nul 2>nul
rem Windows 目录
rem 保护当前目录及子目录
setacl -on %SystemRoot% %NoAddSubdir%>nul 2>nul
setacl -on %SystemRoot% %NoAddFiles%>nul 2>nul
rem 保护旧式配置文件
setacl -on %SystemRoot%\win.ini %NoAddFile%>nul 2>nul
setacl -on %SystemRoot%\system.ini %NoAddFile%>nul 2>nul
rem 保护公用启动组
setacl -on "%SystemDrive%\Documents and Settings\All Users\「开始」菜单\程序\启动" %NoAddFile%>nul 2>nul
rem 保护当前用户启动组
setacl -on "%USERPROFILE%\「开始」菜单\程序\启动" %NoAddFile%>nul 2>nul
goto free
:free
rem 单独开放临时目录及关键目录读写权限
setacl -on %SystemRoot%\TEMP %AddFiles%>nul 2>nul
setacl -on %SystemRoot%\TEMP %AddSubDirs%>nul 2>nul
cacls %SystemRoot%\TEMP /E /C /T /R everyone>nul 2>nul
for %%a in (log,ini.txt,cfg,dat,bak) do cacls %SystemRoot%\*.%%a /E /C /R everyone>nul 2>nul
cacls %SystemRoot%\Prefetch /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\Installer /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\LastGood /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\pchealth /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\security /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\inf /E /C /T /R everyone>nul 2>nul
cacls "%SystemRoot%\Downloaded Program Files" /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\Config /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\CatRoot /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\CatRoot2 /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\GroupPolicy /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\inetsrv /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\LogFiles /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\Setup /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\MUI /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\drivers /E /C /T /R everyone>nul 2>nul
cacls %SystemRoot%\System32\drivers\*.exe /E /C /D everyone>nul 2>nul
cacls "%SystemRoot%\SoftwareDistribution" /E /C /T /R everyone>nul 2>nul
cacls "%SystemRoot%\IIS Temporary Compressed Files" /E /C /T /R everyone>nul 2>nul
CACLS "%SystemRoot%\system32\IME" /E /C /T /R everyone>nul 2>nul
CACLS "%ProgramFiles%\WindowsUpdate" /E /C /T /R everyone>nul 2>nul
:regprotect
rem 备份注册表
rem 如果当日已经有备份则跳过,以保持当日原始备份
if exist %SystemRoot%\ERDNT\%DATE%\ERDNT.EXE goto regpt
if exist %SystemRoot%\ERDNT\AUTOBACK.EXE goto backupreg
goto regpt
:backupreg
echo.
echo 正在备份当前注册表到 %SystemRoot%\ERDNT\%DATE%……
%SystemRoot%\ERDNT\autoback.exe %SystemRoot%\ERDNT\%DATE% sysreg curuser /noprogresswindow /days:10 /alwayscreate
:regpt
echo.
echo 正在设置注册表保护……
rem 如果是取消保护则跳转
rem 保护注册表自动运行入口
rem 设置动作参数变量以简化内容
set ACT=-ot reg -actn ace -ace "n:Everyone;m:deny;p:create_subkey,set_val"
rem 防范以登录或注销脚本形式自动加载恶意程序的
set ACTS= -ot reg -actn ace -ace "n:Everyone;m:deny;p:set_val"
rem 拒绝访问注册表项的变量
set ACTDeny=-ot reg -actn ace -ace "n:Everyone;m:deny;p:full"
rem 系统服务创建控制变量
set SRV= -ot reg -actn ace -ace "n:%USERNAME%;m:deny;p:set_val;i:sc,so"
rem 阻止创建新服务(仅当前账户)
set SERV= -ot srv -actn ace -ace "n:Everyone;m:grant;p:full;i:sc"
goto regdo
rem 以下为正式的注册表保护和取消保护操作,动作由上述变量决定
:regdo
rem 保护所有 RUN
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" %ACT%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" %ACT%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices" %ACT%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunEX" %ACT%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEX" %ACT%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesEx" %ACT%>nul
setacl -on "USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" %ACT%>nul 2>nul
setacl -on "USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" %ACT%>nul 2>nul
setacl -on "USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices" %ACT%>nul 2>nul
setacl -on "USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunEX" %ACT%>nul 2>nul
setacl -on "USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEX" %ACT%>nul 2>nul
setacl -on "USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesEx" %ACT%>nul 2>nul
setacl -on "USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce" %ACT%>nul 2>nul
setacl -on "USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows" %ACT%>nul 2>nul
setacl -on "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" %ACT%>nul 2>nul
setacl -on "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" %ACT%>nul 2>nul
rem 防范应用程序路径被仿冒
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths" %ACT%>nul 2>nul
rem 启用系统文件保护
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v SFCDisable /t REG_DWORD /d "00000000" /f>nul 2>nul
rem 防范系统外壳和用户初始化程序被仿冒、带参数嫁接
if exist %SystemRoot%\System32\explorer.exe del /q /f %SystemRoot%\System32\explorer.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d "%SystemRoot%\system32\userinit.exe," /f>nul 2>nul
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v VmApplet /t REG_SZ /d "rundll32 shell32,Control_RunDLL "sysdm.cpl"" /f>nul 2>nul
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d "Explorer.exe" /f>nul 2>nul
rem 防范恶意程序彻底隐藏文件
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v CheckedValue /t REG_DWORD /d "00000001" /f>nul 2>nul
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ValueName /t REG_SZ /d "Hidden" /f>nul 2>nul
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultValue /t REG_DWORD /d "00000002" /f>nul 2>nul
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v HKeyRoot /t REG_DWORD /d "00000001" /f>nul 2>nul
rem 防范命令行自动运行参数被修改
reg add "HKLM\SOFTWARE\Microsoft\Command Processor" /v AutoRun /d "" /f>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor" %ACT%>nul 2>nul
rem 防范以登录或注销脚本形式自动加载恶意程序
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts">nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts" %ACT%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts" %ACTS%>nul 2>nul
rem 修正和防范启动组位置重定向
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Startup /f /d "%USERPROFILE%\「开始」菜单\程序\启动">nul 2>nul
setacl -on "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" %ACT%>nul 2>nul
rem 防范通过 load 或 run 自动运行恶意程序和更改可执行文件类型
setacl -on "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" %ACT%>nul 2>nul
rem 防止Internet选项高级属性设置被修改
rem 先免疫
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS" /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT" /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS" /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CDNCLIENT" /f>nul 2>nul
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions" /f>nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions" /f>nul 2>nul
rem 防范浏览器右键快捷菜单被修改
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt" /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt" /f>nul 2>nul
setacl -on "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt" %ACT%>nul 2>nul
setacl -on "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions" %ACT%>nul 2>nul
rem 防止当前用户和公共用户浏览器首页等主要设置被修改
setacl -on "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" %ACT%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main" %ACT%>nul 2>nul
setacl -on "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\AdvancedOptions" %ACT%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AdvancedOptions" %ACT%>nul 2>nul
rem 防止植入浏览器帮助对象
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" %ACT%>nul 2>nul
rem 防止资源管理器工具栏被修改
setacl -on "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist" %ACT%>nul 2>nul
rem 保护常见文件关联(EXE TXT CMD BAT INI PIF COM INF HLP CHM SHS等)
setacl -on "HKEY_CLASSES_ROOT\exefile\shell\open\command" %ACT%>nul 2>nul
setacl -on "CLASSES_ROOT\inifile\shell\open\command" %ACT%>nul 2>nul
setacl -on "CLASSES_ROOT\txtfile\shell\open\command" %ACT%>nul 2>nul
setacl -on "CLASSES_ROOT\comfile\shell\open\command" %ACT%>nul 2>nul
setacl -on "CLASSES_ROOT\batfile\shell\open\command" %ACT%>nul 2>nul
setacl -on "CLASSES_ROOT\inffile\shell\open\command" %ACT%>nul 2>nul
setacl -on "CLASSES_ROOT\piffile\shell\open\command" %ACT%>nul 2>nul
setacl -on "CLASSES_ROOT\cmdfile\shell\open\command" %ACT%>nul 2>nul
setacl -on "CLASSES_ROOT\hlpfile\shell\open\command" %ACT%>nul 2>nul
setacl -on "CLASSES_ROOT\chmfile\shell\open\command" %ACT%>nul 2>nul
rem 防止碎片文档类型
reg delete HKCR\ShellScrap\shell\open\command /f >nul 2>nul
reg add HKCR\ShellScrap\shell\open\command >nul 2>nul
rem 防止恶意 DLL 与 Explorer 链接加载
setacl -on "CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32" %ACT%>nul 2>nul
rem 防止任务管理器被替换和应用程序路径被仿冒
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe" /F>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" %ACT%>nul 2>nul
rem 防止恶意程序通过磁盘Autorun运行
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveAutoRun /t REG_DWORD /d "ffffff03" /f>nul 2>nul
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d "00000095" /f>nul 2>nul
rem 阻止特定插件的服务
rem 1、3721/Yahoo!
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CnsMinKP">nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentSet001\Services\CnsMinKP">nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CnsMinKP" %ACTDeny%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentSet001\Services\CnsMinKP" %ACTDeny%>nul 2>nul
rem 阻止创建新服务(仅当前账户)
rem setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" %SRV%>nul 2>nul
rem setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services" %SRV%>nul 2>nul
rem 2、搜狗
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\P4P Service">nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P4P Service">nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\P4P Service">nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\P4P Service">nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\P4P Service" %ACTDeny%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P4P Service" %ACTDeny%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\P4P Service" %ACTDeny%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\P4P Service" %ACTDeny%>nul 2>nul
rem 3、百毒
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdGuard">nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdGuard">nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdGuard">nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdGuard" %ACTDeny%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdGuard" %ACTDeny%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdGuard" %ACTDeny%>nul 2>nul
rem 4、CNNIC
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdnprot">nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdntran">nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdnprot" %ACTDeny%>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdntran" %ACTDeny%>nul 2>nul
rem 5、雅虎
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo">nul 2>nul
reg add "HKEY_CLASSES_ROOT\CLSID\{406F94F0-504F-4a40-8DFD-58B0666ABEBD}">nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo" %ACTDeny%>nul 2>nul
setacl -on "HKEY_CLASSES_ROOT\CLSID\{406F94F0-504F-4a40-8DFD-58B0666ABEBD}" %ACTDeny%>nul 2>nul
rem 6、QQ表情
sc stop "Universal Disk Manager">nul 2>nul
sc delete "Universal Disk Manager">nul 2>nul
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Universal Disk Manager" /f>nul 2>nul
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Universal Disk Manager" %RegDenys%>nul 2>nul
setacl -on "Universal Disk Manager" %SERV%>nul 2>nul
rem 7、YOK.com
if not exist "%ProgramFiles%\YOK.com\nul" md "%ProgramFiles%\YOK.com">nul 2>nul
attrib +h "%ProgramFiles%\YOK.com">nul 2>nul
setacl -on "%ProgramFiles%\YOK.com" %AllDeny%>nul 2>nul
:hosts
rem 设置Hosts免疫
cacls %SystemRoot%\System32\Drivers\etc\hosts /E /C /R everyone>nul 2>nul
if not exist %SystemRoot%\System32\Drivers\etc\hosts copy %SystemRoot%\System32\Drivers\etc\hosts hosts.bak
copy /y hosts %SystemRoot%\System32\Drivers\etc\>nul 2>nul
rem 保护 Hosts 文件
setacl -on "%SystemRoot%\System32\Drivers\etc\hosts" /file /deny everyone /add_file /i:no_prop_inh>nul 2>nul
rem 刷新本地安全策略以便立即生效
%UpdatePolicy%>nul 2>nul
echo 系统设置完毕,任意键返回……
Pause>nul
goto start
rem 以下暂时不启用
:firewall
echo 系统防火墙策略固化
cls
color 4f
echo.
echo 系统防火墙的通行策略可能会被一些恶意程序自动修改。
echo 固化防火墙策略前请一定要先手工检查防火墙通行策略的可靠性!
echo 强烈建议启用防火墙,并一一运行常用的网络程序后再进行固化!
SET /P Choice= 请选择要进行的操作
IF NOT '%Choice%'=='' SET Choice=%Choice:~0,1%
IF /I '%Choice%'=='1' GOTO fireset
IF /I '%Choice%'=='Q' GOTO start
:fireset
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List" %ACT%>nul 2>nul
echo.
echo 系统防火墙策略固化保护完成!任意键返回……
Pause>nul
goto start
:unfireset
setacl -on "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List" %ACT%>nul 2>nul
echo.
echo 已经取消系统防火墙策略固化!任意键返回……
Pause>nul
goto start
:undo
echo.
rem 按解除保护方案取消系统固化,请稍候……
echo 要解除注册表保护(不推荐)请选择取消注册表保护!
cacls %SystemDrive%\ /E /C /R everyone>nul 2>nul
cacls %SystemRoot% /E /C /T /R everyone>nul 2>nul
cacls "%SystemRoot%"\win.ini /E /C /R everyone>nul 2>nul
cacls "%SystemRoot%"\system.ini /E /C /R everyone>nul 2>nul
cacls "%SystemRoot%"\System32\Drivers\etc\hosts /E /C /R everyone>nul 2>nul
cacls "%SystemDrive%\Documents and Settings\All Users\「开始」菜单\程序\启动" /E /C /R everyone>nul 2>nul
cacls "%USERPROFILE%\「开始」菜单\程序\启动" /E /C /R everyone>nul 2>nul
rem 更新帐户策略、审核策略......
REM 刷新本地安全策略以便立即生效
%UpdatePolicy%>nul 2>nul
echo.
echo 系统固化取消成功,任意键返回……
Pause>nul
:end
rem Clear
del %TEMP%\setacl.exe>nul 2>nul
del %TEMP%\*.CMD>nul 2>nul
del %TEMP%\*.reg>nul 2>nul
goto start
------------------------------------ |
|