20100730ո 
================================================================
1ʵСļðť.regͻָðť.regоעСܣɷֹԱɵõ֣
   ¼ÿνԶIP.batĹûÿνԶʱԶ¼IPֺڿټ

2޸´ɵIISվ֤ʱʾ޷֤ ܾʵ!

:: cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/DSS/achineKeys" /D Guests:1;1 /E
:: cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/RSA/MachineKeys" /D Guests:1;1 /E
:: cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /D Guests:1;1 /E

20091230ո 
================================================================
:: 20091230,ɾױڿûSUPPORT_388945a0SQLDebugger
net user SQLDebugger /delete
net user SUPPORT_388945a0 /delete

20091216ո 
================================================================
:: ΪIISĬϵ404ҳĿ¼EveryOneֹдȨޣֹڿͨ404ҳĿ¼
cscript.exe xcacls.vbs "%SystemRoot%/Help/iisHelp/common" /D Everyone:w /E

2009116ո 
================================================================
:: ֹԷŴ󾵺ַ
attrib +R +S +H "%SystemRoot%/system32/magnify.exe"
cscript.exe xcacls.vbs "%SystemRoot%/system32/magnify.exe" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/dllcache/magnify.exe" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%/ServicePackFiles/i386/magnify.exe" /D Everyone:M /E

2009926ո 
================================================================
:: 2009926,3389ٳ,òΪľ,кͷBATļREGļעĿ,ͨDLLļȡϢ.

del %SystemRoot%\system32\wminotify.dll /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\wminotify.dll
attrib +R +S +H %SystemRoot%\system32\wminotify.dll
cscript.exe xcacls.vbs "%SystemRoot%/system32/wminotify.dll" /D Everyone:M /E

:: 2009926,3389ٳ,òΪľ,кͷBATļREGļעĿ,ͨDLLļȡϢ.

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wminotify /f

200995ո 
================================================================
1޸ִgzip޷ʹ

cscript.exe xcacls.vbs "%SystemRoot%/IIS Temporary Compressed Files" /g IIS_WPG:F /e

2޸ִʹVBScript.Encodeҳ

:: 200957,VBScript.EncodeʹʧЧ
:: reg delete "HKEY_CLASSES_ROOT\VBScript.Encode" /f
:: reg delete "HKEY_CLASSES_ROOT\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}" /f
:: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript.Encode" /f
:: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}" /f


2009511ո 
================================================================
޸ִϵͳԴFTP޷ӵ

cscript.exe xcacls.vbs "%SystemDrive%/inetpub/ftproot" /g Users:r /e

200957ո 
================================================================
:: VBScript.EncodeʹʧЧ
reg delete "HKEY_CLASSES_ROOT\VBScript.Encode" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBScript.Encode" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}" /f

200956ո 
================================================================
:: ɾǰûжעΣ

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}" /f

2009327ո 
================================================================
:: ɾsystem32\npptools.dll½npptools.dllΪֻ,Ȩ ɷֹarp

:: del %SystemRoot%\system32\npptools.dll /A/F/Q
:: dir %SystemRoot%\system32\com > %SystemRoot%\system32\npptools.dll
:: attrib +R +S +H %SystemRoot%\system32\npptools.dll
cscript.exe xcacls.vbs "%SystemRoot%/system32/npptools.dll" /D Everyone:F /E

200912ո 
================================================================
C̰ȫǿ.bat

:: ڿ;õϵͳļEveryoneܾȨ

regsvr32 /s wshom.ocx
cscript.exe xcacls.vbs "%SystemRoot%/system32/cmd.exe" /D Everyone:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/net.exe" /D Everyone:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/net1.exe" /D Everyone:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/cacls.exe" /D Everyone:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/wscript.exe" /D Everyone:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/wshom.ocx" /D Everyone:F /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/cscript.exe" /D Everyone:F /E
regsvr32 /s /u wshom.ocx

Echo C̰ȫǿ! 밴˳! 
PAUSE >nul
Goto exit

2008123ո 
================================================================
ע˴ΪûӦһִкSQL2000ˣ3389Ӳ

:: ֹľгIISĿ¼

:: cscript.exe xcacls.vbs "%SystemRoot%/ServicePackFiles/i386/activeds.dll" /R "Power Users" /E
:: cscript.exe xcacls.vbs "%SystemRoot%/ServicePackFiles/i386/activeds.dll" /R "Users" /E

:: cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.dll" /R "Power Users" /E
:: cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.dll" /R "Users" /E

:: cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.tlb" /R "Power Users" /E
:: cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.tlb" /R "Users" /E


20081120ո 
================================================================
޸Ʋڲݷ޷ȷ,л",QQ26499499"Ľ!

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers" /v Levels /t REG_DWORD /d "0x04131000" /f
copy /y "%SystemRoot%\system32\GroupPolicy\Machine\Registry.pol" Registry.old 
copy /y Registry.pol "%SystemRoot%\system32\GroupPolicy\Machine"
gpupdate /force


20081017ո 
================================================================
1.
:: ֹûdllcacheļд,ֹڿ!ӰԶ,ʱȥ!
:: cscript.exe xcacls.vbs "%SystemRoot%/System32/dllcache" /D Everyone:W /E

2.
:: ȥHappyTime(ʱ)в,ӰHTML,ȥ

:: reg delete HKCR\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC} /f
:: reg delete HKCR\Scriptlet.TypeLib /f

20080824ո 
================================================================
Ľϵͳ,עͺ͸ļ,ΪCĿÿռ!

echo ɾĿ¼ 
RD %windir%\$hf_mig$ /Q /S 

echo Ѳжļеֱ2950800.txt 
dir %windir%\$NtUninstall* /a:d /b >%windir%\2950800.txt 

echo 2950800.txtжȡļбɾļ 
for /f %%i in (%windir%\2950800.txt) do rd %windir%\%%i /s /q 

echo ɾ2950800.txt 
del %windir%\2950800.txt /f /q 

echo ɾװ¼ݣdel /f /s /q %systemdrive%\*.logѾɾļ 
del %windir%\KB*.log /f /q 

echo ɾϵͳĿ¼ʱļ 
del /f /s /q %systemdrive%\*.tmp 

echo ɾϵͳĿ¼ʱļ 
del /f /s /q %systemdrive%\*._mp 

echo ɾϵͳĿ¼־ļ 
del /f /s /q %systemdrive%\*.log 

echo ɾϵͳĿ¼GIDļ(ʱļò) 
del /f /s /q %systemdrive%\*.gid 

echo ɾϵͳĿ¼scandiskɨ裩µļ 
del /f /s /q %systemdrive%\*.chk 

echo ɾϵͳĿ¼oldļ 
del /f /s /q %systemdrive%\*.old 

echo ɾվļ 
del /f /s /q %systemdrive%\recycled\*.* 

echo ɾϵͳĿ¼±ļ 
del /f /s /q %windir%\*.bak 

echo ɾӦóʱļ 
del /f /s /q %windir%\prefetch\*.* 

echo ɾϵͳάȲʱļ 
del /f /s /q %windir%\temp\*.* 

echo ɾǰûCOOKIEIE 
del /f /s /q %userprofile%\cookies\*.* 

echo ɾinternetʱļ 
del /f /s /q "%userprofile%\local settings\temporary internet files\*.*" 

echo ɾǰûճʱļ 
del /f /s /q "%userprofile%\local settings\temp\*.*" 

echo ɾʼ¼ʼ˵еĵĶ 
del /f /s /q "%userprofile%\recent\*.*"

20080822ո 
================================================================
:: ֹľгIISĿ¼,˲ӰMMCԪʹ,ȡ

:: cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.dll" /G Administrators:F
:: cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.dll" /G SYSTEM:F

:: cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.tlb" /G Administrators:F
:: cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.tlb" /G SYSTEM:F

[˵ĿִɺȨ޵ĳͻɼļûĪʧMMCԪ޷򿪣]

´ſִ

cscript.exe xcacls.vbs "%SystemRoot%/ServicePackFiles/i386/activeds.dll" /R "Power Users" /E
cscript.exe xcacls.vbs "%SystemRoot%/ServicePackFiles/i386/activeds.dll" /R "Users" /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.dll" /R "Power Users" /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.dll" /R "Users" /E

cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.tlb" /R "Power Users" /E
cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.tlb" /R "Users" /E

20080820ո 
================================================================
cscript.exe xcacls.vbs "%SystemRoot%/system32/dllcache/sethc.exe" /D Everyone:M /E

:: ֹûdllcacheļд,ֹڿ!
cscript.exe xcacls.vbs "%SystemRoot%/System32/dllcache" /D Everyone:W /E

20080818ո 
================================================================
:: ֹľгIISĿ¼

cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.dll" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.dll" /G SYSTEM:F

cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.tlb" /G Administrators:F
cscript.exe xcacls.vbs "%SystemRoot%/system32/activeds.tlb" /G SYSTEM:F

20080729ո 
================================================================
1.޸˵˳

2.ӽCNTFSȨ޻ԭΪĬϹ

:Security
MODE con: COLS=80 LINES=18
COLOR 70
Echo.

Echo CNTFSȨ޻ԭΪĬУԺ󡣡
Secedit /configure /db %SYSTEMROOT%\security\database\cvtfs.sdb /Cfg %SYSTEMROOT%\security\templates\setup security.inf /areas filestore

Echo CNTFSȨ޻ԭΪĬϴ! Ч!
PAUSE >nul
Goto start

20080703ո 
================================================================

:: ɾIPC$
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD  /d 00000001 /f


ȥDDOSˮ,ΪDDOSѾû,δִк󻹻޷ҳ,ܶ,Աȥ!
:: DDOSˮ

:: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsMenu /t REG_BINARY /d "01 00 00 00" /f
:: reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRecentDocsHistory /t REG_BINARY /d "01 00 00 00" /f
:: reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DontDisplayLastUserName /t REG_SZ /d 1 /f 
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous /t REG_DWORD /d "00000001" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareServer /t REG_DWORD /d "00000000" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v AutoShareWks /t REG_DWORD /d "00000000" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirect /t REG_DWORD /d "00000000" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v KeepAliveTime /t REG_DWORD /d "0x000927c0" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SynAttackProtect /t REG_DWORD /d "00000002" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpen /t REG_DWORD /d "0x000001f4" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxHalfOpenRetried /t REG_DWORD /d "00000190" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxConnectResponseRetransmissions /t REG_DWORD /d "00000001" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpMaxDataRetransmissions /t REG_DWORD /d "00000003" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TCPMaxPortsExhausted /t REG_DWORD /d "00000005" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v DisableIPSourceRouting /t REG_DWORD /d "00000002" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpTimedWaitDelay /t REG_DWORD /d "0x0000001e" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v TcpNumConnections /t REG_DWORD /d "0x00004e20" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnablePMTUDiscovery /t REG_DWORD /d "00000000" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v NoNameReleaseOnDemand /t REG_DWORD /d "00000001" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableDeadGWDetect /t REG_DWORD /d "00000000" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v PerformRouterDiscovery /t REG_DWORD /d "00000000" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v EnableICMPRedirects /t REG_DWORD /d "00000000" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v BacklogIncrement /t REG_DWORD /d "00000005" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters" /v MaxConnBackLog /t REG_DWORD /d "0x000007d0" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v EnableDynamicBacklog /t REG_DWORD /d "00000001" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MinimumDynamicBacklog /t REG_DWORD /d "00000014" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v MaximumDynamicBacklog /t REG_DWORD /d "00007530" /f
:: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v DynamicBacklogGrowthDelta /t REG_DWORD /d "0x0000000a" /f

20080616ո 
================================================================
޸ִйЩASPļ޷ʹõ
cscript.exe xcacls.vbs "%SystemRoot%/temp" /g Users:m /e

20080610ո 
================================================================
:: ޸εĲʾļļеĹ
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL" /v CheckedValue /t REG_DWORD /d "00000001" /f

20080607ո 
================================================================
޸ر¼ٳЧĴ

20080517ո 
================================================================
޸ϵͳʱ

20080425ո 
================================================================
޸ɾBOOT.INISYSTEMȫȨ޺ŪһGHOSTŪ˵

20080419ո 
================================================================
1.ļȨǰregsvr32 /s wshom.ocxڵļȨʱʾȱٶ

2.ȥǰϵͳTelephonyCOM+ Event SystemĽ

3.޸й2.3汾޷ʹmsconfig

20080417ո 
================================================================
޸ܶĸ޷ϴ⣡

20080416ո 
================================================================
1.޸ƲԲܳɹĴ

2.ӷudf.dllרɴʩ

:: ɾudf.dlllangouster_udf.dll½udf.dlllangouster_udf.dllΪֻ,Ȩ ɷֹlangouster_udf.dllר

net stop mysql
del %SystemRoot%\system32\udf.dll /A/F/Q
del %SystemRoot%\udf.dll /A/F/Q
del %SystemRoot%\temp\udf.dll /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\udf.dll
dir %SystemRoot%\system32\com > %SystemRoot%\udf.dll
dir %SystemRoot%\system32\com > %SystemRoot%\temp\udf.dll
attrib +R +S +H %SystemRoot%\system32\udf.dll
attrib +R +S +H %SystemRoot%\udf.dll
attrib +R +S +H %SystemRoot%\temp\udf.dll
cscript.exe xcacls.vbs "%SystemRoot%\system32\udf.dll" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%\udf.dll" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%\temp\udf.dll" /D Everyone:M /E

del %SystemRoot%\system32\langouster_udf.dll /A/F/Q
del %SystemRoot%\langouster_udf.dll /A/F/Q
del %SystemRoot%\temp\langouster_udf.dll /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\langouster_udf.dll
dir %SystemRoot%\system32\com > %SystemRoot%\langouster_udf.dll
dir %SystemRoot%\system32\com > %SystemRoot%\temp\langouster_udf.dll
attrib +R +S +H %SystemRoot%\system32\langouster_udf.dll
attrib +R +S +H %SystemRoot%\langouster_udf.dll
attrib +R +S +H %SystemRoot%\temp\langouster_udf.dll
cscript.exe xcacls.vbs "%SystemRoot%\system32\langouster_udf.dll" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%\langouster_udf.dll" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%\temp\langouster_udf.dll" /D Everyone:M /E
net start mysql

20080407ո 
================================================================
1޸Զ³⣡

20080329ո 
================================================================
1޸ǰѾֵĸִ

2Ӧ

˸һͻƣֱӸ°汾Ϊ2.3

Echo Ӧԣһǿȫ!
c:
cd\
cd "%SystemRoot%/system32/GroupPolicy/Machine"
copy Registry.pol Registry.old /y
copy Registry.pol "%SystemRoot%/system32/GroupPolicy/Machine" /y
gpupdate /force
Echo Ӧϣ밴زѡ...


20080328ո 
================================================================
Rem Ŀ¼Ȩ޺ASPFSOȵкܴϵ,Ȩ޲Ҷ!
cscript.exe xcacls.vbs "%SystemRoot%/WinSxS" /g users:x /e

20080326ո 
================================================================

Rem ر¼ٳ
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v ShutdownReasonOn /t REG_DWORD /d "00000000" /f

Rem ֹ Windows ָĳ
Rem ãû޷ӵӦóбĳ

REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DisallowRun /t REG_DWORD /d "00000001" /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v login.scr /t REG_SZ /d login.scr /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v net.exe /t REG_SZ /d net.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v net.exe /t REG_SZ /d net1.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v xsiff.exe /t REG_SZ /d xsiff.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v xsniff.exe /t REG_SZ /d xsniff.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v sethc.exe /t REG_SZ /d sethc.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v WinPcap.exe /t REG_SZ /d WinPcap.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v nc.exe /t REG_SZ /d nc.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v sql.exe /t REG_SZ /d sql.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v su.exe /t REG_SZ /d su.exe /f


20080324ո 
================================================================
1.Rem Σļڷͨwebshellִ

REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v login.scr /t REG_SZ /d login.scr /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v net.exe /t REG_SZ /d net.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v net.exe /t REG_SZ /d net1.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v xsiff.exe /t REG_SZ /d xsiff.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v xsniff.exe /t REG_SZ /d xsniff.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v sethc.exe /t REG_SZ /d sethc.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v WinPcap.exe /t REG_SZ /d WinPcap.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v nc.exe /t REG_SZ /d nc.exe /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v sql.exe /t REG_SZ /d sql.exe /f

2.רIISػ,ֹIIS!

20080322ո
================================================================

Rem ֹWINDOWS©[ճü]"̬֮ʷWindowssethc_exe"

cscript.exe xcacls.vbs "%SystemRoot%/system32/sethc.exe" /D Everyone:M /E
cscript.exe xcacls.vbs "%SystemRoot%/ServicePackFiles/i386/sethc.exe" /D Everyone:M /E


20080318ո 
================================================================
1.޸2.1汾ִеʱĴ

2.Żϵͳ񣬴Զ,ǽȾõϵͳ

3.ͨʽ
--------------------------------------------------------
Echo ͨʽ

Rem ִȼȴͳһָHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\RunҪ, ɺֽԼɾȥ. ַʽΪ,еİȫ߶޷ĳ. 
Rem ͨʽأλעHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ BackupRestore\KeysNotToRestoreµPending Rename Operationsִ

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v PendingFileRenameOperations /f
--------------------------------------------------------

4.ȥЧArp󶨲֣ȶMACַɨͰ󶨹صַhttp://safe.atimg.com/macbind.rar

5.ȥ˵

================================================================
20080313ո 
================================================================
1.ȥinetsrvĿ¼ȨñĬϣǰȨ޶ASPӰ

2.ȥǰõDHCP񱣳Ĭ״̬

3.޸ǰйϰ汾Ļظ°汾ʱʾ"ȱٶ"Ĵ

4.ArpʩArpȫԶʵʱ˫,ȫԶκֹ
-----------------------------------------------------------------------------------------
Rem ɾsystem32\npptools.dll½npptools.dllΪֻ,Ȩ ɷֹarp

del %SystemRoot%\system32\npptools.dll /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\npptools.dll
attrib +R +S +H %SystemRoot%\system32\npptools.dll
cscript.exe xcacls.vbs "%SystemRoot%/system32/npptools.dll" /D Everyone:M /E

Rem ɾsystem32\packet.dll½packet.dllΪֻ,Ȩ ɷֹarp

del %SystemRoot%\system32\packet.dll /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\packet.dll
attrib +R +S +H %SystemRoot%\system32\packet.dll
cscript.exe xcacls.vbs "%SystemRoot%/system32/packet.dll" /D Everyone:M /E

Rem ɾsystem32\pthreadVC.dll½pthreadVC.dllΪֻ,Ȩ ɷֹarp

del %SystemRoot%\system32\pthreadVC.dll /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\pthreadVC.dll
attrib +R +S +H %SystemRoot%\system32\pthreadVC.dll
cscript.exe xcacls.vbs "%SystemRoot%/system32/pthreadVC.dll" /D Everyone:M /E

Rem ɾsystem32\wpcap.dll½wpcap.dllΪֻ,Ȩ ɷֹarp

del %SystemRoot%\system32\wpcap.dll /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\wpcap.dll
attrib +R +S +H %SystemRoot%\system32\wpcap.dll
cscript.exe xcacls.vbs "%SystemRoot%/system32/wpcap.dll" /D Everyone:M /E

Rem ɾsystem32\npf.sys½npf.sysΪֻ,Ȩ ɷֹarp

del %SystemRoot%\system32\drivers\npf.sys /A/F/Q
dir %SystemRoot%\system32\com > %SystemRoot%\system32\drivers\npf.sys
attrib +R +S +H %SystemRoot%\system32\npf.sys
cscript.exe xcacls.vbs "%SystemRoot%/system32/drivers/npf.sys" /D Everyone:M /E
-----------------------------------------------------------------------------------------

20071121ո 
================================================================
ȥHappyTime(ʱ)в[Ŀǰ99%WIN϶ڴв]

reg delete HKCR\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC} /f
reg delete HKCR\Scriptlet.TypeLib /f

HappyTime(ʱ)е没֮һķֳռôʱпɾõĿִļϵͳ̱ΪΣգķڸȾʹʱⲡĿܡ


ע͵ݣIISĴҳ

attrib %SystemRoot%\Help\iisHelp -s -r -h
del %SystemRoot%\Help\iisHelp\*.* /s /q /f
rd %SystemRoot%\Help\iisHelp /s /q



system32ܾܾGuestsȡ

ֵ֧Ľ취ע͵
cscript.exe xcacls.vbs "%SystemDrive%/Program Files" /D Guests:1;1 /E


޸Ӧú޷øĹԱû½

޸̽FSOıдʾ

IPȫ

================================================================
¾ڴ

ǰ¼¼
================================================================
cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "CREATOR OWNER" /e
cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "Power Users" /e
@Rem cscript.exe xcacls.vbs "%SystemRoot%/system32/wbem" /r "users" /e Ӱ.NET,ȥ!



cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/DSS/achineKeys" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/Crypto/RSA/MachineKeys" /D Guests:1;1 /E
cscript.exe xcacls.vbs "%SystemDrive%/Documents and Settings/All Users/Application Data/Microsoft/HTML Help" /D Guests:1;1 /E


ȫģ

ThecSafe.inf

˴ǽն˷޷½

================================================================
