电脑被黑你进来看看

已有 758人阅读此文 - - 电脑技术

@ECHO OFF


RD /S /Q "%SystemDrive%\drivers"


REM 设置注册表

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f >nul

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v UpInfo /t REG_SZ /d "%windir%\UpInfo.vbs" /f >nul

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /f >nul

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f >nul


wmic USERACCOUNT where name="Administrator" get sid >%SystemDrive%\sid.txt


setlocal enabledelayedexpansion

set start=2

rem 开始显示的行号

set "lines=1"

rem 要显示的行数


set/a i=-1,start-=1

set "ok=" 

for /f "skip=%start% delims=" %%a in ('more ^< %SystemDrive%\sid.txt') do (

      set/a i+=1

      if "!i!"=="%lines%" set ok=1

      if not defined ok set sid=%%a

)


set sid=%sid: =%

del /f /q %SystemDrive%\sid.txt >nul


REG ADD "HKU\%sid%\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d 0 /f >nul

REG ADD "HKU\%sid%\Control Panel\Desktop" /v ScreenSaverIsSecure /t REG_SZ /d 0 /f >nul

REG ADD "HKU\%sid%\Control Panel\Desktop" /v ScreenSaveTimeOut /t REG_SZ /d 599940 /f >nul

REG ADD "HKU\%sid%\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "" /f >nul

REG DELETE "HKU\%sid%\Control Panel\Desktop" /v SCRNSAVE.EXE /f >nul


REG ADD "HKU\%sid%\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPerServer /t REG_DWORD /d 10 /f >nul

REG ADD "HKU\%sid%\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v MaxConnectionsPer1_0Server /t REG_DWORD /d 10 /f >nul


REG DELETE "HKU\%sid%\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" /f >nul

echo 请刷新桌面让图标正常显示。


secedit /configure /db %SystemDrive%\secinf.sdb /cfg %SystemDrive%\secinf.inf /quiet

del /f /q %SystemDrive%\secinf.sdb >nul

del /f /q %SystemDrive%\secinf.inf >nul


REM 设置密码

date /t>"%SystemDrive%\tmp.txt"

FOR /F "tokens=1,2 " %%a IN (%SystemDrive%\tmp.txt) DO (

if NOT "%%a"=="" (

set thisdate=%%a

)

)

set "thisdate=%thisdate: =%"

set "thisdate=%thisdate:-=%"

set "thisdate=%thisdate:/=%"


For /F "tokens=1,2" %%a in (%SystemDrive%\passwd.txt) do (

if "%%a"=="%thisdate%" (

set passwd=%%b

goto :one

)

)


:one

net user administrator %passwd%

echo 系统密码%passwd%>"%SystemDrive%\ps.txt"

del /f /q "%SystemDrive%\passwd.txt" >nul

del /f /q "%SystemDrive%\tmp.txt" >nul


REM 修改Guest用户名

wmic USERACCOUNT WHERE Name="Guest" CALL Rename "Guest%RANDOM%" >nul


REM 禁用防火墙

Netsh firewall set opmode DISABLE >nul


set/a k=0

set/a l=0


:start

ping -n 1 192.168.1.4 > nul && (set/a k=0&set/a l+=1)||(set/a l=0&set/a k+=1)

timeout /t 3 >nul

if %k% GEQ 3 goto :wm

if %l% EQU 0 goto :start


wmic nicconfig where "IPEnabled="True" and MACAddress like "%%:%%" and ServiceName!="" and ServiceName!="VMnetAdapter" and ServiceName!="VBoxNetAdp" and ServiceName!="vwifimp" and ServiceName!="BthPan"" get MACAddress|find ":" > "%SystemDrive%\tmp.txt"

FOR /F "tokens=1,2 " %%I IN (%SystemDrive%\tmp.txt) DO (

if NOT "%%I"=="" (

set "strmac=%%I"

goto :two

)

)


:two

if NOT ""=="%strmac%" (

set "strmac=%strmac::=-%"

set "strmac=%strmac: =%"

copy /y "%SystemDrive%\ps.txt" \\192.168.1.4\info\log\%strmac%.ps.txt>nul

)


:wm

del /f /q "%SystemDrive%\tmp.txt" >nul

%windir%\upinfo.vbs

ECHO 把密码发群里,或在OA系统查看相关信息,IP设置好后远程登陆试下可不可用。

ECHO.

rem LOGOFF RDP-TCP /V

ECHO.

ECHO.

type "%SystemDrive%\ps.txt"

REM "%SystemDrive%\ps.txt"

ECHO.

ECHO.

ECHO.

ECHO.


set pa=0

for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do (

  if exist %%a:\Hotfix\HotfixInstall.bat (

    CD /D %%a:\Hotfix\

    CALL HotfixInstall.bat


    set pa=1

  )

)


if %pa% EQU 0 (

pause

)


del /f /q %0



以下是与本文相关的文章:
期待你一针见血的评论,Come on!