|
cd Executables
|
|
|
|
@tasklist /fi "IMAGENAME eq Explorer.exe" /fi "USERNAME ne SYSTEM" /v | findstr /I /c:"explorer.exe" > NUL
|
|
@if %errorlevel% neq 0 echo start explorer.exe & start explorer.exe
|
|
:: Make output just after file deletion look nicer
|
|
@timeout /t 5 /nobreak > nul
|
|
|
|
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 0 /f
|
|
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "" /f
|
|
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d "" /f
|
|
|
|
for /f "usebackq delims=" %%E in (`reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" /s /f "WLIDCredentialProvider" ^| findstr /c:"Credential Providers\\"`) do reg delete "%%E" /f
|
|
|
|
REM takeown /f "%WINDIR%\System32\en-US\credprovhost.dll.mui"
|
|
REM icacls "%WINDIR%\System32\en-US\credprovhost.dll.mui" /reset
|
|
REM certutil -hashfile "%WINDIR%\System32\en-US\credprovhost.dll.mui" md5 | findstr /i /c:"7AED5636DB4388798718F09C53348F49" /c:"36320488BF78869BD369013CBE93C22A" || EXIT /B 1
|
|
|
|
ame-hexer "%WINDIR%\System32\en-US\credprovhost.dll.mui" "4F 00 74 00 68 00 65 00 72 00 20 00 75 00 73 00 65 00 72" "4C 00 6F 00 67 00 69 00 6E 00 00 00 00 00 00 00 00 00 00"
|