Creation d’une clef USB avec les outils Nirsoft et SysInternals (Part I)
Nirsoft et Microsoft avec les outils SysInternals proposent des outils très puissant permettant de récupérer des informations sur les ordinateurs ou vous les utilisez.
Nous allons donc dans cette première partie récupérer les outils, les organiser et créer un batch permettant d’executer les outils Nirsoft (tout d’abord) pour récupérer un maximum d’informtions sur un PC.
Le but étant d’obtenir à la fin une clef USB capable de récupérer les informations sur un PC ou plusieurs PC d’un domaine, bouquet d’IPs, sans même bouger du PC d’ou on lance le batch, mais aussi de faire les sauvegardes de données, configurations, et nettoyage?
1ere partie, récupérer les outils:
Pour cela nous allons utiliser WSCC qui permet de télécharger les outils Nirsoft et SysInternals, mais aussi de vérifier régulièrement leurs mises à jour.
Bien évidement vous pouvez faire les manipulations depuis un répertoire de votre disque dur pour ensuite recopier le tout sur une clef USB.
[note color= »#FFCC00″]Attention, les outils Nirsoft alarment certains antivirus mais ils sont sans risque si ce n’est leur utilisation…[/note]Téléchargeons la version portable de WSCC
Vous l’installez en sélectionnant le répertoire racine de votre clef USB.
Vous lancez l’application ainsi obtenue wsccportable.exe
Puis cliquez sur Install et/ou Update
Mettez à jour ou téléchargez toutes les applications.
L’interface de WSCC vous permettra d’utiliser indépendant chaque appllication ainsi que de savoir à quoi elles servent.
Vous devriez obtenir une arborescence semblable à celle-ci:
Créez un répertoire « dump », il stockera les données qui nous récupèrerons des PCS.
2eme Partie, le Batch pour Nirsoft:
Pour le moment, nous allons juste créer un batch tout simple, sans optimisation mais déjà assez puissant pour épater vos amis…
Recopiez les fichiers nircmd.exe et nircmdc.exe dans la racine de votre clef. (il sont dans le réprtoire Nirsoft Utilities.
nircdm apporte des commandes supplémentaires comme la possibilité d’utiliser les variables d’environnement de Windows
Créons un fichier bat.bat à l’aide du notepad, notepad++, Powerbatch ou autre…
[sourcecode language= »plain »] echo offcls
REM ——————————————————–
REM Batch pour les outils en ligne de commande de Nirsoft
REM ——————————————————–
if not "%os%"=="Windows_NT" goto NextStep
REM — Section spécifique à Windows NT —
color 0F
:NextStep
REM —- Entrez votre code ici —-
nircmd.exe win hide class "IEFrame"
nircmd.exe win max ititle "Remo"
nircmd.exe execmd mkdir "dump~$sys.computername$~$sys.username$"
rem nircmd.exe execmd .AppWSCCNirsof~1accesspv.exe /shtml "dump~$sys.computername$~$sys.username$accesspv.html"
nircmd.exe execmd .AppWSCCNirsof~1acm.exe /shtml "dump~$sys.computername$~$sys.username$acm.html"
rem nircmd.exe execmd .AppWSCCNirsof~1AddrView.exe /shtml "dump~$sys.computername$~$sys.username$AddrView.html"
nircmd.exe execmd .AppWSCCNirsof~1AlternateStreamView.exe /shtml "dump~$sys.computername$~$sys.username$AlternateStreamView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1AltStreamDump.exe /shtml "dump~$sys.computername$~$sys.username$AltStreamDump.html"
rem nircmd.exe execmd .AppWSCCNirsof~1anup.exe /shtml "dump~$sys.computername$~$sys.username$anup.html"
nircmd.exe execmd .AppWSCCNirsof~1AppCrashView.exe /shtml "dump~$sys.computername$~$sys.username$AppCrashView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1asterie.exe /shtml "dump~$sys.computername$~$sys.username$asterie.html"
rem nircmd.exe execmd .AppWSCCNirsof~1astlog.exe /shtml "dump~$sys.computername$~$sys.username$astlog.html"
rem nircmd.exe execmd .AppWSCCNirsof~1atnow.exe /shtml "dump~$sys.computername$~$sys.username$atnow.html"
nircmd.exe execmd .AppWSCCNirsof~1awatch.exe /shtml "dump~$sys.computername$~$sys.username$awatch.html"
nircmd.exe execmd .AppWSCCNirsof~1axhelper.exe /shtml "dump~$sys.computername$~$sys.username$axhelper.html"
nircmd.exe execmd .AppWSCCNirsof~1BatteryInfoView.exe /shtml "dump~$sys.computername$~$sys.username$BatteryInfoView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1BlueScreenView.exe /shtml "dump~$sys.computername$~$sys.username$BlueScreenView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1BluetoothCL.exe /shtml "dump~$sys.computername$~$sys.username$BluetoothCL.html"
nircmd.exe execmd .AppWSCCNirsof~1BluetoothView.exe /shtml "dump~$sys.computername$~$sys.username$BluetoothView.html"
nircmd.exe execmd .AppWSCCNirsof~1BulkFileChanger.exe /shtml "dump~$sys.computername$~$sys.username$BulkFileChanger.html"
nircmd.exe execmd .AppWSCCNirsof~1BulletsPassView.exe /shtml "dump~$sys.computername$~$sys.username$BulletsPassView.html"
nircmd.exe execmd .AppWSCCNirsof~1ChromeCacheView.exe /shtml "dump~$sys.computername$~$sys.username$ChromeCacheView.html"
nircmd.exe execmd .AppWSCCNirsof~1ChromeCookiesView.exe /shtml "dump~$sys.computername$~$sys.username$ChromeCookiesView.html"
nircmd.exe execmd .AppWSCCNirsof~1ChromeHistoryView.exe /shtml "dump~$sys.computername$~$sys.username$ChromeHistoryView.html"
nircmd.exe execmd .AppWSCCNirsof~1ChromePass.exe /shtml "dump~$sys.computername$~$sys.username$ChromePass.html"
rem nircmd.exe execmd .AppWSCCNirsof~1CleanAfterMe.exe /shtml "dump~$sys.computername$~$sys.username$CleanAfterMe.html"
nircmd.exe execmd .AppWSCCNirsof~1Clipboardic.exe /shtml "dump~$sys.computername$~$sys.username$Clipboardic.html"
nircmd.exe execmd .AppWSCCNirsof~1cports.exe /shtml "dump~$sys.computername$~$sys.username$cports.html"
nircmd.exe execmd .AppWSCCNirsof~1CProcess.exe /shtml "dump~$sys.computername$~$sys.username$CProcess.html"
nircmd.exe execmd .AppWSCCNirsof~1CSVFileView.exe /shtml "dump~$sys.computername$~$sys.username$CSVFileView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1ctie.exe /shtml "dump~$sys.computername$~$sys.username$ctie.html"
rem nircmd.exe execmd .AppWSCCNirsof~1CustomExplorerToolbar.exe /shtml "dump~$sys.computername$~$sys.username$CustomExplorerToolbar.html"
nircmd.exe execmd .AppWSCCNirsof~1DeviceIOView.exe /shtml "dump~$sys.computername$~$sys.username$DeviceIOView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1DevManView.exe /shtml "dump~$sys.computername$~$sys.username$DevManView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1Dialupass.exe /shtml "dump~$sys.computername$~$sys.username$Dialupass.html"
rem nircmd.exe execmd .AppWSCCNirsof~1DiskCountersView.exe /shtml "dump~$sys.computername$~$sys.username$DiskCountersView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1DiskSmartView.exe /shtml "dump~$sys.computername$~$sys.username$DiskSmartView.html"
nircmd.exe execmd .AppWSCCNirsof~1dllexp.exe /shtml "dump~$sys.computername$~$sys.username$dllexp.html"
nircmd.exe execmd .AppWSCCNirsof~1DNSDataView.exe /shtml "dump~$sys.computername$~$sys.username$DNSDataView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1DomainHostingView.exe /shtml "dump~$sys.computername$~$sys.username$DomainHostingView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1DotNetResourcesExtract.exe /shtml "dump~$sys.computername$~$sys.username$DotNetResourcesExtract.html"
nircmd.exe execmd .AppWSCCNirsof~1DownTester.exe /shtml "dump~$sys.computername$~$sys.username$DownTester.html"
nircmd.exe execmd .AppWSCCNirsof~1DriveLetterView.exe /shtml "dump~$sys.computername$~$sys.username$DriveLetterView.html"
nircmd.exe execmd .AppWSCCNirsof~1DriverView.exe /shtml "dump~$sys.computername$~$sys.username$DriverView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1DumpEDID.exe /shtml "dump~$sys.computername$~$sys.username$DumpEDID.html"
rem nircmd.exe execmd .AppWSCCNirsof~1empv.exe /shtml "dump~$sys.computername$~$sys.username$empv.html"
rem nircmd.exe execmd .AppWSCCNirsof~1exeinfo.exe /shtml "dump~$sys.computername$~$sys.username$exeinfo.html"
rem nircmd.exe execmd .AppWSCCNirsof~1explorestart.exe /shtml "dump~$sys.computername$~$sys.username$explorestart.html"
rem nircmd.exe execmd .AppWSCCNirsof~1FastResolver.exe /shtml "dump~$sys.computername$~$sys.username$FastResolver.html"
nircmd.exe execmd .AppWSCCNirsof~1faview.exe /shtml "dump~$sys.computername$~$sys.username$faview.html"
rem nircmd.exe execmd .AppWSCCNirsof~1FileDate.exe /shtml "dump~$sys.computername$~$sys.username$FileDate.html"
rem nircmd.exe execmd .AppWSCCNirsof~1FileTypesMan.exe /shtml "dump~$sys.computername$~$sys.username$FileTypesMan.html"
nircmd.exe execmd .AppWSCCNirsof~1FirefoxDownloadsView.exe /shtml "dump~$sys.computername$~$sys.username$FirefoxDownloadsView.html"
nircmd.exe execmd .AppWSCCNirsof~1FlashCookiesView.exe /shtml "dump~$sys.computername$~$sys.username$FlashCookiesView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1folrep.exe /shtml "dump~$sys.computername$~$sys.username$folrep.html"
nircmd.exe execmd .AppWSCCNirsof~1gacview.exe /shtml "dump~$sys.computername$~$sys.username$gacview.html"
rem nircmd.exe execmd .AppWSCCNirsof~1GDIView.exe /shtml "dump~$sys.computername$~$sys.username$GDIView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1grank.exe /shtml "dump~$sys.computername$~$sys.username$grank.html"
rem nircmd.exe execmd .AppWSCCNirsof~1grankcmd.exe /shtml "dump~$sys.computername$~$sys.username$grankcmd.html"
rem *inutile* nircmd.exe execmd .AppWSCCNirsof~1HashMyFiles.exe /shtml "dump~$sys.computername$~$sys.username$HashMyFiles.html"
rem nircmd.exe execmd .AppWSCCNirsof~1HeapMemView.exe /shtml "dump~$sys.computername$~$sys.username$HeapMemView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1HtmlAsText.exe /shtml "dump~$sys.computername$~$sys.username$HtmlAsText.html"
rem nircmd.exe execmd .AppWSCCNirsof~1HtmlDocEdit.exe /shtml "dump~$sys.computername$~$sys.username$HtmlDocEdit.html"
rem *A voir* nircmd.exe execmd .AppWSCCNirsof~1HTTPNetworkSniffer.exe /shtml "dump~$sys.computername$~$sys.username$HTTPNetworkSniffer.html"
rem nircmd.exe execmd .AppWSCCNirsof~1iconsext.exe /shtml "dump~$sys.computername$~$sys.username$iconsext.html"
rem nircmd.exe execmd .AppWSCCNirsof~1idenswitch.exe /shtml "dump~$sys.computername$~$sys.username$idenswitch.html"
nircmd.exe execmd .AppWSCCNirsof~1IECacheView.exe /shtml "dump~$sys.computername$~$sys.username$IECacheView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1IECompo.exe /shtml "dump~$sys.computername$~$sys.username$IECompo.html"
rem nircmd.exe execmd .AppWSCCNirsof~1iecv.exe /shtml "dump~$sys.computername$~$sys.username$iecv.html"
nircmd.exe execmd .AppWSCCNirsof~1iehv.exe /shtml "dump~$sys.computername$~$sys.username$iehv.html"
nircmd.exe execmd .AppWSCCNirsof~1iepv.exe /shtml "dump~$sys.computername$~$sys.username$iepv.html"
nircmd.exe execmd .AppWSCCNirsof~1InjectedDLL.exe /shtml "dump~$sys.computername$~$sys.username$InjectedDLL.html"
nircmd.exe execmd .AppWSCCNirsof~1InsideClipboard.exe /shtml "dump~$sys.computername$~$sys.username$InsideClipboard.html"
rem nircmd.exe execmd .AppWSCCNirsof~1InstalledCodec.exe /shtml "dump~$sys.computername$~$sys.username$InstalledCodec.html"
nircmd.exe execmd .AppWSCCNirsof~1IPInfoOffline.exe /shtml "dump~$sys.computername$~$sys.username$IPInfoOffline.html"
rem nircmd.exe execmd .AppWSCCNirsof~1ipnetinfo.exe /shtml "dump~$sys.computername$~$sys.username$ipnetinfo.html"
nircmd.exe execmd .AppWSCCNirsof~1jrview.exe /shtml "dump~$sys.computername$~$sys.username$jrview.html"
rem nircmd.exe execmd .AppWSCCNirsof~1jsae.exe /shtml "dump~$sys.computername$~$sys.username$jsae.html"
nircmd.exe execmd .AppWSCCNirsof~1LiveContactsView.exe /shtml "dump~$sys.computername$~$sys.username$LiveContactsView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1LSASecretsDump.exe /shtml "dump~$sys.computername$~$sys.username$LSASecretsDump.html"
rem nircmd.exe execmd .AppWSCCNirsof~1LSASecretsView.exe /shtml "dump~$sys.computername$~$sys.username$LSASecretsView.html"
nircmd.exe execmd .AppWSCCNirsof~1MACAddressView.exe /shtml "dump~$sys.computername$~$sys.username$MACAddressView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1mailpv.exe /shtml "dump~$sys.computername$~$sys.username$mailpv.html"
nircmd.exe execmd .AppWSCCNirsof~1MIMEView.exe /shtml "dump~$sys.computername$~$sys.username$MIMEView.html"
nircmd.exe execmd .AppWSCCNirsof~1MonitorInfoView.exe /shtml "dump~$sys.computername$~$sys.username$MonitorInfoView.html"
nircmd.exe execmd .AppWSCCNirsof~1MozillaCacheView.exe /shtml "dump~$sys.computername$~$sys.username$MozillaCacheView.html"
nircmd.exe execmd .AppWSCCNirsof~1MozillaHistoryView.exe /shtml "dump~$sys.computername$~$sys.username$MozillaHistoryView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1mpk.exe /shtml "dump~$sys.computername$~$sys.username$mpk.html"
nircmd.exe execmd .AppWSCCNirsof~1mspass.exe /shtml "dump~$sys.computername$~$sys.username$mspass.html"
nircmd.exe execmd .AppWSCCNirsof~1MUICacheView.exe /shtml "dump~$sys.computername$~$sys.username$MUICacheView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1mweather.exe /shtml "dump~$sys.computername$~$sys.username$mweather.html"
rem nircmd.exe execmd .AppWSCCNirsof~1MyEventViewer.exe /shtml "dump~$sys.computername$~$sys.username$MyEventViewer.html"
nircmd.exe execmd .AppWSCCNirsof~1MyLastSearch.exe /shtml "dump~$sys.computername$~$sys.username$MyLastSearch.html"
rem nircmd.exe execmd .AppWSCCNirsof~1myuninst.exe /shtml "dump~$sys.computername$~$sys.username$myuninst.html"
nircmd.exe execmd .AppWSCCNirsof~1mzcv.exe /shtml "dump~$sys.computername$~$sys.username$mzcv.html"
rem nircmd.exe execmd .AppWSCCNirsof~1netpass.exe /shtml "dump~$sys.computername$~$sys.username$netpass.html"
nircmd.exe execmd .AppWSCCNirsof~1NetResView.exe /shtml "dump~$sys.computername$~$sys.username$NetResView.html"
nircmd.exe execmd .AppWSCCNirsof~1NetRouteView.exe /shtml "dump~$sys.computername$~$sys.username$NetRouteView.html"
nircmd.exe execmd .AppWSCCNirsof~1NetworkTrafficView.exe /shtml "dump~$sys.computername$~$sys.username$NetworkTrafficView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1nircmd.exe /shtml "dump~$sys.computername$~$sys.username$nircmd.html"
rem nircmd.exe execmd .AppWSCCNirsof~1nircmdc.exe /shtml "dump~$sys.computername$~$sys.username$nircmdc.html"
nircmd.exe execmd .AppWSCCNirsof~1NK2Edit.exe /shtml "dump~$sys.computername$~$sys.username$NK2Edit.html"
nircmd.exe execmd .AppWSCCNirsof~1nk2view.exe /shtml "dump~$sys.computername$~$sys.username$nk2view.html"
rem nircmd.exe execmd .AppWSCCNirsof~1NTFSLinksView.exe /shtml "dump~$sys.computername$~$sys.username$NTFSLinksView.html"
nircmd.exe execmd .AppWSCCNirsof~1OfficeIns.exe /shtml "dump~$sys.computername$~$sys.username$OfficeIns.html"
rem nircmd.exe execmd .AppWSCCNirsof~1OpenedFilesView.exe /shtml "dump~$sys.computername$~$sys.username$OpenedFilesView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1OpenWithView.exe /shtml "dump~$sys.computername$~$sys.username$OpenWithView.html"
nircmd.exe execmd .AppWSCCNirsof~1OperaCacheView.exe /shtml "dump~$sys.computername$~$sys.username$OperaCacheView.html"
nircmd.exe execmd .AppWSCCNirsof~1OperaPassView.exe /shtml "dump~$sys.computername$~$sys.username$OperaPassView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1OutlookAttachView.exe /shtml "dump~$sys.computername$~$sys.username$OutlookAttachView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1OutlookStatView.exe /shtml "dump~$sys.computername$~$sys.username$OutlookStatView.html"
nircmd.exe execmd .AppWSCCNirsof~1PasswordFox.exe /shtml "dump~$sys.computername$~$sys.username$PasswordFox.html"
rem nircmd.exe execmd .AppWSCCNirsof~1PasswordScan.exe /shtml "dump~$sys.computername$~$sys.username$PasswordScan.html"
rem nircmd.exe execmd .AppWSCCNirsof~1pcanyscan.exe /shtml "dump~$sys.computername$~$sys.username$pcanyscan.html"
nircmd.exe execmd .AppWSCCNirsof~1PingInfoView.exe /shtml "dump~$sys.computername$~$sys.username$PingInfoView.html"
nircmd.exe execmd .AppWSCCNirsof~1ProcessActivityView.exe /shtml "dump~$sys.computername$~$sys.username$ProcessActivityView.html"
nircmd.exe execmd .AppWSCCNirsof~1ProcessThreadsView.exe /shtml "dump~$sys.computername$~$sys.username$ProcessThreadsView.html"
nircmd.exe execmd .AppWSCCNirsof~1ProduKey.exe /shtml "dump~$sys.computername$~$sys.username$ProduKey.html"
nircmd.exe execmd .AppWSCCNirsof~1pspv.exe /shtml "dump~$sys.computername$~$sys.username$pspv.html"
nircmd.exe execmd .AppWSCCNirsof~1PstPassword.exe /shtml "dump~$sys.computername$~$sys.username$PstPassword.html"
nircmd.exe execmd .AppWSCCNirsof~1rdpv.exe /shtml "dump~$sys.computername$~$sys.username$rdpv.html"
nircmd.exe execmd .AppWSCCNirsof~1RecentFilesView.exe /shtml "dump~$sys.computername$~$sys.username$RecentFilesView.html"
nircmd.exe execmd .AppWSCCNirsof~1RegDllView.exe /shtml "dump~$sys.computername$~$sys.username$RegDllView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1RegFileExport.exe /shtml "dump~$sys.computername$~$sys.username$RegFileExport.html"
rem nircmd.exe execmd .AppWSCCNirsof~1RegFromApp.exe /shtml "dump~$sys.computername$~$sys.username$RegFromApp.html"
rem nircmd.exe execmd .AppWSCCNirsof~1RegScanner.exe /shtml "dump~$sys.computername$~$sys.username$RegScanner.html"
rem nircmd.exe execmd .AppWSCCNirsof~1regsvr32.exe /shtml "dump~$sys.computername$~$sys.username$regsvr32.html"
rem nircmd.exe execmd .AppWSCCNirsof~1RemotePocketAsterisk.exe /shtml "dump~$sys.computername$~$sys.username$RemotePocketAsterisk.html"
rem nircmd.exe execmd .AppWSCCNirsof~1ResourcesExtract.exe /shtml "dump~$sys.computername$~$sys.username$ResourcesExtract.html"
nircmd.exe execmd .AppWSCCNirsof~1RouterPassView.exe /shtml "dump~$sys.computername$~$sys.username$RouterPassView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1RunAsDate.exe /shtml "dump~$sys.computername$~$sys.username$RunAsDate.html"
rem nircmd.exe execmd .AppWSCCNirsof~1RunFromProcess-x64.exe /shtml "dump~$sys.computername$~$sys.username$RunFromProcess-x64.html"
rem nircmd.exe execmd .AppWSCCNirsof~1RunFromProcess.exe /shtml "dump~$sys.computername$~$sys.username$RunFromProcess.html"
nircmd.exe execmd .AppWSCCNirsof~1SafariCacheView.exe /shtml "dump~$sys.computername$~$sys.username$SafariCacheView.html"
nircmd.exe execmd .AppWSCCNirsof~1SafariHistoryView.exe /shtml "dump~$sys.computername$~$sys.username$SafariHistoryView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1SearchFilterView.exe /shtml "dump~$sys.computername$~$sys.username$SearchFilterView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1SearchMyFiles.exe /shtml "dump~$sys.computername$~$sys.username$SearchMyFiles.html"
rem nircmd.exe execmd .AppWSCCNirsof~1SeqDownload.exe /shtml "dump~$sys.computername$~$sys.username$SeqDownload.html"
rem nircmd.exe execmd .AppWSCCNirsof~1serviwin.exe /shtml "dump~$sys.computername$~$sys.username$serviwin.html"
nircmd.exe execmd .AppWSCCNirsof~1ShellBagsView.exe /shtml "dump~$sys.computername$~$sys.username$ShellBagsView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1ShellMenuNew.exe /shtml "dump~$sys.computername$~$sys.username$ShellMenuNew.html"
rem nircmd.exe execmd .AppWSCCNirsof~1shexview.exe /shtml "dump~$sys.computername$~$sys.username$shexview.html"
nircmd.exe execmd .AppWSCCNirsof~1shman.exe /shtml "dump~$sys.computername$~$sys.username$shman.html"
rem nircmd.exe execmd .AppWSCCNirsof~1shmnview.exe /shtml "dump~$sys.computername$~$sys.username$shmnview.html"
rem nircmd.exe execmd .AppWSCCNirsof~1SiteShoter.exe /shtml "dump~$sys.computername$~$sys.username$SiteShoter.html"
nircmd.exe execmd .AppWSCCNirsof~1SkypeLogView.exe /shtml "dump~$sys.computername$~$sys.username$SkypeLogView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1smsniff.exe /shtml "dump~$sys.computername$~$sys.username$smsniff.html"
rem nircmd.exe execmd .AppWSCCNirsof~1SniffPass.exe /shtml "dump~$sys.computername$~$sys.username$SniffPass.html"
rem nircmd.exe execmd .AppWSCCNirsof~1snremove.exe /shtml "dump~$sys.computername$~$sys.username$snremove.html"
rem *A voir* nircmd.exe execmd .AppWSCCNirsof~1SocketSniff.exe /shtml "dump~$sys.computername$~$sys.username$SocketSniff.html"
nircmd.exe execmd .AppWSCCNirsof~1SpecialFoldersView.exe /shtml "dump~$sys.computername$~$sys.username$SpecialFoldersView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1StartBlueScreen.exe /shtml "dump~$sys.computername$~$sys.username$StartBlueScreen.html"
nircmd.exe execmd .AppWSCCNirsof~1strun.exe /shtml "dump~$sys.computername$~$sys.username$strun.html"
rem nircmd.exe execmd .AppWSCCNirsof~1sysexp.exe /shtml "dump~$sys.computername$~$sys.username$sysexp.html"
rem nircmd.exe execmd .AppWSCCNirsof~1TableTextCompare.exe /shtml "dump~$sys.computername$~$sys.username$TableTextCompare.html"
rem nircmd.exe execmd .AppWSCCNirsof~1TagsRep.exe /shtml "dump~$sys.computername$~$sys.username$TagsRep.html"
rem nircmd.exe execmd .AppWSCCNirsof~1tflash.exe /shtml "dump~$sys.computername$~$sys.username$tflash.html"
rem nircmd.exe execmd .AppWSCCNirsof~1URLProtocolView.exe /shtml "dump~$sys.computername$~$sys.username$URLProtocolView.html"
nircmd.exe execmd .AppWSCCNirsof~1URLStringGrabber.exe /shtml "dump~$sys.computername$~$sys.username$URLStringGrabber.html"
nircmd.exe execmd .AppWSCCNirsof~1USBDeview.exe /shtml "dump~$sys.computername$~$sys.username$USBDeview.html"
nircmd.exe execmd .AppWSCCNirsof~1USBLogView.exe /shtml "dump~$sys.computername$~$sys.username$USBLogView.html"
nircmd.exe execmd .AppWSCCNirsof~1UserAssistView.exe /shtml "dump~$sys.computername$~$sys.username$UserAssistView.html"
nircmd.exe execmd .AppWSCCNirsof~1UserProfilesView.exe /shtml "dump~$sys.computername$~$sys.username$UserProfilesView.html"
nircmd.exe execmd .AppWSCCNirsof~1VideoCacheView.exe /shtml "dump~$sys.computername$~$sys.username$VideoCacheView.html"
nircmd.exe execmd .AppWSCCNirsof~1VNCPassView.exe /shtml "dump~$sys.computername$~$sys.username$VNCPassView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1volumouse.exe /shtml "dump~$sys.computername$~$sys.username$volumouse.html"
nircmd.exe execmd .AppWSCCNirsof~1WakeMeOnLan.exe /shtml "dump~$sys.computername$~$sys.username$WakeMeOnLan.html"
nircmd.exe execmd .AppWSCCNirsof~1WebBrowserPassView.exe /shtml "dump~$sys.computername$~$sys.username$WebBrowserPassView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1WebCamImageSave.exe /shtml "dump~$sys.computername$~$sys.username$WebCamImageSave.html"
rem nircmd.exe execmd .AppWSCCNirsof~1WebCookiesSniffer.exe /shtml "dump~$sys.computername$~$sys.username$WebCookiesSniffer.html"
nircmd.exe execmd .AppWSCCNirsof~1WebSiteSniffer.exe /shtml "dump~$sys.computername$~$sys.username$WebSiteSniffer.html"
rem nircmd.exe execmd .AppWSCCNirsof~1WebVideoCap.exe /shtml "dump~$sys.computername$~$sys.username$WebVideoCap.html"
rem nircmd.exe execmd .AppWSCCNirsof~1WhatInStartup.exe /shtml "dump~$sys.computername$~$sys.username$WhatInStartup.html"
nircmd.exe execmd .AppWSCCNirsof~1WhatIsHang.exe /shtml "dump~$sys.computername$~$sys.username$WhatIsHang.html"
rem nircmd.exe execmd .AppWSCCNirsof~1WhoisCL.exe /shtml "dump~$sys.computername$~$sys.username$WhoisCL.html"
rem nircmd.exe execmd .AppWSCCNirsof~1whoistd.exe /shtml "dump~$sys.computername$~$sys.username$whoistd.html"
rem nircmd.exe execmd .AppWSCCNirsof~1whosip.exe /shtml "dump~$sys.computername$~$sys.username$whosip.html"
rem nircmd.exe execmd .AppWSCCNirsof~1WinCrashReport.exe /shtml "dump~$sys.computername$~$sys.username$WinCrashReport.html"
rem nircmd.exe execmd .AppWSCCNirsof~1winexp.exe /shtml "dump~$sys.computername$~$sys.username$winexp.html"
nircmd.exe execmd .AppWSCCNirsof~1WinFontsView.exe /shtml "dump~$sys.computername$~$sys.username$WinFontsView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1winlister.exe /shtml "dump~$sys.computername$~$sys.username$winlister.html"
nircmd.exe execmd .AppWSCCNirsof~1WinPrefetchView.exe /shtml "dump~$sys.computername$~$sys.username$WinPrefetchView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1WirelessKeyDump.exe /shtml "dump~$sys.computername$~$sys.username$WirelessKeyDump.html"
nircmd.exe execmd .AppWSCCNirsof~1WirelessKeyView.exe /shtml "dump~$sys.computername$~$sys.username$WirelessKeyView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1WirelessNetConsole.exe /shtml "dump~$sys.computername$~$sys.username$WirelessNetConsole.html"
nircmd.exe execmd .AppWSCCNirsof~1WirelessNetView.exe /shtml "dump~$sys.computername$~$sys.username$WirelessNetView.html"
rem nircmd.exe execmd .AppWSCCNirsof~1wmc.exe /shtml "dump~$sys.computername$~$sys.username$wmc.html"
rem nircmd.exe execmd .AppWSCCNirsof~1WNetWatcher.exe /shtml "dump~$sys.computername$~$sys.username$WNetWatcher.html"
nircmd.exe execmd .AppWSCCNirsof~1wul.exe /shtml "dump~$sys.computername$~$sys.username$wul.html"
rem nircmd.exe execmd .AppWSCCNirsof~1zipinst.exe /shtml "dump~$sys.computername$~$sys.username$zipinst.html"
rem
nircmd.exe win close ititle "Remo"
Détails
[sourcecode language= »plain »]nircmd.exe execmd mkdir "dump~$sys.computername$~$sys.username$"[/sourcecode]Tout d’abord le batch créé un répertoire dans « dump » portant le nom de la machine et un répertoire avec le nom de l’utilisateur.
[sourcecode language= »plain »]nircmd.exe execmd .AppWSCCNirsof~1acm.exe /shtml "dump~$sys.computername$~$sys.username$acm.html"[/sourcecode]Chacune des applications Nirsoft qui peuvent être utilisées en ligne de commande (les autres sont avec un rem en début de ligne) sont exécutées (en chemin court Nirsof~1) avec un fichier résultat en html stocké dans le répertoire précédemment créé.
Ainsi, acm va créer un fichier résultat acm.htlm.
Exécuter le batch et attendez.
Si tout se déroule correctement, allez dans le répertoire dump, vous y trouverez un répertoire contenant le nom de votre machine, et un répertoire avec votre nom de session.
Dans votre répertoire de session, vous trouverez nombres de fichier html correspondant à chacun des utilitaires lancés.
Je vous laisse la joie dans découvrir le contenu.
La prochaine fois nous combinerons ce batch aux utilitaires de Sysinternals afin de lancer ce batch sur tout les pcs d’un réseau…
Nous ferons ainsi une belle moisson de données…
le répertoire se crée sur la clé USB, mais aucun fichier…
Je suis sur XP SP3 avec Avast
Systeme d’exploitation 64bits?
Si oui, il faut utiliser le nircmd spécifique 64bits…
Et en désactivant l’antivirus? (vérifier aussi que l’antivirus n’a pas effacer les executables nirsoft dans AppWSCCNirsof~1 …à mon avis… c’est plutot là le soucis…)
Sur la page, il y avait un problème d’affichage dans le 1er script de part le
[arobase]echo off
car le [arobase] est interprété par un plugin Twitter sur le blog.
J’ai retiré le [arobase] et tout le script est en ordre.
Je suis en XP 32 bits
les progs Nirsoft sont bien là et fonctionnent d’ailleurs sans souci ds l’interface WsCc, mais avec le batch toujours aucun fichier html créé.
Puis-je vous demander par ailleurs l’intérêt des commandes concernant Internet Explorer ?
ahh, je viens de trouver, je croyais avoir suivi votre procédure à la lettre, mais peut être pas, souci de l’ordre ? le dossier Nirsoft est chez moi en .WSCCPortableAppWSCCNirSoft Utilities, le chemin n’était donc pas bon et tout fonctionne une fois le batch modifié en conséquence
Merci et bonne soirée
PS: la suite promise est sortie ou à venir ?.
La suite est à venir… elle intégrera des nouvelles fonctions de nouveaux programmes Nirsoft, et des fonctions pour lancer les utilitaires sur des postes distant dans un reseau ou un domaine afin de récupérer les données depuis son PC sans se déplacer… 😀