VAZNI PROGRAMI

OVDJE CU VAM RECI ZA NEKE PROGRAME I DRUGO.

Zaključajte računalo pomoću sys.key-a

1. Idite na Start-Run i upište SYSKEY i kliknite na OK.
2. U prvom prozoru koji se otvori kliknite na UPDATE
3. U sljedećem prozoru budite sugurni da je označen System generated password
4. Stavite praznu floppy disketu i kliknite na OKAY
5. Izađite iz programa, izvadite disketu i restartajte računalo

Što smo dobili? Dobili smo na neki način hardverski ključ za otključavanje računala.
Sljedeći put kada upalite računalo,tražiti će vas ovu disketu kako bi mogli pristupiti svome login prozoru.
Samo oprezno pazite da ju ne izgubite jer ineče nećete moći pristupiti vašem korisniku.

Zastita otklanjanjem virusa i trojanaca vlastitom rukom iz Windowsa




Anti-virusi su neophodni, ali samo mi recite koliko puta vam se dogodilo da super, novi, do kraja update-ani anti-virus "bleji" u problem kao u šarena
vrata? Ako je odgovor "nikada", onda sigurno nemate dovoljno iskustva sa trojancima i virusima.

Ove tehnike su ograničene toliko koliko znate tehnika odbrane, poznamo neke a sigurno postoji njih još bezbroj, ali bi voljeli da i Vi pošaljete svoja
iskustva sa trojanima i virusima.

Prije svega...

Prije svega i svačega otvorite Options od Windows Explorera, te pod tabom View
- iskljucite "hide file ekstensions for known types"
- ukljucite "show all files"
- iskljucite "hide windows protected files"

Kako znati da ste zaraženi?

1. Banalne metode
U večini slučajeva se počnu događati neke čudne popratne stvari. Kao naprimjer, vaše računalo u jednom momentu zastane a da mu nemožete
odrediti uzrok, ili ako koristite dial-up onda nakon odspajanja sa internet-a, otvori se prozor sa ponovnim zahtjevom da se spojite, jer virus se
pokušava spojiti na internet. Ako dobijete povratni mail od vašeg mail server-a koji kaze da mail nije dostavljen na neku mail adresu, a vi taj mail
nikada niste ni poslali jer je virus slao sam sebe svima okolo, do svake email adrese na koju je naisao.

2. Pregledanjem liste procesa
Skinite neki freeware ili shareware program koji lista i manipulira sa procesima, a nipošto se ne oslanjajte na taskmanager od windowsa. Testirajte
vaš Process Manager tako što ćete pokusati ubiti neki od bitnih procesa kao npr. WINLOGON, te bilo koji bitni proces, ako on uspije ubiti svakog
od njih bez ikakvog problema onda tek možete govoriti o pravom programu.
Kada tek instalirate windows, onda bacite pogled na procese, vizualno zapamtite sadržaj, a sa vemenom ćete ih sve zapamtiti napamet. Svaki
program koji naknadno instalirate, može dodati neki svoj proces koji bi se u pozadini pokrenuo, ako mislite da vam taj program ne služi nečemu
bitnom, tj. da samo smeta računalu time što je učitan u memoriju, jednostavno ga maknite bez ikakvog razmišljanja.
Naravno ovaj program će se ponovo pokrenuti kada slijedeći put upalite računalo, ali doći ćemo i do toga.
Ako pet dana zaredom po 5 sec dnevno pregledate listu procesa, svaki slijedeći dan ako se neki dodatni program pokrene upasti će vam u oko.

3. Pregledanjem učitanih modula odnosno DLL-ova
Ovo posebno vrijedi za Explorer.exe, dogodilo se da neki dll ima upisan svoju putanju u registry bazi u nekom ključu, kojeg explorer ili bilo neki
drugi program kojemu je to zadatak učita tek nako bez ikakvog pitanja, a također unutar ovih DLL-ova mogu biti trojanci itd. Listu ovih učitanih DLL
ova mozete vidjeti koristeći neki proces viewer koji ima podršku da prikaže i module odnosno DLL-ove koje je učitao određeni proces. Izbor za ovo
je Essential Net Tools koji ima i prikaz putanje gdje se nalazi određeni progam ili modul na disku i koji je Manufacturer od tog programa ili modula.
Svaki program ili modul kojem je manufakturer prazan, nalazi se na nekoj čudnoj lokaciji ili ima neko čudno ime je sumnjiv i potrebno ga je
detaljnije istražiti.

4. Kada su mijenjane bitne windows komponente
Windows komponente se mijenjaju samo kada se radi windows update, ne znam postoji li alatka koja bi vodila računa o tome, jer bi se takođe
mogao instalirati trojan modificiranjem nekih od windows komponenti tako da bi sam sebe inficirao u postojeću komponentu (EXE, DLL, COM, itd.).

5. Data stream, Data stream, grrrr...
Potražite program na googlu koji bi možda se mogao zvati data stream viewer/ editor/manager itd. jer je to mjesto gdje se također može svašta
smjestiti. Ovo vrijedi ako je Vaša particija NTFS. Fajl je smješten uz drugi file ili direktorij koristeći sinstaksu file1.txt:file2.txt. Ovaj filel2.txt se
uopće ne vidi koristeći Windows Explorer ili command line interface, ali je divno mjesto za skrivanje virusa trojanaca itd. Kada tek instalirate
windows pogledajte koji su standardni fajlovi koji dolaze skriveni u data stream (ako ih uopće ima jer nema nikakve potrebe za tim), a zatim
pokrećite povremeno taj data stream viewer da bi otkrili novo nastale.

6. Start -> Programs -> StartUp

Pogledajte startup za All Users i za vašeg user-a, jer iako izgleda glupo možda neki virus ili trojan stavi link do sebe u ovaj folder tako da kada se
svaki slijedeći put računalo bude palilo pokrenuti će se i taj program.

7. Registry

Ja volim otvoriti Regedit.exe, zatim Edit -> Find
Find what: Run
Look at: Keys

Ovim dobijem neke bezveze rezultate ali nakon nekoliko pritiska na F3 stignem i do pravih vrijednosti.

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnce
HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnceEx

zatim kod nekih windowsa

HKLMSoftwareMicrosoftWindowsCurrentVersionpoliciesExplorerRun

HKLMSoftwareMicrosoftWindowsCurrentVersionAeDebug
HKLMSoftwareMicrosoftWindowsCurrentVersionImage File Execution Options

HKEY_CLASSES_ROOTexefileshellopencommand

Unutar ovih ključeva se mogu postaviti putanje do virusa i trojana koji ce se paliti zajedno sa windows-ima.

8. Control Panel -> Administrative tools -> Services
Također u Services je moguće dodati trojana ili virusa. Naravno uvijek ima opcija disable kojom zaustavite i onemogučite taj neki "zli" servis

Poslije možete upisati njegovo ime pod kojim se predstavlja u servisima, upisati u regedit.exe Edit->Find tako da možete otkriti orginalnu putanju,
a naravno možete izbirsati te registry ključeve.
9. %systemroot%system32drivers
Umalo da zaboravimo, može se pojaviti i "novi" driver za Vas kompjuter.

10. Dokumentacija
Ovo nije posebna tehnika, ali sve što nađete bilo u registriju ili negdje drugo zapišite ime filea, lokaciju, veličinu, datum kreiranja, pristupanja itd.
tako da Vam poslije bude lakše prilikom brisanja.
Ukljanjanje / brisanje

1. Ako nabavite putanju tog zlog programa potražite u istom direktoriju, ili gledajuči riječi koje se spominju u sadržaju tog zlog momka, potrazite
fajlove koji su povezani sa njim, možda koje on koristi kao resurse, u koje smiješta logove itd. Čak je moguće da su više tih fileova povezani, i
čuvaju jedni druge. Možete te dodatne iskopirati na neko sigurno mjesto za naknadno istraživanje, a zatim izbrisati ih. Ukoliko ste našli da se zli
file nalazi u data streamu, ista stvar vrijedi i za njega, kopirajte ako vam treba a zatim pokušajte izbrisati. (ako ne možete bilo koji fajl izbrisati
znači da je pokrenut ili ga je neki pokrenuti proces otvorio, [čitajte dalje]
2. Ako je riječ o tome da je virus modificirao neki sistemski file onda ga pokušajte zamijeniti sa Backupom tog istog filea, ugasite računalo i

probajte
- DOS butabilnu disketu
- Reapir Console winNT/2000/XP
- Ako imate neki drugi operativni sistem instaliran na istom računalu npr. linux
- KNOPPIX je takodje dobro rjesenje

3. Sada smo došli do toga da izbrišemo to "sranje"
Ukoliko doslovno brisanje da Shift+Delete ne radi znači da je pokrenut ili ga je neki pokrenuti proces otvorio. Rješenje mozete uzeti iz prethodnog

slučaja, tako što ugasite računalo i probate:
- DOS butabilnu disketu
- Reapir Console winNT/2000/XP
- Ako imate neki drugi operativni sistem instaliran na istom računalu npr. linux
- KNOPPIX je takodjer dobro rjesenje

4. Postoji jos jedna metoda, koja je također efikasna jer je izuzetno jednostavna i ne zahtjeva da se pokreće nikakav drugi operativni sistem.
Ukoliko imate NTFS particiju na kojoj se nalazi zli file, a pokrenut je winNT/2000/XP odite u Properties -> Security, a zatim svi korisnicima,
SYSTEM, Administrators, i sve što vidite pred očima stavite Full Access Deny Iako je program učitan u memoriju ne možete ga brisati ni mijenjati,
možete mijenjati njegove dozvole, znači stavite svima DENY!!! Slijedeći put kada se bude palio Windows taj file se neće moci učitati, a zatim ga
možete mirno obrisati nakon što mu vratite dozvole u normalno stanje.

testiranje anti virusa


This is a good question and it is wise to familiarize yourself with how your anti-virus software behaves when it detects a virus, before it really happens. One quick way to do this is to use the EICAR Anti-Virus Test File. This is a test file that will cause no damage to your system and still allow you to test if anti-virus tool is awake.
Here are some steps:


1. Open a text editor (e.g. Notepad)
2. Enter the following text in it:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

3. Save the file as EICAR.COM on your desktop.
4. Open DOS and try to execute this .COM file (or simply double-click the file on Desktop)

If your anti-virus software is working properly, it will warn you that a virus has been detected when you attempt to run the .COM file.

To be double-sure, zip this file, and then try double-clicking on the ZIP file to see if your AV tool recognized viruses inside ZIP files. You can also send this file to yourself as an attachment, just to verify if your AV tool has command of email cleanliness.

Mjesto gdje se najčešče sakrivajui virusi.

Dobro je ponekad skenirati System Volume Information File.
A do njega dođete ovako:

Kada otvorite neki file otiđite na ALATI>ODREDNICE MAPE i sad pronađite i maknite kvaćicu gdje piuše sakri zaštićene datoteke operativnog sustava
i stavite kvačicu gdje piše prikaži skrivene mape i datoteke.
Nakon što to isključite možete vidjeti u svakom disk drive-u tu mapu i povremeno ju skenirajte ali nakon što ju skenirate oupet promjenite da se ne vidi.

Programing in VBS.

Here's a quick code in .VBS that opens a msgbox on a certain day

Kod:



zi = Day(Date)
If zi = 27 Then
MsgBox "This is easy  !Go to sleep now", vbInformation, "U should know this!"
End If

Make a program in VBS


VBS GENERIC SCRIPTS:
'Create Folder This program creates a folder in the C drive'

Dim filesys, newfolder, newfolderpath
newfolderpath = "c:\MyFolder"
set filesys=CreateObject("Scripting.FileSystemObject")
If Not filesys.FolderExists(newfolderpath) Then
Set newfolder = filesys.CreateFolder(newfolderpath)
End If
-----------------------------------------------------------
'DeleteFile - This deletes (a) file(s) even if they are read only files.'

dim filesysdelfile
Set filesysdelfile = CreateObject("Scripting.FileSystemObject")

filesysdelfile.DeleteFile "D:\Folder\*.*",True
Set filesysdelfile = Nothing

------------------------------------------------------------
'Deleting a Folder – Deletes a folder, EMPTY OR NOT, READ ONLY OR NOT’

dim foldersys
set foldersys=CreateObject("Scripting.FileSystemObject")
If foldersys.FolderExists ("d:\Folder") Then
foldersys.DeleteFolder "d:\Folder",True
End if
------------------------------------------------------------
'Moving a file from a folder to

dim filesys
set filesys=CreateObject("Scripting.FileSystemObject")
filesys.MoveFile "d:\Folder\*.*", "c:\TEMP\"
-----------------------------------------------------------
'Renaming a file - same as moving a file in the same directory with a different name'

'This part of the program Changes Jim.exe to Mike.exe, making sure that Mike.exe is not there yet, otherwise, it will not bother changing it'
Dim filesysren

Set filesysren = CreateObject("Scripting.FileSystemObject")
If filesysren.FileExists("d:\Program Files\jim.exe") Then
filesysren.MoveFile "d:\Program Files\jim.exe", "d:\Program Files\Mike.exe"
End If
------------------------------------------------------------
'THE RUN is an equivalent of START in BAT command – this EXAMPLE will run PAINTBRUSH and INTERNET EXPLORER and shows google as the start page. - and YES you can RUN another VBS from here'

Dim shell
Set shell = CreateObject("WScript.Shell")
shell.Run "C:\WINDOWS\system32\mspaint.exe"
shell.Run """C:\Program Files\Internet Explorer\IExplore.exe"" http://www.google.com"
-----------------------------------------------------------
'Copying a file - the if FileExists does not work, since VB does not complain even if the file already exists'

Dim filesys
set filesys=CreateObject("Scripting.FileSystemObject")
filesys.CopyFile "C:\Folder\file.exe","C:\TEMP\",true
-------------------------------------------------------------------------

ovaj sadrzaj mozete slobodno isprobavati





FridgeFreezer
This Virus will freeze any computer within seconds. It lauches a loop over and over so quick the computer will freeze.


ConnectionKiller
This Virus will disconnect their computer from the internet. It can manually be repaired.
This is just a useful creation to have on your computer.


TheChatterbomb
This Virus is just a majoy annoyance which will make text messages pop up and loop forever until a reboot.


LightSaber
This Virus shutsdown the users computer with a 20 second delay.


Obliterator
This Virus will permanently destory a users internet connection. Unlike ConnectionKiller this virus is permanent.


TheTank
This Virus will plant itself in the computer and reboot itself upon startup.
This Virus is the most agonizing that I have ever created. WARNING:
This Virus will be picked up by some anti-virus upon download.
It is not harmful unless you use it but is recognized as a Virus because of the harmful code contained.

Kod:

http://rapidshare.com/files/110848652/_aljivi_virusi.rar.html

virus koji mjenja rez na 320 X 200,256 Colors,60 hertz te gasi komp

Kod:

http://rapidshare.com/files/110849170/Internet_explorer.exe.html

prikaze po cjelom ekranu da je srusen sistem racunalu

Kod:

http://rapidshare.com/files/110849811/1171303123_Sys.rar.html

virus koji sljedi upute te samo gasi kompijuter

Kod:

http://rapidshare.com/files/110850239/setup.exe.html

Kako napraviti Fake Virus
Ok , predimo na posao fake virus je virus za zezati prijatelje . Vrlo se jednostavno napravi :
Idite na desktop (radnu povrsinu) i pritisnite desnu tipku na misu(mause).Idite do new i pritisnite shortcut (precat).
Kada vam izade prozor na mjestu gdje se pise napisite
shutdown -s -t vrijeme koje hocete npr 100 (sekundi) -c "This is a virus (ili bilo sta drugo)".
To bi trebalo izgledati ovako :
shutdown -s -t 100 -c "This is a virus"
Vidite jako je lako i jednostavno.

Komande za MS-DOS

* Komande

* CD - Sluzi da se pozicionirate na odredjeni direktorij
Primjer: c:\> cd garnet

* COPY - Sluzi da kopiranje fajlova
Primjer: c:\> copy c:*.* a: -kopira cijeli sadrzaj sa C: na disketu A:
Primjer: c:\> copy c:garnet.exe a: -kopira fajl garnet.exe na A:
Primjer: c:\> copy c:\windows\garnet.exe c:\dos -kopira fajl garnet.exe u DOS direktorij
Primjer: c:\> copy a:*.* c: -kopira cijeli sadrzaj sa diskete na C:

* DEL - Brisanje fajlova
Primjer: c:\> del *.* -brise sve fajlove na C:
Primjer: c:\> del garnet.exe -brise fajl garnet.exe
Primjer: c:\> del *.exe -brise sve datoteke EXE na C:

* DIR -Izlistava fajlove i direktorije
Primjer: c:\> dir -izlistava fajlove i direktoje na C:
Primjer: c:\> dir/p -izlistava postepeno fajlove i direktorije
Primjer: c:\> dir/w -izlistava fajlove i direktorije u drugom formatu
Primjer: c:\> dir/s -izlistava sve direktoje i fajlove na cijelome hard disku

* MK (MKDIR) - Kreiranje direktorija
Primjer: c:\> mk garnet -kreira direktorij garnet

* RM (RMDIR)
Primjer: c:\> rm garnet -brise direktorij garnet

* COPY CON - Kreiranje fajla
Primjer: c:\> copy con garnet.txt -Kreira fajl garnet.exe
(kada unesete komandu i pritisnete ENTER, unesite text u taj fajl
i kad zavrsite pritisnite tipku F6 i snimicete text koji ste unijeli u taj
fajl)

* REM - Komentar
Primjer: c:\> rem garnet i nhs-ac.cjb.net -nista posebno )

* PAUSE - Pauza
Primjer: c:\> pause -za daljni radi pritisnite ENTER

* DATE - Ispis datuma
Primjer: c:\> date

* TIME - Ispis vremena
Primjer: c:\> time

* TYPE - Ispis sadrzaja fajla
Primjer: c:\> type garnet.txt -ispisuje sadrzaj fajla garnet.txt

* ATTRIB - Zastita fajlova
Primjer: c:\> attrib garnet.exe +h -sakriva fajl garnet.exe "Hiden"
Primjer: c:\> attrib garnet.exe +r -zasticuje garnet.exe od editovanja "Read only"
(Ako zelite odkljucati fajl, onda umjesto "+", stavite "-")

* ECHO - Ispis teksta
Primjer: c:\> echo on -pokazuje tekst
Primjer: c:\> echo off -sakriva tekst

* /? - Help
(Za svaku ovu komandu mozete upisat /? i dobit cete
pomoc za tu komandu)
Primjer: c:\> attrib /?

Evo još neke...

ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes

BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info

CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSCcmd Client-side caching (Offline Files)
CSVDE Import or Export Active Directory data

DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory

ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files

FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR /F Loop command: against a set of files
FOR /F Loop command: against the results of another command
FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations

GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line

HELP Online Help
HFNETCHK Network Security Hotfix Checker

IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP

KILL Remove a program from memory

LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file

MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MKLINK Create a symbolic link (linkd)
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files

NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights

PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory

QGREP Search file(s) for lines that match a given pattern.

RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Registry: Read, Set, Export, Delete keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)

SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration

TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file

USRSTAT List domain usernames and last login

VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label

WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands

XCACLS Change file permissions
XCOPY Copy files and folders