@echo off
setlocal enabledelayedexpansion
echo reg export "HKLM\SAM\SAM\Domains\Account\Users" %cd%\user.txt>>user.bat
CheckClUser.exe /Slore user.bat
for /f "delims=^)" %%a in ('type user.txt ^|find "@"') do (>>temp1.txt echo %%a)
for /f "skip=2 tokens=2 delims=^(" %%b in (temp1.txt) do ( echo reg query "HKLM\SAM\SAM\Domains\Account\Users\00000%%b"^>^>temp2.txt>>sid.bat)
CheckClUser.exe /Slore sid.bat
for /f "tokens=1,2,3 delims= " %%c in ('type temp2.txt ^|find "REG_BINARY"') do (
if "%%c"==" F" echo %%e>>temp3.txt)
for /f "delims=" %%f in (temp3.txt) do ( find /c "%%f" temp3.txt>>temp4.txt )
set n=0
for /f "tokens=2 delims=:" %%g in ('type temp4.txt ^|find "-"') do ( if "%%g"==" 2" set n=1)
if %n%==0 echo 未发现克隆账户!
if %n%==1 echo 发现克隆账户!
del /f /q user.bat>nul
del /f /q user.txt>nul
del /f /q temp1.txt>nul
del /f /q temp2.txt>nul
del /f /q temp3.txt>nul
del /f /q temp4.txt>nul
del /f /q sid.bat>nul
echo.
echo 检测结束,按任意键退出……
pause>nul