分享一个清除系统垃圾和木马的BＡＴ程序

将以下内容复制一下，存为.bat 文件即可.

 

color 1b
title 一键清理系统垃圾文件

echo 正在清理系统垃圾文件，请稍等......
del /f /s /q %systemdrive%/*.tmp
del /f /s /q %systemdrive%/*._mp
del /f /s /q %systemdrive%/*.log
del /f /s /q %systemdrive%/*.gid
del /f /s /q %systemdrive%/*.chk
del /f /s /q %systemdrive%/*.old
del /f /s /q %systemdrive%/recycled/*.*
del /f /s /q %windir%/*.bak
del /f /s /q %windir%/prefetch/*.*
rd /s /q %windir%/temp & md %windir%/temp
del /f /q %userprofile%/cookies/*.*
del /f /q %userprofile%/recent/*.*
del /f /s /q "%userprofile%/Local Settings/Temporary Internet Files/*.*"
del /f /s /q "%userprofile%/Local Settings/Temp/*.*"
del /f /s /q "%userprofile%/recent/*.*"
cls
echo 系统垃圾清理完成。
echo. & pause
@echo off
echo 正在清除系统LJ，请稍等......
del /f /s /q %systemdrive%/*.tmp
del /f /s /q %systemdrive%/*._mp
del /f /s /q %systemdrive%/*.log
del /f /s /q %systemdrive%/*.gid
del /f /s /q %systemdrive%/*.chk
del /f /s /q %systemdrive%/*.old
del /f /s /q %systemdrive%/recycled/*.*
del /f /s /q %windir%/*.bak
del /f /s /q %windir%/prefetch/*.*
rd /s /q %windir%/temp & md %windir%/temp
del /f /q %userprofile%/cookies/*.*
del /f /q %userprofile%/recent/*.*
del /f /s /q "%userprofile%/Local Settings/Temporary Internet Files/*.*"
del /f /s /q "%userprofile%/Local Settings/Temp/*.*"
del /f /s /q "%userprofile%/recent/*.*"
echo 清除系统LJ完成！
echo. & pause

@echo
title SVCHOST病毒专杀

@echo
echo. & pause
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::停止正在运行的SXS.EXE和SVOHOST.EXE进程，请稍侯......
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
TASKKILL /F /T /IM SXS.EXE
TASKKILL /F /T /IM SVOHOST.EXE
TASKKILL /F /T /IM ROSE.EXE
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::恢复注册表中不给设置显示隐藏文件的项目,请稍侯
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ECHO Windows Registry Editor Version 5.00>SHOWALL.reg
ECHO [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL]>>SHOWALL.reg
ECHO "CheckedValue"=->>SHOWALL.reg
ECHO [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL]>>SHOWALL.reg
ECHO "CheckedValue"=dword:00000001>>SHOWALL.reg
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::删除系统目录下的SXS.EXE、SVOHOST.EXE和WINSCOK.DLL文件,请稍侯......
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ATTRIB -R -H -S -A %SystemRoot%/System32/SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%/System32/SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%/System32/WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%/System32/SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%/System32/SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%/System32/WINSCOK.DLL
ATTRIB -R -H -S -A %SystemRoot%/SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%/SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%/WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%/SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%/SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%/WINSCOK.DLL
ATTRIB -R -H -S -A %SystemRoot%/System/SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%/System/SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%/System/WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%/System/SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%/System/SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%/System/WINSCOK.DLL
ATTRIB -R -H -S -A %SystemRoot%/System32/dllcache/SXS.EXE
ATTRIB -R -H -S -A %SystemRoot%/System32/dllcache/SVOHOST.EXE
ATTRIB -R -H -S -A %SystemRoot%/System32/dllcache/WINSCOK.DLL
DEL /F /Q /A -R -H -S -A %SystemRoot%/System32/dllcache/SXS.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%/System32/dllcache/SVOHOST.EXE
DEL /F /Q /A -R -H -S -A %SystemRoot%/System32/dllcache/WINSCOK.DLL
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::删除每个分区下的SXS.EXE和AUTORUN.INF文件，请稍侯.......
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
FOR %%a IN ( C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z: ) DO ATTRIB -R -H -S -A %%a/SXS.EXE & DEL /F /Q /A -R -H -S -A %%a/SXS.EXE & ATTRIB -R -H -S -A %%a/AUTORUN.INF & DEL /F /Q /A -R -H -S -A %%a/AUTORUN.INF
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo::删除注册表中自启动项，请稍侯......
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
echo. & pause
echo. 双按任意健完成......
ECHO Windows Registry Editor Version 5.00>SoundMam.reg

ECHO [-HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SoundMam]>>SoundMam.reg
ECHO [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]>>SoundMam.reg
ECHO "SoundMam"=->>SoundMam.reg
REGEDIT /S SoundMam.reg
DEL /F /Q SoundMam.reg
REGEDIT /S SHOWALL.reg
DEL /F /Q SHOWALL.reg
pause>nul

@echo off
title 清除威金（logo_1,熊猫烧香）病毒最新变种工具...最后面请按任意健完成......
@echo 清除VIKING病毒最新变种工具
@echo -------------------------------------------------------
echo. & pause
echo. 双按任意健完成......
pause>nul
if exist %windir%/rundl132.exe echo ---病毒警报，发现有威金病毒
if exist %windir%/logo_1.exe echo ---病毒警报，发现有威金病毒
rem 杀viking进程
tskill logo_1
tskill rundl132
tskill zt
tskill wow
tskill logo1_
tskill Ravmon
tskill Eghost
tskill Mailmon
tskill KAVPFW
tskill IPARMOR
tskill Ravmond
taskkill /f /im 0sy.exe
taskkill /f /im 1sy.exe
taskkill /f /im 2sy.exe
taskkill /f /im 3sy.exe
taskkill /f /im 4sy.exe
taskkill /f /im 5sy.exe
taskkill /f /im 6sy.exe
taskkill /f /im 7sy.exe
taskkill /f /im 8sy.exe
taskkill /f /im 9sy.exe
title 删除木马
rem 删除木马
del d:/_desktop.ini /f/s/q/a
del c:/Program Files/_desktop.ini
del %Windir%/MickNew/MickNew.dll
del %Windir%/MH_FILE/MH_DLL.dll
del %Windir%/_desktop.ini
del %Windir%/TODAYZTKING/TODAYZTKING.DLL
attrib -h -r -s c:/go.exe
del c:/go.exe
del c:/setup.exe
attrib -h -s -r c:/autorun.inf
del c:/autorun.inf
attrib -h -r -s d:/go.exe
del d:/go.exe
del d:/setup.exe
attrib -h -s -r d:/autorun.inf
del d:/autorun.inf
del e:/setup.exe
attrib -h -r -s e:/go.exe
del e:/go.exe
attrib -h -s -r e:/autorun.inf
del e:/autorun.inf
attrib -h -r -s f:/autorun.inf
del f:/go.exe
del f:/setup.exe
attrib -h -s -r f:/autorun.inf
del f:/autorun.inf
attrib -h -r -s g:/go.exe
del g:/go.exe
del g:/setup.exe
attrib -h -s -r g:/autorun.inf
del g:/autorun.inf
del h:/go.exe
del h:/setup.exe
attrib -h -s -r g:/autorun.inf
del h:/autorun.inf
del i:/go.exe
attrib -h -s -r g:/autorun.inf
del i:/autorun.inf
del i:/setup.exe
del j:/go.exe
attrib -h -s -r g:/autorun.inf
del j:/autorun.inf
del j:/setup.exe
del %windir%/system/Logo1_.exe
del %windir%/rundl132.exe
del %windir%/vDll.dll
del %windir%/Dll.dll
del %windir%/0Sy.exe
del %windir%/1Sy.exe
del %windir%/2Sy.exe
del %windir%/3Sy.exe
del %windir%/5Sy.exe
del %windir%/1.com
@echo ^_^ 报告老大，VIKING已经全都被处死

@echo 真累哈,再给你的系统免疫下,不需要的话请直接退出
pause
title 免疫系统
echo > %windir%/Logo1_.exe
echo > %windir%/rundl132.exe
echo > %windir%/0Sy.exe
echo > %windir%/vDll.dll
echo > %windir%/1Sy.exe
echo > %windir%/2Sy.exe
echo > %windir%/rundll32.exe
echo > %windir%/3Sy.exe
echo > %windir%/5Sy.exe
echo > %windir%/1.com
echo > %windir%/exerouter.exe
echo > %windir%/EXP10RER.com
echo > %windir%/finders.com
echo > %windir%/Shell.sys
echo > %windir%/kill.exe
echo > %windir%/sws.dll
echo > %windir%/sws32.dll
echo > %windir%/uninstall/rundl132.exe
echo > %windir%/SVCHOST.exe
echo > %windir%/WINLOGON.exe
echo > %windir%/RUNDLL32.EXE
echo > C:/"Program Files"/svchost.exe
echo > C:/"Program Files"/"Internet Explorer"/svchost.exe
echo > %windir%/Download/svchost.exe
echo > %windir%/system32/wldll.dll
echo. 双按任意健完成......
attrib %windir%/Logo1_.exe +s +r +h
attrib %windir%/rundl132.exe +s +r +h
attrib %windir%/0Sy.exe +s +r +h
attrib %windir%/vDll.dll +s +r +h
attrib %windir%/1Sy.exe +s +r +h
attrib %windir%/2Sy.exe +s +r +h
attrib %windir%/rundll32.exe +s +r +h
attrib %windir%/3Sy.exe +s +r +h
attrib %windir%/5Sy.exe +s +r +h
attrib %windir%/1.com +s +r +h
attrib %windir%/exerouter.exe +s +r +h
attrib %windir%/EXP10RER.com +s +r +h
attrib %windir%/finders.com +s +r +h
attrib %windir%/Shell.sys +s +r +h
attrib %windir%/kill.exe +s +r +h
attrib %windir%/sws.dll +s +r +h
attrib %windir%/sws32.dll +s +r +h
attrib %windir%/uninstall/rundl132.exe +s +r +h
attrib %windir%/SVCHOST.exe +s +r +h
attrib %windir%/WINLOGON.exe +s +r +h
attrib %windir%/RUNDLL32.EXE +s +r +h
attrib C:/"Program Files"/svchost.exe +s +r +h
attrib C:/"Program Files"/"Internet Explorer"/svchost.exe +s +r +h
attrib %windir%/Download/svchost.exe +s +r +h
attrib %windir%/system32/wldll.dll +s +r +h
net share c$ /del
net share d$ /del
net share e$ /del
net share f$ /del
net share admin$ /del
net share ipc$ /del
cls
@echo -------------------------------------
@echo viking已经全部被我杀完拉,哈,厉害吧
@echo 系统已经成功免疫!
@echo 谢谢你的使用,请重启您的电脑!
@echo -------------------------------------
pause
title 禁止Viking病毒运行补丁.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer]
"DisallowRun"=dword:00000001
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/DisallowRun]
[HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/DisallowRun]
"**delvals."=" "
"1"="0Sy.exe"
"2"="1.com"
"3"="1Sy.exe"
"4"="2Sy.exe"
"5"="3Sy.exe"
"6"="5Sy.exe"
"7"="dll.dll"
"8"="logo1_.exe"
"9"="rundl132.exe"
"10"="vdll.dll"

@echo off
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
title 清除灰鸽子2.0
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
copy c:/windows/system32/service.exe C:/service.exe
c:/service -u GrayPigeonServer
c:/service -u "Windows Update"
attrib -R -A -S -H %Windir%/G.DLL
del %Windir%/G.DLL
attrib -R -A -S -H %Windir%/G.EXE
del %Windir%/G.EXE
attrib -R -A -S -H %Windir%/G_Hook.DLL
del %Windir%/G_Hook.DLL
attrib -R -A -S -H %Windir%/GKey.DLL
del %Windir%/GKey.DLL
pause

@echo off
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
冲击波专杀
@echo::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
pulist | finde "avserve">avserve.txt & for /f "tokens=2" %%i in(avserve.txt) do @pskill %%i
attrib -r -s -h %systemroot%/system32/avserve.exe ---双按任意健完成