post by uhackme
form myanmar hacking forum
က်ေနာ္ကေတာ.uhackme လို.အမည္ေျပာင္ေလးေပးထားပါတယ္ဗ်ာ....က်ေနာ္ကေတာ.
ေလ့လာေနဆဲလူတေယာက္ေပါ.ဗ်ားbasic အဆင္.ေလာက္ပါပဲ..........အခုက်ေနာ္သယ္ရင္းေတြ
ြကြန္ျပဴတာမွာrecycler virus ကိုက္တာမခံရေအာင္လို.ကုဒ္ေလးshare ေပးလိုက္ပါတယ္ဗ်ား...........
.(file name.bat)နဲ.save ျပီးအသံုးျပဳနိုင္ပါတယ္။...............
@echo Modified by uh4ckm3
path %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;
path %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;
Color 1F
tskill bar311
tskill blastcln
tskill mveo
tskill password_viewer
tskill photos
tskill sscviihost
tskill services
tskill silentsoftech
tskill smss
tskill wscript
tskill blastcln
tskill mveo
tskill password_viewer
tskill photos
tskill sscviihost
tskill services
tskill silentsoftech
tskill smss
tskill wscript
taskkill /f /im awkeygen.exe
taskkill /f /im boot.exe
taskkill /f /im calc.exe
taskkill /f /im ccprxy.exe
taskkill /f /im ctfmon.exe
taskkill /f /im exp1orer.exe
taskkill /f /im exiplorer.exe
taskkill /f /im "Funny UST Scandal.avi.exe"
taskkill /f /im iexp1ore.exe
taskkill /f /im iexplore.exe
taskkill /f /im iloveher.exe
taskkill /f /im jay.exe
taskkill /f /im killer.exe
taskkill /f /im knight.exe
taskkill /f /im krag.exe
taskkill /f /im ld.exe
taskkill /f /im netsvcs.exe
taskkill /f /im "new document.exe"
taskkill /f /im "new folder.exe"
taskkill /f /im pet32.exe
taskkill /f /im ravmone.exe
taskkill /f /im scvhosts.exe
taskkill /f /im scvshosts.exe
taskkill /f /im scvvhsot.exe
taskkill /f /im SecretStub.exe
taskkill /f /im spoclsv.exe
taskkill /f /im sscvihost.exe
taskkill /f /im svchosl.exe
taskkill /f /im svhost.exe
taskkill /f /im svhost32.exe
taskkill /f /im svohost.exe
taskkill /f /im svshost.exe
taskkill /f /im vhost.exe
taskkill /f /im wmiprvse.exe
taskkill /f /im boot.exe
taskkill /f /im calc.exe
taskkill /f /im ccprxy.exe
taskkill /f /im ctfmon.exe
taskkill /f /im exp1orer.exe
taskkill /f /im exiplorer.exe
taskkill /f /im "Funny UST Scandal.avi.exe"
taskkill /f /im iexp1ore.exe
taskkill /f /im iexplore.exe
taskkill /f /im iloveher.exe
taskkill /f /im jay.exe
taskkill /f /im killer.exe
taskkill /f /im knight.exe
taskkill /f /im krag.exe
taskkill /f /im ld.exe
taskkill /f /im netsvcs.exe
taskkill /f /im "new document.exe"
taskkill /f /im "new folder.exe"
taskkill /f /im pet32.exe
taskkill /f /im ravmone.exe
taskkill /f /im scvhosts.exe
taskkill /f /im scvshosts.exe
taskkill /f /im scvvhsot.exe
taskkill /f /im SecretStub.exe
taskkill /f /im spoclsv.exe
taskkill /f /im sscvihost.exe
taskkill /f /im svchosl.exe
taskkill /f /im svhost.exe
taskkill /f /im svhost32.exe
taskkill /f /im svohost.exe
taskkill /f /im svshost.exe
taskkill /f /im vhost.exe
taskkill /f /im wmiprvse.exe
Color 4F
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f > nul
REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f > nul
REG delete "HKCU\Software\BARRY" /f >nul
REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0 /f > nul
REG delete "HKCU\Software\BARRY" /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t reg_sz /d "%SystemRoot%\system32\userinit.exe," /f >nul
REG delete "HKCU\Software\Microsoft\Command Processor" /v "autorun" /f >nul
REG delete "HKLM\Software\Microsoft\Command Processor" /v "autorun" /f >nul
REG delete "HKCU\Software\Microsoft\Command Processor" /v "autorun" /f >nul
REG delete "HKLM\Software\Microsoft\Command Processor" /v "autorun" /f >nul
echo.
rd /q /s c:\docume~1\admini~1\mydocu~1\ratedr~1
cd %userprofile%
del /f /a wintask.exe
cd..
cd alluse~1\startm~1\programs\startup
del /f /a lsass.exe
cd %userprofile%\startm~1\programs\startup
del /f /a ctfmon.exe
del startu~1.com
cd %userprofile%\applic~1\micros~1\intern~1\quickl~1
del intern~1.lnk
cd %userprofile%\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6116~1
cd\docume~1\anggra~1\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6156~1
cd\docume~1\locals~1\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6191~1
rd /q /s dv6333~1
cd\docume~1\admini~1.use\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6211~1
cd %userprofile%\locals~1\temp
del winlogon.exe
cd\progra~1\common~1\micros~1\msinfo
cd %userprofile%
del /f /a wintask.exe
cd..
cd alluse~1\startm~1\programs\startup
del /f /a lsass.exe
cd %userprofile%\startm~1\programs\startup
del /f /a ctfmon.exe
del startu~1.com
cd %userprofile%\applic~1\micros~1\intern~1\quickl~1
del intern~1.lnk
cd %userprofile%\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6116~1
cd\docume~1\anggra~1\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6156~1
cd\docume~1\locals~1\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6191~1
rd /q /s dv6333~1
cd\docume~1\admini~1.use\locals~1\applic~1
del jalak-~1.com
rd /q /s dv6211~1
cd %userprofile%\locals~1\temp
del winlogon.exe
cd\progra~1\common~1\micros~1\msinfo
del /f /a c:\docume~1\admini~1\wintask.exe
del /f /a c:\docume~1\admini~1\templa~1\ld.exe
del /f /a c:\docume~1\admini~1\templa~1\ldup.exe
del /f /a c:\docume~1\admini~1\mydocu~1\myfold~1.com
del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1
del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1.com
del /f /a c:\docume~1\alluse~1\startm~1\programs\startup\dllhost.com
del /f /a c:\docume~1\admini~1\templa~1\ld.exe
del /f /a c:\docume~1\admini~1\templa~1\ldup.exe
del /f /a c:\docume~1\admini~1\mydocu~1\myfold~1.com
del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1
del /f /a c:\docume~1\admini~1\mydocu~1\ratedr~1.com
del /f /a c:\docume~1\alluse~1\startm~1\programs\startup\dllhost.com
del /f /a exp1orer.exe
del /f /a noteped.exe
del /f /a redelbat.bat
del /f /a noteped.exe
del /f /a redelbat.bat
del /f /a c:\aikelyu.html
del /f /a c:\iloveher.exe
del /f /a c:\SilentSoftecth.exe
del /f /a c:\iloveher.exe
del /f /a c:\SilentSoftecth.exe
del /f /a c:\FLEXLM\awkeygen.exe
del /f /a %windir%\_defau~1.pif
del /f /a %windir%\autorun.*
del /f /a %windir%\bar311.exe
del /f /a %windir%\FS6519.dll.vbs
del /f /a %windir%\funnyu~1.exe
del /f /a %windir%\iloveher.exe
del /f /a %windir%\infrom.dat
del /f /a %windir%\j6154022.exe
del /f /a %windir%\killer.exe
del /f /a %windir%\knight.exe
del /f /a %windir%\krag.exe
del /f /a %windir%\ld.exe
del /f /a %windir%\ldjs.txt
del /f /a %windir%\ldlist.txt
del /f /a %windir%\ldup.exe
del /f /a %windir%\lsass.exe
del /f /a %windir%\lsasse~1.exe
del /f /a %windir%\maskrider2001.vbs
del /f /a %windir%\mdm.exe
del /f /a %windir%\ms32dll.dll.vbs
del /f /a %windir%\ms.config`.exe
del /f /a %windir%\ntkros.dll
del /f /a %windir%\ntsys.exe
del /f /a %windir%\o4154027.exe
del /f /a %windir%\passwo~1.exe
del /f /a %windir%\pc-off.bat
del /f /a %windir%\photos~1.exe
del /f /a %windir%\ravmone.exe
del /f /a %windir%\scvvhsot.exe
del /f /a %windir%\services.exe
del /f /a %windir%\SecretStub.exe
del /f /a %windir%\smss.exe
del /f /a %windir%\sscviihost.exe
del /f /a %windir%\svchost.exe
del /f /a %windir%\svchost.ini
del /f /a %windir%\sy.exe
del /f /a %windir%\ttms*.dll.vbs
del /f /a %windir%\winlogon.exe
del /f /a %windir%\svhost.exe
del /f /a %windir%\svhost32.exe
del /f /a %windir%\system\111.exe
del /f /a %windir%\system\desktrukto.vbs
del /f /a %windir%\system\lsass.exe
del /f /a %windir%\system\svchosl.exe
del /f /a %windir%\system\svchost.exe
del /f /a %windir%\system\svchost32.exe
del /f /a %windir%\system\ymworm.exe
del /f /a %windir%\system\desktrukto.vbs
del /f /a %windir%\system\lsass.exe
del /f /a %windir%\system\svchosl.exe
del /f /a %windir%\system\svchost.exe
del /f /a %windir%\system\svchost32.exe
del /f /a %windir%\system\ymworm.exe
del /f /a %windir%\system32\__.*
del /f /a %windir%\system32\_exp1orer.exe
del /f /a %windir%\system32\_noteped.exe
del /f /a %windir%\system32\alecks.*
del /f /a %windir%\system32\autorun*.*
del /f /a %windir%\system32\amvo.exe
del /f /a %windir%\system32\amvo0.dll
del /f /a %windir%\system32\amvo1.dll
del /f /a %windir%\system32\avpo*.*
del /f /a %windir%\system32\azkaban.*
del /f /a %windir%\system32\blastclnnn.exe
del /f /a %windir%\system32\ccprxy.exe
del /f /a %windir%\system32\crss.exe
del /f /a %windir%\system32\destrukto.*
del /f /a %windir%\system32\dismgnt.exe
del /f /a %windir%\system32\dllhost.com
del /f /a %windir%\system32\dnscon70.dll
del /f /a %windir%\system32\exiplorer.exe
del /f /a %windir%\system32\explorer.vbs
del /f /a %windir%\system32\explorer.exe
del /f /a %windir%\system32\homepage.html
del /f /a %windir%\system32\imgkulot.*
del /f /a %windir%\system32\isass.exe
del /f /a %windir%\system32\kavo.exe
del /f /a %windir%\system32\kavo0.dll
del /f /a %windir%\system32\kavo1.dll
del /f /a %windir%\system32\kernel~1.vbs
del /f /a %windir%\system32\kernell.dll.vbs
del /f /a %windir%\system32\kulitut.*
del /f /a %windir%\system32\mgrShell.exe
del /f /a %windir%\system32\mma.bat
del /f /a %windir%\system32\mma.reg
del /f /a %windir%\system32\mma.vbs
del /f /a %windir%\system32\mstcpcon20.dll
del /f /a %windir%\system32\mveo.exe
del /f /a %windir%\system32\netmanage.dll
del /f /a %windir%\system32\netsvcs.exe
del /f /a %windir%\system32\netused.dll
del /f /a %windir%\system32\ntkros.dll
del /f /a %windir%\system32\ntsys.exe
del /f /a %windir%\system32\ofcpfwsvcs.exe
del /f /a %windir%\system32\S2pidwaraynon.html
del /f /a %windir%\system32\scvhost.exe
del /f /a %windir%\system32\scvhosts.exe
del /f /a %windir%\system32\scvshosts.exe
del /f /a %windir%\system32\scvvhsot.exe
del /f /a %windir%\system32\setting.ini
del /f /a %windir%\system32\silent~1.exe
del /f /a %windir%\system32\sscvihost.exe
del /f /a %windir%\system32\sscviihost.exe
del /f /a %windir%\system32\ssvichosst.exe
del /f /a %windir%\system32\svshost.exe
del /f /a %windir%\system32\svohost.exe
del /f /a %windir%\system32\test.*
del /f /a %windir%\system32\vhost.exe
del /f /a %windir%\system32\wincab.sys
del /f /a %windir%\system32\winkrnl.exe
del /f /a %windir%\system32\winscok.dll
del /f /a %windir%\system32\wmiprvse.exe
del /f /a %windir%\system32\wvcst.*
del /f /a %windir%\system32\x264~1.exe
del /f /a %windir%\system32\zllictbl.dat
del /f /a %windir%\system32\_exp1orer.exe
del /f /a %windir%\system32\_noteped.exe
del /f /a %windir%\system32\alecks.*
del /f /a %windir%\system32\autorun*.*
del /f /a %windir%\system32\amvo.exe
del /f /a %windir%\system32\amvo0.dll
del /f /a %windir%\system32\amvo1.dll
del /f /a %windir%\system32\avpo*.*
del /f /a %windir%\system32\azkaban.*
del /f /a %windir%\system32\blastclnnn.exe
del /f /a %windir%\system32\ccprxy.exe
del /f /a %windir%\system32\crss.exe
del /f /a %windir%\system32\destrukto.*
del /f /a %windir%\system32\dismgnt.exe
del /f /a %windir%\system32\dllhost.com
del /f /a %windir%\system32\dnscon70.dll
del /f /a %windir%\system32\exiplorer.exe
del /f /a %windir%\system32\explorer.vbs
del /f /a %windir%\system32\explorer.exe
del /f /a %windir%\system32\homepage.html
del /f /a %windir%\system32\imgkulot.*
del /f /a %windir%\system32\isass.exe
del /f /a %windir%\system32\kavo.exe
del /f /a %windir%\system32\kavo0.dll
del /f /a %windir%\system32\kavo1.dll
del /f /a %windir%\system32\kernel~1.vbs
del /f /a %windir%\system32\kernell.dll.vbs
del /f /a %windir%\system32\kulitut.*
del /f /a %windir%\system32\mgrShell.exe
del /f /a %windir%\system32\mma.bat
del /f /a %windir%\system32\mma.reg
del /f /a %windir%\system32\mma.vbs
del /f /a %windir%\system32\mstcpcon20.dll
del /f /a %windir%\system32\mveo.exe
del /f /a %windir%\system32\netmanage.dll
del /f /a %windir%\system32\netsvcs.exe
del /f /a %windir%\system32\netused.dll
del /f /a %windir%\system32\ntkros.dll
del /f /a %windir%\system32\ntsys.exe
del /f /a %windir%\system32\ofcpfwsvcs.exe
del /f /a %windir%\system32\S2pidwaraynon.html
del /f /a %windir%\system32\scvhost.exe
del /f /a %windir%\system32\scvhosts.exe
del /f /a %windir%\system32\scvshosts.exe
del /f /a %windir%\system32\scvvhsot.exe
del /f /a %windir%\system32\setting.ini
del /f /a %windir%\system32\silent~1.exe
del /f /a %windir%\system32\sscvihost.exe
del /f /a %windir%\system32\sscviihost.exe
del /f /a %windir%\system32\ssvichosst.exe
del /f /a %windir%\system32\svshost.exe
del /f /a %windir%\system32\svohost.exe
del /f /a %windir%\system32\test.*
del /f /a %windir%\system32\vhost.exe
del /f /a %windir%\system32\wincab.sys
del /f /a %windir%\system32\winkrnl.exe
del /f /a %windir%\system32\winscok.dll
del /f /a %windir%\system32\wmiprvse.exe
del /f /a %windir%\system32\wvcst.*
del /f /a %windir%\system32\x264~1.exe
del /f /a %windir%\system32\zllictbl.dat
del /f /a %windir%\system32\drivers\spoclsv.exe
rd /q /s %windir%\ac12594
rd /q /s %windir%\Ad22098
rd /q /s %windir%\an16554
rd /q /s %windir%\SY20118
rd /q /s %windir%\ugqe
rd /q /s %windir%\Ad22098
rd /q /s %windir%\an16554
rd /q /s %windir%\SY20118
rd /q /s %windir%\ugqe
del /f /a %windir%\setup\dllhost.com
rd /q /s %windir%\setup
rd /q /s %windir%\setup
rd /q /s %windir%\system\_sv_cmd_
rd /q /s %windir%\system32\n2847
rd /q /s %windir%\system32\n5619
rd /q /s %windir%\system32\n8127
rd /q /s %windir%\system32\s5421
rd /q /s %windir%\system32\s8787
rd /q /s %windir%\system32\s6939
rd /q /s %windir%\system32\n5619
rd /q /s %windir%\system32\n8127
rd /q /s %windir%\system32\s5421
rd /q /s %windir%\system32\s8787
rd /q /s %windir%\system32\s6939
rd /q /s %windir%\temp\_istmpi.dir
for %%i in (C D E F G H) do del /f /a %%i:\aikelyu.html
for %%i in (C D E F G H) do del /f /a %%i:\__.*
for %%i in (C D E F G H) do del /f /a %%i:\3g08.bat
for %%i in (C D E F G H) do del /f /a %%i:\3wcxx91.cmd
for %%i in (C D E F G H) do del /f /a %%i:\8ng8w.com
for %%i in (C D E F G H) do del /f /a %%i:\8ot8y86.exe
for %%i in (C D E F G H) do del /f /a %%i:\8u.com
for %%i in (C D E F G H) do del /f /a %%i:\adober.exe
for %%i in (C D E F G H) do del /f /a %%i:\alecks.*
for %%i in (C D E F G H) do del /f /a %%i:\autorun.*
for %%i in (C D E F G H) do del /f /a %%i:\azkaban.*
for %%i in (C D E F G H) do del /f /a %%i:\bacabr~1.txt
for %%i in (C D E F G H) do del /f /a %%i:\bar311.exe
for %%i in (C D E F G H) do del /f /a %%i:\boot.exe
for %%i in (C D E F G H) do del /f /a %%i:\copy.exe
for %%i in (C D E F G H) do del /f /a %%i:\d.com
for %%i in (C D E F G H) do del /f /a %%i:\desktop.exe
for %%i in (C D E F G H) do del /f /a %%i:\desktop.ini
for %%i in (C D E F G H) do del /f /a %%i:\destrukto.vbs
for %%i in (C D E F G H) do del /f /a %%i:\exiplorer.exe
for %%i in (C D E F G H) do del /f /a %%i:\exp1orer.exe
for %%i in (C D E F G H) do del /f /a %%i:\explorar.vbs
for %%i in (C D E F G H) do del /f /a %%i:\explorer.exe
for %%i in (C D E F G H) do del /f /a %%i:\folder.htt
for %%i in (C D E F G H) do del /f /a %%i:\funnyu~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\FS6519.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\g2p3s.exe
for %%i in (C D E F G H) do del /f /a %%i:\gwe(i~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\h.cmd
for %%i in (C D E F G H) do del /f /a %%i:\h2.com
for %%i in (C D E F G H) do del /f /a %%i:\host.exe
for %%i in (C D E F G H) do del /f /a %%i:\iloveher.exe
for %%i in (C D E F G H) do del /f /a %%i:\ie.exe
for %%i in (C D E F G H) do del /f /a %%i:\imgkulot.*
for %%i in (C D E F G H) do del /f /a %%i:\infrom.exe
for %%i in (C D E F G H) do del /f /a %%i:\jay.exe
for %%i in (C D E F G H) do del /f /a %%i:\knight.exe
for %%i in (C D E F G H) do del /f /a %%i:\krag.exe
for %%i in (C D E F G H) do del /f /a %%i:\kragdor.log
for %%i in (C D E F G H) do del /f /a %%i:\kulitut.*
for %%i in (C D E F G H) do del /f /a %%i:\ldupver.txt
for %%i in (C D E F G H) do del /f /a %%i:\lsass.exe
for %%i in (C D E F G H) do del /f /a %%i:\maskrider2001.vbs
for %%i in (C D E F G H) do del /f /a %%i:\mma.bat
for %%i in (C D E F G H) do del /f /a %%i:\mma.reg
for %%i in (C D E F G H) do del /f /a %%i:\mma.vbs
for %%i in (C D E F G H) do del /f /a %%i:\MS32DLL.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\msvcr71.dll
for %%i in (C D E F G H) do del /f /a %%i:\mswinsck.ocx
for %%i in (C D E F G H) do del /f /a %%i:\n1deiect.com
for %%i in (C D E F G H) do del /f /a %%i:\netsvcs.exe
for %%i in (C D E F G H) do del /f /a %%i:\newdoc~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\newfol~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\noteped.exe
for %%i in (C D E F G H) do del /f /a %%i:\ntde1ect.com
for %%i in (C D E F G H) do del /f /a %%i:\p3r1ud.exe
for %%i in (C D E F G H) do del /f /a %%i:\pet32.exe
for %%i in (C D E F G H) do del /f /a %%i:\poogs.vbs
for %%i in (C D E F G H) do del /f /a %%i:\pooh.vbs
for %%i in (C D E F G H) do del /f /a %%i:\ravmone.exe
for %%i in (C D E F G H) do del /f /a %%i:\ravmonlog
for %%i in (C D E F G H) do del /f /a %%i:\recycler.exe
for %%i in (C D E F G H) do del /f /a %%i:\rootfo~1.com
for %%i in (C D E F G H) do del /f /a %%i:\sender.vbs
for %%i in (C D E F G H) do del /f /a %%i:\sexvid~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\scvhsot.exe
for %%i in (C D E F G H) do del /f /a %%i:\scvvhsot.exe
for %%i in (C D E F G H) do del /f /a %%i:\silent~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\SilentSoftecth.exe
for %%i in (C D E F G H) do del /f /a %%i:\smss.exe
for %%i in (C D E F G H) do del /f /a %%i:\sqlserv.exe
for %%i in (C D E F G H) do del /f /a %%i:\SSCVIHOST.exe
for %%i in (C D E F G H) do del /f /a %%i:\SSCVIIHOST.exe
for %%i in (C D E F G H) do del /f /a %%i:\SSVICHOSST.exe
for %%i in (C D E F G H) do del /f /a %%i:\sxs.exe
for %%i in (C D E F G H) do del /f /a %%i:\t.exe
for %%i in (C D E F G H) do del /f /a %%i:\test.*
for %%i in (C D E F G H) do del /f /a %%i:\ttms*.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\winconfig.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\wsctf.exe
for %%i in (C D E F G H) do del /f /a %%i:\wvcst.*
for %%i in (C D E F G H) do del /f /a %%i:\x.com
for %%i in (C D E F G H) do del /f /a %%i:\xn1i9x.com
for %%i in (C D E F G H) do del /f /a %%i:\zelurm~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\progra~1\intern~1\iexp1ore.exe
for %%i in (C D E F G H) do del /ah /ar /as %%i:\setup.exe
echo.
for %%i in (C D E F G H) do del /f /a %%i:\__.*
for %%i in (C D E F G H) do del /f /a %%i:\3g08.bat
for %%i in (C D E F G H) do del /f /a %%i:\3wcxx91.cmd
for %%i in (C D E F G H) do del /f /a %%i:\8ng8w.com
for %%i in (C D E F G H) do del /f /a %%i:\8ot8y86.exe
for %%i in (C D E F G H) do del /f /a %%i:\8u.com
for %%i in (C D E F G H) do del /f /a %%i:\adober.exe
for %%i in (C D E F G H) do del /f /a %%i:\alecks.*
for %%i in (C D E F G H) do del /f /a %%i:\autorun.*
for %%i in (C D E F G H) do del /f /a %%i:\azkaban.*
for %%i in (C D E F G H) do del /f /a %%i:\bacabr~1.txt
for %%i in (C D E F G H) do del /f /a %%i:\bar311.exe
for %%i in (C D E F G H) do del /f /a %%i:\boot.exe
for %%i in (C D E F G H) do del /f /a %%i:\copy.exe
for %%i in (C D E F G H) do del /f /a %%i:\d.com
for %%i in (C D E F G H) do del /f /a %%i:\desktop.exe
for %%i in (C D E F G H) do del /f /a %%i:\desktop.ini
for %%i in (C D E F G H) do del /f /a %%i:\destrukto.vbs
for %%i in (C D E F G H) do del /f /a %%i:\exiplorer.exe
for %%i in (C D E F G H) do del /f /a %%i:\exp1orer.exe
for %%i in (C D E F G H) do del /f /a %%i:\explorar.vbs
for %%i in (C D E F G H) do del /f /a %%i:\explorer.exe
for %%i in (C D E F G H) do del /f /a %%i:\folder.htt
for %%i in (C D E F G H) do del /f /a %%i:\funnyu~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\FS6519.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\g2p3s.exe
for %%i in (C D E F G H) do del /f /a %%i:\gwe(i~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\h.cmd
for %%i in (C D E F G H) do del /f /a %%i:\h2.com
for %%i in (C D E F G H) do del /f /a %%i:\host.exe
for %%i in (C D E F G H) do del /f /a %%i:\iloveher.exe
for %%i in (C D E F G H) do del /f /a %%i:\ie.exe
for %%i in (C D E F G H) do del /f /a %%i:\imgkulot.*
for %%i in (C D E F G H) do del /f /a %%i:\infrom.exe
for %%i in (C D E F G H) do del /f /a %%i:\jay.exe
for %%i in (C D E F G H) do del /f /a %%i:\knight.exe
for %%i in (C D E F G H) do del /f /a %%i:\krag.exe
for %%i in (C D E F G H) do del /f /a %%i:\kragdor.log
for %%i in (C D E F G H) do del /f /a %%i:\kulitut.*
for %%i in (C D E F G H) do del /f /a %%i:\ldupver.txt
for %%i in (C D E F G H) do del /f /a %%i:\lsass.exe
for %%i in (C D E F G H) do del /f /a %%i:\maskrider2001.vbs
for %%i in (C D E F G H) do del /f /a %%i:\mma.bat
for %%i in (C D E F G H) do del /f /a %%i:\mma.reg
for %%i in (C D E F G H) do del /f /a %%i:\mma.vbs
for %%i in (C D E F G H) do del /f /a %%i:\MS32DLL.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\msvcr71.dll
for %%i in (C D E F G H) do del /f /a %%i:\mswinsck.ocx
for %%i in (C D E F G H) do del /f /a %%i:\n1deiect.com
for %%i in (C D E F G H) do del /f /a %%i:\netsvcs.exe
for %%i in (C D E F G H) do del /f /a %%i:\newdoc~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\newfol~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\noteped.exe
for %%i in (C D E F G H) do del /f /a %%i:\ntde1ect.com
for %%i in (C D E F G H) do del /f /a %%i:\p3r1ud.exe
for %%i in (C D E F G H) do del /f /a %%i:\pet32.exe
for %%i in (C D E F G H) do del /f /a %%i:\poogs.vbs
for %%i in (C D E F G H) do del /f /a %%i:\pooh.vbs
for %%i in (C D E F G H) do del /f /a %%i:\ravmone.exe
for %%i in (C D E F G H) do del /f /a %%i:\ravmonlog
for %%i in (C D E F G H) do del /f /a %%i:\recycler.exe
for %%i in (C D E F G H) do del /f /a %%i:\rootfo~1.com
for %%i in (C D E F G H) do del /f /a %%i:\sender.vbs
for %%i in (C D E F G H) do del /f /a %%i:\sexvid~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\scvhsot.exe
for %%i in (C D E F G H) do del /f /a %%i:\scvvhsot.exe
for %%i in (C D E F G H) do del /f /a %%i:\silent~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\SilentSoftecth.exe
for %%i in (C D E F G H) do del /f /a %%i:\smss.exe
for %%i in (C D E F G H) do del /f /a %%i:\sqlserv.exe
for %%i in (C D E F G H) do del /f /a %%i:\SSCVIHOST.exe
for %%i in (C D E F G H) do del /f /a %%i:\SSCVIIHOST.exe
for %%i in (C D E F G H) do del /f /a %%i:\SSVICHOSST.exe
for %%i in (C D E F G H) do del /f /a %%i:\sxs.exe
for %%i in (C D E F G H) do del /f /a %%i:\t.exe
for %%i in (C D E F G H) do del /f /a %%i:\test.*
for %%i in (C D E F G H) do del /f /a %%i:\ttms*.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\winconfig.dll.vbs
for %%i in (C D E F G H) do del /f /a %%i:\wsctf.exe
for %%i in (C D E F G H) do del /f /a %%i:\wvcst.*
for %%i in (C D E F G H) do del /f /a %%i:\x.com
for %%i in (C D E F G H) do del /f /a %%i:\xn1i9x.com
for %%i in (C D E F G H) do del /f /a %%i:\zelurm~1.exe
for %%i in (C D E F G H) do del /f /a %%i:\progra~1\intern~1\iexp1ore.exe
for %%i in (C D E F G H) do del /ah /ar /as %%i:\setup.exe
echo.
for %%i in (C D E F G H) do rd /q /s %%i:\$lddata$
for %%i in (C D E F G H) do rd /q /s %%i:\ms-dos
for %%i in (C D E F G H) do rd /q /s %%i:\ms.config
for %%i in (C D E F G H) do rd /q /s %%i:\msrm
for %%i in (C D E F G H) do rd /q /s %%i:\nt.config
for %%i in (C D E F G H) do rd /q /s %%i:\recycled
for %%i in (C D E F G H) do rd /q /s %%i:\rm
for %%i in (D E F G H) do rd /q /s %%i:\recycler\recycler
for %%i in (D E F G H) do rd /q /s %%i:\recycler
echo.
for %%i in (C D E F G H) do rd /q /s %%i:\ms-dos
for %%i in (C D E F G H) do rd /q /s %%i:\ms.config
for %%i in (C D E F G H) do rd /q /s %%i:\msrm
for %%i in (C D E F G H) do rd /q /s %%i:\nt.config
for %%i in (C D E F G H) do rd /q /s %%i:\recycled
for %%i in (C D E F G H) do rd /q /s %%i:\rm
for %%i in (D E F G H) do rd /q /s %%i:\recycler\recycler
for %%i in (D E F G H) do rd /q /s %%i:\recycler
echo.
Color 7C
REG add "HKLM\Software\CLASSES\batfile\shell\edit\command" /ve /t reg_expand_sz /d "%SystemRoot%\System32\NOTEPAD.EXE %%1" /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t reg_sz /d "Explorer.exe" /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t reg_sz /d "%SystemRoot%\system32\userinit.exe," /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeCaption" /t reg_sz /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeText" /t reg_sz /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t reg_sz /d "Explorer.exe" /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Userinit" /t reg_sz /d "%SystemRoot%\system32\userinit.exe," /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeCaption" /t reg_sz /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "LegalNoticeText" /t reg_sz /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "Hidden" /f >nul
REG add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL" /v "CheckedValue" /t reg_dword /d 1 /f >nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 0 /f > nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 1 /f >nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFind /t REG_DWORD /d 0 /f > nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 0 /f > nul
REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoRun /t REG_DWORD /d 0 /f > nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 0 /f >nul
REG add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /t REG_DWORD /d 0 /f >nul
REG add "HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v HomePage /t REG_DWORD /d 0 /f >nul
REG add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t reg_sz /d "http://www.google.com.ph/intl/en/" /f >nul
REM ----------------------------------------------------
REM [Hidden Value = [1 = Show, 2 = Hide Files (Default)]
REM ----------------------------------------------------
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 1 /f >nul
REM [Hidden Value = [1 = Show, 2 = Hide Files (Default)]
REM ----------------------------------------------------
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 1 /f >nul
REM ---------------------------------------------------------------------
REM [ShowSupperHidden Value = [1 = Show, 0 = Hide System Files (Default)]
REM ---------------------------------------------------------------------
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 1 /f >nul
REM [ShowSupperHidden Value = [1 = Show, 0 = Hide System Files (Default)]
REM ---------------------------------------------------------------------
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 1 /f >nul
REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "RegisteredOrganization" /f >nul
REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "RegisteredOwner" /f >nul
REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "ProductId" /f >nul
REG delete "HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v "ProcessorNameString" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /ve /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "{random}" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "ctfmon.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ampli" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "amva" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "avpa" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ccPrxy.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Disk Knight" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Explorer" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "EXPLORER.EXE" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "f1761gta" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Firewall auto setup" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "FS6519" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "kava" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "krag" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Local Security Authority Service" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "maskrider" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ms32dll" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSConfig" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSPetServ" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "N2328c" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "OfcpfwSvcs.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "RavAV" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Runonce" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "S2pidwaraynon" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "scApp" /f
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "SilentSoftech" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchosl" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchost" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "svcshare" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "System File" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Task Manager" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winconfig" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WindowNT" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winlogon.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WinRun" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "wsctf.exe" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "y1860ace" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messenger" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messengger" /f >nul
REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "RegisteredOwner" /f >nul
REG delete "HKLM\Software\Microsoft\Windows\CurrentVersion" /v "ProductId" /f >nul
REG delete "HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v "ProcessorNameString" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /ve /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "{random}" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "ctfmon.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ampli" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "amva" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "avpa" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ccPrxy.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Disk Knight" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Explorer" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "EXPLORER.EXE" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "f1761gta" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Firewall auto setup" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "FS6519" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "kava" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "krag" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Local Security Authority Service" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "maskrider" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ms32dll" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSConfig" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "MSPetServ" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "N2328c" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "nav_x" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "OfcpfwSvcs.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "RavAV" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Runonce" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "S2pidwaraynon" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "scApp" /f
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "SilentSoftech" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchosl" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "svchost" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "svcshare" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "System File" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Task Manager" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winconfig" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WindowNT" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "winlogon.exe" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "WinRun" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "wsctf.exe" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "y1860ace" /f >nul
REG delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messenger" /f >nul
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Yahoo Messengger" /f >nul
REG delete "HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" /f >nul
REG delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Window Title" /f >nul
REG delete "HKLM\SYSTEM\ControlSet001\Services\dnscon" /f >nul
REG delete "HKLM\SYSTEM\ControlSet001\Services\NetManager" /f >nul
REG delete "HKLM\SYSTEM\ControlSet001\Services\PmApiService" /f >nul
REG delete "HKLM\SYSTEM\ControlSet002\Services\dnscon" /f >nul
REG delete "HKLM\SYSTEM\ControlSet002\Services\NetManager" /f >nul
REG delete "HKLM\SYSTEM\ControlSet002\Services\PmApiService" /f >nul
REG delete "HKLM\SYSTEM\CurrentControlSet\Services\dnscon" /f >nul
REG delete "HKLM\SYSTEM\CurrentControlSet\Services\NetManager" /f >nul
REG delete "HKLM\SYSTEM\CurrentControlSet\Services\PmApiService" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2328c" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2373c" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "PolicyRun" /f >nul
REG delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "y1860ace" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /ve /f >nul
REG delete "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Window Title" /f >nul
REG delete "HKLM\SYSTEM\ControlSet001\Services\dnscon" /f >nul
REG delete "HKLM\SYSTEM\ControlSet001\Services\NetManager" /f >nul
REG delete "HKLM\SYSTEM\ControlSet001\Services\PmApiService" /f >nul
REG delete "HKLM\SYSTEM\ControlSet002\Services\dnscon" /f >nul
REG delete "HKLM\SYSTEM\ControlSet002\Services\NetManager" /f >nul
REG delete "HKLM\SYSTEM\ControlSet002\Services\PmApiService" /f >nul
REG delete "HKLM\SYSTEM\CurrentControlSet\Services\dnscon" /f >nul
REG delete "HKLM\SYSTEM\CurrentControlSet\Services\NetManager" /f >nul
REG delete "HKLM\SYSTEM\CurrentControlSet\Services\PmApiService" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2328c" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "N2373c" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "PolicyRun" /f >nul
REG delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /v "y1860ace" /f >nul
REG delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /ve /f >nul
______________________________
Getting back the attributes.
______________________________
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 0 /f >nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 2 /f >nul
REG add HCKU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "HideFileExt" /t reg_dword /d 1 /f >nul
echo.
msg %username% /w /time:15 VIRUSES HAS BEEN REMOVED!!!
Getting back the attributes.
______________________________
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden" /t reg_dword /d 0 /f >nul
REG add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Hidden" /t reg_dword /d 2 /f >nul
REG add HCKU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "HideFileExt" /t reg_dword /d 1 /f >nul
echo.
