批处理脚本的反混淆

Question

如何对以下批处理脚本进行反混淆？有没有在线工具或类似的东西？下载

我还没有成功使用 chatgpt 或类似的东西。我还能做些什么吗？

我真的对文件去混淆一无所知。我认为这很复杂，但我想我应该尝试在这里问

Answer 1

无需安装或下载任何东西，只需要批处理文件的基本知识。 （如果没有，则不应运行任何下载的批处理文件）。

这是您已删除混淆的文件：

@shift /0
?t&@cls&@Rem Decoded Below Here






@echo off
set ztmp=C:\Users\grejn\AppData\Local\Temp\wtmpd
set MYFILES=C:\Users\grejn\AppData\Local\Temp\myfiles
set bfcec=tmp26056.exe
set cmdline=
SHIFT /0
@echo off
color 1
title Trauma Cleaner
echo.
echo [37m                                            Trwa ladowanie z baza danych...[0m
timeout 5 >nul

goto main



pause >>nul
echo.
:main
cls
color 5 
echo                 ____  ____    __    __  __  __  __    __       ___  __    ____    __    _  _  ____  ____ 
echo                (_  _)(  _ \  /__\  (  )(  )(  \/  )  /__\     / __)(  )  ( ___)  /__\  ( \( )( ___)(  _ \
echo                  )(   )   / /(__)\  )(__)(  )    (  /(__)\   ( (__  )(__  )__)  /(__)\  )  (  )__)  )   /
echo                 (__) (_)\_)(__)(__)(______)(_/\/\_)(__)(__)   \___)(____)(____)(__)(__)(_)\_)(____)(_)\_)
echo.
echo                                                       [1] Cleaner
echo.
echo                                                       [2] Bypass
echo.
echo                                                       [3] Website
echo.
echo.
echo.                                       
set /p opcja=
if %opcja%==1 goto cleaner
if %opcja%==2 goto bypass
if %opcja%==3 goto strona
goto zly_wybor
:cleaner
cls
echo Trwa clearowanie zawartosci komputera...
timeout 2 >nul
@echo off
del C:\%USERNAME%\AppData\Roaming\CitizenFX\imgui.ini
del C:\Program Files\Rockstar Games\Grand Theft Auto V\imgui.ini
del /s /f /q C:\Windows\setupact.log
del /s /f /q C:\Windows\inf\setupapi.dev.log
del /s /f /q C:\Windows\inf\setupapi.setup.log
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\control\class\{71a27cdd-812a-11d0-bec7-08002be2092f}\0003
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\control\devicecontainers\{baa9245d-aa06-57ce-8b29-b06a81ab2332}
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\control\class\{eec5ad98-8080-425f-922a-dabf3de3f69a}\0000
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\control\deviceclasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#storage#volume#_??_usbstor#disk&ven_generic&prod_flash_disk&rev_8.07#6b2e5c07&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\control\deviceclasses\{6ac27878-a6fa-4155-ba85-f98f491d4f33}\##?#swd#wpdbusenum#_??_usbstor#disk&ven_generic&prod_flash_disk&rev_8.07#6b2e5c07&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{6ac27878-a6fa-4155-ba85-f98f491d4f33}
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\control\deviceclasses\{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}\##?#swd#wpdbusenum#_??_usbstor#disk&ven_generic&prod_flash_disk&rev_8.07#6b2e5c07&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\control\deviceclasses\{10497b1b-ba51-44e5-8318-a65c837b6661}\##?#swd#wpdbusenum#_??_usbstor#disk&ven_generic&prod_flash_disk&rev_8.07#6b2e5c07&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{10497b1b-ba51-44e5-8318-a65c837b6661}
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\control\deviceclasses\{7f108a28-9833-4b3b-b780-2c6b5fa5c062}\##?#storage#volume#_??_usbstor#disk&ven_generic&prod_flash_disk&rev_8.07#6b2e5c07&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\control\deviceclasses\{6ead3d82-25ec-46bc-b7fd-c1f0df8f5037}\##?#storage#volume#_??_usbstor#disk&ven_generic&prod_flash_disk&rev_8.07#6b2e5c07&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{6ead3d82-25ec-46bc-b7fd-c1f0df8f5037}
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\enum\storage\volume\_??_usbstor#disk&ven_generic&prod_flash_disk&rev_8.07#6b2e5c07&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\enum\swd\wpdbusenum\_??_usbstor#disk&ven_generic&prod_flash_disk&rev_8.07#6b2e5c07&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\services\usbstor\enum
del /s /f /q HKEY_LOCAL_MACHINE\system\controlset001\services\rdyboost\attachstate
del /s /f /q HKEY_LOCAL_MACHINE\system\setup\setupapilogstatus
del /s /f /q HKEY_LOCAL_MACHINE\software\microsoft\windows portable devices\devices\swd#wpdbusenum#_??_usbstor#disk&ven_generic&prod_flash_disk&rev_8.07#6b2e5c07&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\muicache
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\shell\bagmru
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\10
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\11
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\12
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\13
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\14
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\15
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\16
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\17
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\18
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\19
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\2
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\20
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\21
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\22
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\23
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\24
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\25
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\26
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\27
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\28
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\29
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\3
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\30
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\31
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\32
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\33
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\4
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\5
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\6
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\7
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\8
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\9
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bags\allfolders
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bagmru\0
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bagmru\1
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bagmru\2
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bagmru\3
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\local settings\software\microsoft\windows\shell\bagmru
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\10
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\11
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\12
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\13
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\14
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\15
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\16
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\17
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\18
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\19
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\2
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\20
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\21
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\22
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\23
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\24
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\25
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\26
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\27
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\28
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\29
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\3
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\30
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\31
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\32
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\33
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\4
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\5
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\6
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\7
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\8
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\9
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bags\allfolders
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bagmru\0
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bagmru\1
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bagmru\2
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software3\microsoft\windows\shell\bagmru\3
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\classes\wow6432node\local settings\software\microsoft\windows\shell\bagmru
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist\{9e04cab2-cc14-11df-bb8c-a2f1ded72085}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist\{a3d53349-6e61-4557-8fc7-0028edceebf6}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist\{b267e3ad-a825-4a09-82b9-eec22aa3b847}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist\{bcb48336-4ddd-48ff-bb0b-d3190dacb3e2}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist\{caa59e3c-4792-41a5-9909-6a6a8d32490e}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist\{cebff5cd-ace2-4f4f-9178-9926f41749ea}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist\{f2a1cb5a-e3cc-4a2e-af9d-505a7009d442}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist\{f4e57c4b-2036-45f0-a9ab-443bcfe33d9f}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist\{fa99dfc7-6ac2-453a-a5e2-5e2aff4507bd}
del /s /f /q HKEY_USERS\s-1-5-21-1569779005-389719519-3621680972-1001\software\microsoft\windows\currentversion\explorer\userassist
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts.dll\OpenWithList
del /s /f /q HKEY_USERS\S-1-5-21-4140603452-1932478776-168934769-1003\SOFTWARE\WinRAR\DialogEditHistory\FindNames
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ArcName
del /s /f /q HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications
del /s /f /q HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted
del /s /f /q HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths
del /s /f /q HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
del /s /f /q HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\VolumeInfoCache\
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\AMD\HKIDs
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
del /s /f /q HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\DisallowRun
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2500849687-2721182600-1618266379-1001
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\
del /s /f /q HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
del /s /f /q HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\VolumeInfoCache
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\AMD\HKIDs
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
del /s /f /q HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\DisallowRun
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2500849687-2721182600-1618266379-1001
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore
del /s /f /q HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
rmdir /s /q "C:\Windows\System32\drivers\NVIDIA Corporation"
cd /d "C:\Windows\System32\DriverStore\FileRepository\"
del /s /f /q HKEY_USERS\S-1-5-21-3717294198-4166066372-1238365284-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
del /s /f /q HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store
del /s /f /q HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU
del /s /f /q HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
del /s /f /q HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
del /s /f /q HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched
del /s /f /q HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet
del /s /f /q HKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
del /s /f /q HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
del /s /f /q HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
del /s /f /q HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\VolumeInfoCache
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\STORAGE\Volume
del /s /f /q HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
del *.log /a /s /q
@de
@DEL C:\cfxmafia*.* 
@DEL C:\redENGINE*.*
@DEL C:\Eulen*.*
@RD /S /Q "C:\redENGINE"
@RD /S /Q "C:\Eulen"
@RD /S /Q "C:\cfxmafia"
@del /s /f /q C:\Users\%USERNAME%\Desktop\settings.cock
@del /s /f /q C:\Users\%USERNAME%\Desktop\loader.cfg
@del /s /f /q C:\path.json
@del /s /f /q C:\settings.json
@del /s /f /q C:\Users\%USERNAME%\Desktop\loader.exe 
@del /s /f /q C:\Users\%USERNAME%\Downloads\loader.cfg
@del /s /f /q C:\Users\Public\cryptography.dll
@del /s /f /q %LOCALAPPDATA%\FiveM\FiveM.app\plugins\d3d10.dll
@del /s /f /q %LOCALAPPDATA%\FiveM\FiveM.app\citizen\scripting\lua\scheduler.lua
@del /s /f /q C:\Users\%USERNAME%\AppData\Local\ReShade.ini
@del /s /f /q "C:\Program Files\Rockstar Games\Grand Theft Auto V\d3d10.dll"
@del /s /f /q "C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\d3d10.dll"
rd "C:\ProgramData\NVIDIA" /s /q
md "C:\ProgramData\NVIDIA"
for /f "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
if (%adminTest%)==(Access) goto noAdmin
for /f "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
sc delete diagnosticshub.standardcollector.service
sc delete DiagTrack
sc delete dmwappushservice
sc delete WerSvc
sc delete OneSyncSvc
sc delete MessagingService
sc delete wercplsupport
sc delete PcaSvc
sc config wlidsvc start=demand
sc delete wisvc
sc delete RetailDemo
sc delete diagsvc
sc delete shpamsvc 
sc delete TermService
sc delete UmRdpService
sc delete Everything 
sc delete SessionEnv
sc delete TroubleshootingSvc
dir NvTelemetry64.dll /a /b /s
del NvTelemetry64.dll /a /s
del /s /f /q C:\Program Files\driver64.dat
del /s /f /q C:\ProgramData\loader.data
del /s /f /q c:\windows\temp\*.*
del /s /f /q C:\WINDOWS\Prefetch\
del /s /f /q %temp%\*.*
deltree /y c:\windows\tempor~1
deltree /y c:\windows\temp
deltree /y c:\windows\tmp
deltree /y c:\windows\ff*.tmp
deltree /y c:\windows\history
deltree /y c:\windows\cookies
deltree /y c:\windows\recent
deltree /y c:\windows\spool\printers
deltree /y %SystemRoot%%\System32\Winevt\Logs\Microsoft-Windows-Kernel-Cache%4Operational.evtx
deltree /y %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx
deltree /y %SystemRoot%\System32\Winevt\Logs\Application.evtx
deltree /y %SystemRoot%\System32\Winevt\Logs\System.evtx
rd "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent" /s /q
md "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent"
rd "C:\Windows\System32\d3d10_2.dll" /s /q
md "C:\Windows\System32\d3d10_2.dll"
rd "C:\$Recycle.bin" /s /q
md "C:\$Recycle.bin"
rd "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\History" /s /q
md "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\History"
rd "C:\Windows\Temp" /s /q
md "C:\Windows\Temp"
rd "C:\Users\%USERPROFILE%\Temp" /s /q
md "C:\Users\%USERPROFILE%\Temp"
rd "C:\Users\%USERNAME%\AppData\Local\Temp" /s /q
md "C:\Users\%USERNAME%\AppData\Local\Temp" 
rd "%USERPROFILE%\AppData\Local\Temp" /s /q
md "%USERPROFILE%\AppData\Local\Temp"
rd "C:\Windows\Prefetch" /s /q
md "C:\Windows\Prefetch"
rd "C:\Users\%USERPROFILE%\Prefetch" /s /q
md "C:\Users\%USERPROFILE%\Prefetch"
rd "C:\Users\%USERPROFILE%\Recent" /s /q
md "C:\Users\%USERPROFILE%\Recent"
rd "C:\ProgramData\Microsoft\Windows\WER\ReportArchive" /s /q
md "C:\ProgramData\Microsoft\Windows\WER\ReportArchive"
rd "C:\Windows\SoftwareDistribution\Download" /s /q
md "C:\Windows\SoftwareDistribution\Download"
timeout 2 > nul
echo Zawartosc komputera zostala wyczyszczona!
pause
goto main
:zly_wybor
echo Nie poprawna opcja! Sprobuj ponownie
pause
goto main


:bypass
cls
echo Trwa bypassowanie komputera...
timeout 2 >nul
@echo off
net stop diagtrack
net stopsysmain
net stop eventlog
net stop dps
ipconfig /flushdns
"Get-ChildItem -path $Directory -Recurse -Include .exe | Set-ChildItem -StartupType Disabled"
"Get-Service diagnosticshub.standardcollector.service | Set-Service -StartupType Disabled"
"Get-Service DPS | Set-Service -StartupType Disabled"
"Get-Service WMPNetworkSvc | Set-Service -StartupType Disabled"
SC config "diagnosticshub.standardcollector.service" start= disabled
SC config "DPS " start= disabled
wmic process where name="FiveM.exe" CALL setpriority 128
wmic process where name="FiveM_b2189_GTAProcess.exe" CALL setpriority 128
SC config "WMPNetworkSvc" start= disabled
NET STOP diagnosticshub.standardcollector.service
powercfg -s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
NET STOP DPS
fsutil usn deletejournal /D d:
fsutil usn deletejournal /d C:
fsutil usn lastActivityView /d C:
fsutil usn Everything /d C:
fsutil usn pcasvc /d C:
NET STOP WMPNetworkSvc
SC delete "diagnosticshub.standardcollector.service"
SC delete "DPS"
SC delete "WMPNetworkSvc"
taskkill /f /im explorer.exe
start explorer.exe
taskkill /f /im Ctfmon.exe
start Ctfmon.exe
taskkill /f /im Taskhostw.exe
start Taskhostw.exe
taskkill /f /im wmpnetwk.exe.exe
taskkill /f /im OneDrive.exe
taskkill /f /im speedfan.exe
taskkill /f /im TeamWiever_Service.exe
taskkill /f /im opera.exe
taskkill /f /im java.exed
timeout 2 > nul
echo Komputer zostal zbypassowany!
pause
goto main
:strona
cls
echo Trwa przenoszenie na strone internetowa...
timeout 2 > nul
@echo off
start "msedge.exe" "https://traumacleaner.pl"
timeout 2 > nul
echo Zostales przeniesiony na strone internetowa!
pause
goto main

但是我要说的是，即使删除了拼写错误，仍然有一百五十个左右的命令完全不正确，并且无法实现预期的任务。这是由一个显然不知道自己在做什么的人写的非常糟糕，应该不要打扰。

Answer 2

您可以使用 batch_deobfuscator 或其他类似工具对通过字符串替换和转义字符技术进行混淆的批处理脚本进行反混淆。

警告： 如果您打算使用此工具，请阅读这篇文章的评论！

这是您的文件的结果：

警告： 正如 Compo 在评论中所说，请注意此类工具的输出可能无法真实表示原始内容。

Answer 3

关于@Compo 评论

我是batch_deobfuscator的作者；

如果您在 Windows 计算机上运行代码，环境变量将替换为系统中环境变量的实际值。

https://github.com/DissectMalware/batch_deobfuscator/blob/master/batch_deobfuscator/batch_interpreter.py#L53

也许更好的方法是添加一个新的开关来控制是否要替换环境变量，以及如果需要，是否要使用假值或真实值。

批处理脚本的反混淆

问题描述投票：0回答：3

3个回答

最新问题

批处理脚本的反混淆

问题描述 投票：0回答：3

3个回答

最新问题

问题描述投票：0回答：3