Scan regedit et processus

alf -  
lawre Messages postés 37 Statut Membre -
Bonjour,
qq'un pourrait il me donner un exemple de p'tit programme ss w2k fait maison qui scannerait la regedit et supprimerait des clés spécifiques.
Meme chose pour les processus.
Peu importe en quoi il est écrit (simple si possible, je programme pas mais je bidouille bien).
D'avance merci

2 réponses

  1. alf
     
    re b'jour,
    j'ai trouvé ça chez bellamy mais pourquoi le delkey ne marche t il pas?

    ' --------------------------------------------------------------------
    ' Script VBS d'dication de GATOR (spyware installvec DivX V5)
    '
    ' JC BELLAMY 2002
    ' --------------------------------------------------------------------
    Const HKEY_CLASSES_ROOT = &H80000000
    Const HKEY_CURRENT_USER = &H80000001
    Const HKEY_LOCAL_MACHINE = &H80000002
    Const HKEY_USERS = &H80000003
    Const SW_SHOWNORMAL=1

    Dim net, shell, user, computer, args, fso, objRegistry,wmiLocator,wmiNameSpace
    Dim StdIn, StdOut
    Set StdIn = WScript.StdIn
    Set StdOut = WScript.StdOut
    Set net = Wscript.CreateObject("WScript.Network")
    Set shell = WScript.CreateObject("WScript.Shell")
    Set fso = WScript.CreateObject("Scripting.FileSystemObject")
    Set args = Wscript.Arguments
    Set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
    Set wmiNameSpace = wmiLocator.ConnectServer("", "root\default")
    Set objRegistry = wmiNameSpace.Get("StdRegProv")

    TestHost true
    '
    message= "Eradication du spyware GATOR" & VBCRLF
    message=message & "JCB 2002" & VBCRLF
    message=message & "----------------------------" & VBCRLF
    message=message & "Ce script va dcter l'existence de GATOR" & VBCRLF
    message=message & "et le dnstaller le cas t" & VBCRLF
    wscript.echo message
    StdOut.Write "Voulez-vous continuer (O/N) ? : "
    rep = StdIn.ReadLine
    If len(rep)=0 then rep="N"
    rep=ucase(left(rep,1))
    If (rep<>"O") and (rep<>"Y") Then WScript.Quit
    wscript.echo "Veuillez patienter..."
    message=""

    ' Test d'existence du processus initial de Gator
    On Error Resume Next
    trickler=shell.RegRead("HKEY_LOCAL_MACHINE\software\Gator.com\Trickler\AppPath")
    If Err.Number=0 Then
    p=InstrRev(trickler,"\")
    ProcessName=mid(trickler,p+1)
    KillProcess ProcessName
    DelFile trickler
    end if

    KillProcess "GMT.exe"
    KillProcess "CMESys.exe"

    delkey HKEY_CLASSES_ROOT, "clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\"
    delkey HKEY_LOCAL_MACHINE, "software\Gator.com\"
    delkey HKEY_LOCAL_MACHINE, "software\GatorTest\"
    delkey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentversion\stashedgef"
    delkey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentversion\stashedgmg"
    delkey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentversion\run\cmesys"

    dir1=shell.ExpandEnvironmentStrings("%ALLUSERSPROFILE%")
    dir2=shell.ExpandEnvironmentStrings("%USERPROFILE%")
    GatorFolder="GAIN"

    trouve=false
    explore dir1
    trouve=false
    explore dir2
    If not trouve Then AddMessage "Dossier de drrage de GATOR non trouv

    DelFolder shell.ExpandEnvironmentStrings("%TEMP%") & "\fsg_tmp"
    DelFolder shell.ExpandEnvironmentStrings("%CommonProgramFiles%") & "\CMEII"
    DelFolder shell.ExpandEnvironmentStrings("%CommonProgramFiles%") & "\GMT"

    DelFile shell.ExpandEnvironmentStrings("%windir%") & "\GatorPatch.log"
    DelFile shell.ExpandEnvironmentStrings("%windir%") & "\GatorPdpSetup.log"

    AddMessage VBCRLF & "*** GATOR diqu**"
    wscript.echo Message

    Wscript.quit
    '----------------------------------------------------------------------
    Sub DelKey(hive,key)
    KeyName=HiveName(hive) & key
    Dim lRC
    lRC = objRegistry.DeleteKey(Hive,key)
    If lRC<>0 Then lRC=DelAllSubkey(hive,key)
    If lRC<>0 Then
    AddMessage "Clef non trouvou impossible upprimer :" & VBCRLF & " " & KeyName
    else
    AddMessage "Clef supprim:" & VBCRLF & " " & KeyName
    End If
    end sub
    ' -------------------------------------
    Function DelAllSubkey(hive,key)
    Dim lRC,sNames
    On Error Resume Next
    lRC = objRegistry.EnumKey(hive,key,sNames)
    For Each sKeyName In sNames
    If Err.Number <> 0 Then Exit For
    lRC = DelAllSubkey(hive,key & "\" & sKeyName)
    Next
    On Error Goto 0
    DelAllSubkey=objRegistry.DeleteKey(Hive,key)
    End Function
    '----------------------------------------------------------------------
    0
  2. lawre Messages postés 37 Statut Membre 4
     
    Salut,

    Ce lien pour manipuler le registre:
    http://www.supinfo-projects.com/fr/2004/api%5Fbasederegistre%5F%5Fvb%5Ffr/
    0