Scan regedit et processus
Fermé
alf
-
23 nov. 2004 à 17:34
lawre Messages postés 36 Date d'inscription vendredi 24 juin 2005 Statut Membre Dernière intervention 19 novembre 2010 - 9 nov. 2006 à 16:03
lawre Messages postés 36 Date d'inscription vendredi 24 juin 2005 Statut Membre Dernière intervention 19 novembre 2010 - 9 nov. 2006 à 16:03
A voir également:
- Scan regedit et processus
- Regedit - Guide
- Scan now - Guide
- Scan manga - Forum Réseaux sociaux
- Impossible d'accéder à scan manga - Forum Réseaux sociaux
- Genius scan - Télécharger - Organisation
2 réponses
re b'jour,
j'ai trouvé ça chez bellamy mais pourquoi le delkey ne marche t il pas?
' --------------------------------------------------------------------
' Script VBS d'dication de GATOR (spyware installvec DivX V5)
'
' JC BELLAMY 2002
' --------------------------------------------------------------------
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const SW_SHOWNORMAL=1
Dim net, shell, user, computer, args, fso, objRegistry,wmiLocator,wmiNameSpace
Dim StdIn, StdOut
Set StdIn = WScript.StdIn
Set StdOut = WScript.StdOut
Set net = Wscript.CreateObject("WScript.Network")
Set shell = WScript.CreateObject("WScript.Shell")
Set fso = WScript.CreateObject("Scripting.FileSystemObject")
Set args = Wscript.Arguments
Set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
Set wmiNameSpace = wmiLocator.ConnectServer("", "root\default")
Set objRegistry = wmiNameSpace.Get("StdRegProv")
TestHost true
'
message= "Eradication du spyware GATOR" & VBCRLF
message=message & "JCB 2002" & VBCRLF
message=message & "----------------------------" & VBCRLF
message=message & "Ce script va dcter l'existence de GATOR" & VBCRLF
message=message & "et le dnstaller le cas t" & VBCRLF
wscript.echo message
StdOut.Write "Voulez-vous continuer (O/N) ? : "
rep = StdIn.ReadLine
If len(rep)=0 then rep="N"
rep=ucase(left(rep,1))
If (rep<>"O") and (rep<>"Y") Then WScript.Quit
wscript.echo "Veuillez patienter..."
message=""
' Test d'existence du processus initial de Gator
On Error Resume Next
trickler=shell.RegRead("HKEY_LOCAL_MACHINE\software\Gator.com\Trickler\AppPath")
If Err.Number=0 Then
p=InstrRev(trickler,"\")
ProcessName=mid(trickler,p+1)
KillProcess ProcessName
DelFile trickler
end if
KillProcess "GMT.exe"
KillProcess "CMESys.exe"
delkey HKEY_CLASSES_ROOT, "clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\"
delkey HKEY_LOCAL_MACHINE, "software\Gator.com\"
delkey HKEY_LOCAL_MACHINE, "software\GatorTest\"
delkey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentversion\stashedgef"
delkey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentversion\stashedgmg"
delkey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentversion\run\cmesys"
dir1=shell.ExpandEnvironmentStrings("%ALLUSERSPROFILE%")
dir2=shell.ExpandEnvironmentStrings("%USERPROFILE%")
GatorFolder="GAIN"
trouve=false
explore dir1
trouve=false
explore dir2
If not trouve Then AddMessage "Dossier de drrage de GATOR non trouv
DelFolder shell.ExpandEnvironmentStrings("%TEMP%") & "\fsg_tmp"
DelFolder shell.ExpandEnvironmentStrings("%CommonProgramFiles%") & "\CMEII"
DelFolder shell.ExpandEnvironmentStrings("%CommonProgramFiles%") & "\GMT"
DelFile shell.ExpandEnvironmentStrings("%windir%") & "\GatorPatch.log"
DelFile shell.ExpandEnvironmentStrings("%windir%") & "\GatorPdpSetup.log"
AddMessage VBCRLF & "*** GATOR diqu**"
wscript.echo Message
Wscript.quit
'----------------------------------------------------------------------
Sub DelKey(hive,key)
KeyName=HiveName(hive) & key
Dim lRC
lRC = objRegistry.DeleteKey(Hive,key)
If lRC<>0 Then lRC=DelAllSubkey(hive,key)
If lRC<>0 Then
AddMessage "Clef non trouvou impossible upprimer :" & VBCRLF & " " & KeyName
else
AddMessage "Clef supprim:" & VBCRLF & " " & KeyName
End If
end sub
' -------------------------------------
Function DelAllSubkey(hive,key)
Dim lRC,sNames
On Error Resume Next
lRC = objRegistry.EnumKey(hive,key,sNames)
For Each sKeyName In sNames
If Err.Number <> 0 Then Exit For
lRC = DelAllSubkey(hive,key & "\" & sKeyName)
Next
On Error Goto 0
DelAllSubkey=objRegistry.DeleteKey(Hive,key)
End Function
'----------------------------------------------------------------------
j'ai trouvé ça chez bellamy mais pourquoi le delkey ne marche t il pas?
' --------------------------------------------------------------------
' Script VBS d'dication de GATOR (spyware installvec DivX V5)
'
' JC BELLAMY 2002
' --------------------------------------------------------------------
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const SW_SHOWNORMAL=1
Dim net, shell, user, computer, args, fso, objRegistry,wmiLocator,wmiNameSpace
Dim StdIn, StdOut
Set StdIn = WScript.StdIn
Set StdOut = WScript.StdOut
Set net = Wscript.CreateObject("WScript.Network")
Set shell = WScript.CreateObject("WScript.Shell")
Set fso = WScript.CreateObject("Scripting.FileSystemObject")
Set args = Wscript.Arguments
Set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
Set wmiNameSpace = wmiLocator.ConnectServer("", "root\default")
Set objRegistry = wmiNameSpace.Get("StdRegProv")
TestHost true
'
message= "Eradication du spyware GATOR" & VBCRLF
message=message & "JCB 2002" & VBCRLF
message=message & "----------------------------" & VBCRLF
message=message & "Ce script va dcter l'existence de GATOR" & VBCRLF
message=message & "et le dnstaller le cas t" & VBCRLF
wscript.echo message
StdOut.Write "Voulez-vous continuer (O/N) ? : "
rep = StdIn.ReadLine
If len(rep)=0 then rep="N"
rep=ucase(left(rep,1))
If (rep<>"O") and (rep<>"Y") Then WScript.Quit
wscript.echo "Veuillez patienter..."
message=""
' Test d'existence du processus initial de Gator
On Error Resume Next
trickler=shell.RegRead("HKEY_LOCAL_MACHINE\software\Gator.com\Trickler\AppPath")
If Err.Number=0 Then
p=InstrRev(trickler,"\")
ProcessName=mid(trickler,p+1)
KillProcess ProcessName
DelFile trickler
end if
KillProcess "GMT.exe"
KillProcess "CMESys.exe"
delkey HKEY_CLASSES_ROOT, "clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\"
delkey HKEY_LOCAL_MACHINE, "software\Gator.com\"
delkey HKEY_LOCAL_MACHINE, "software\GatorTest\"
delkey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentversion\stashedgef"
delkey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentversion\stashedgmg"
delkey HKEY_LOCAL_MACHINE, "software\microsoft\windows\currentversion\run\cmesys"
dir1=shell.ExpandEnvironmentStrings("%ALLUSERSPROFILE%")
dir2=shell.ExpandEnvironmentStrings("%USERPROFILE%")
GatorFolder="GAIN"
trouve=false
explore dir1
trouve=false
explore dir2
If not trouve Then AddMessage "Dossier de drrage de GATOR non trouv
DelFolder shell.ExpandEnvironmentStrings("%TEMP%") & "\fsg_tmp"
DelFolder shell.ExpandEnvironmentStrings("%CommonProgramFiles%") & "\CMEII"
DelFolder shell.ExpandEnvironmentStrings("%CommonProgramFiles%") & "\GMT"
DelFile shell.ExpandEnvironmentStrings("%windir%") & "\GatorPatch.log"
DelFile shell.ExpandEnvironmentStrings("%windir%") & "\GatorPdpSetup.log"
AddMessage VBCRLF & "*** GATOR diqu**"
wscript.echo Message
Wscript.quit
'----------------------------------------------------------------------
Sub DelKey(hive,key)
KeyName=HiveName(hive) & key
Dim lRC
lRC = objRegistry.DeleteKey(Hive,key)
If lRC<>0 Then lRC=DelAllSubkey(hive,key)
If lRC<>0 Then
AddMessage "Clef non trouvou impossible upprimer :" & VBCRLF & " " & KeyName
else
AddMessage "Clef supprim:" & VBCRLF & " " & KeyName
End If
end sub
' -------------------------------------
Function DelAllSubkey(hive,key)
Dim lRC,sNames
On Error Resume Next
lRC = objRegistry.EnumKey(hive,key,sNames)
For Each sKeyName In sNames
If Err.Number <> 0 Then Exit For
lRC = DelAllSubkey(hive,key & "\" & sKeyName)
Next
On Error Goto 0
DelAllSubkey=objRegistry.DeleteKey(Hive,key)
End Function
'----------------------------------------------------------------------
lawre
Messages postés
36
Date d'inscription
vendredi 24 juin 2005
Statut
Membre
Dernière intervention
19 novembre 2010
4
9 nov. 2006 à 16:03
9 nov. 2006 à 16:03
Salut,
Ce lien pour manipuler le registre:
http://www.supinfo-projects.com/fr/2004/api%5Fbasederegistre%5F%5Fvb%5Ffr/
Ce lien pour manipuler le registre:
http://www.supinfo-projects.com/fr/2004/api%5Fbasederegistre%5F%5Fvb%5Ffr/