Que fait ce .reg et .cmd ?

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

mzutg

Que fait ce .reg et .cmd ?

par mzutg »

Bonjour
J'ai un .cmd avec un .reg qui sont liés et semblent très bizarres. Ils viennent d'un logiciel de triche pour un jeu ( déjà la ça sent mauvais....).

Déjà à l’exécution, le programme accède à :
"HKEY_USERS\S-1-5-21-2438851166-3641750669-3401183319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"

Voici le .cmd :

Code : Tout sélectionner

@echo off

reg delete HKLM\Software\Classes\CLSID\{211E25DE-E7AE-FD39-91C7-516D736F} /f
reg delete HKLM\Software\Classes\CLSID\{5B0D242E-67EB-6CC0-1A14-672FC999} /f
reg delete HKLM\Software\Classes\CLSID\{A90545F5-3E4C-725A-4AD0-8D3EBAD5} /f
reg delete HKLM\Software\Classes\CLSID\211E25DE-E7AE-FD39-91C7-516D736F /f
reg delete HKLM\Software\Classes\CLSID\5B0D242E-67EB-6CC0-1A14-672FC999 /f
reg delete HKLM\Software\Classes\CLSID\A90545F5-3E4C-725A-4AD0-8D3EBAD5 /f
reg delete HKLM\Software\Classes\CLSID\{3E2543F2-E994-928C-DF50-5B0F68F5} /f
reg delete HKLM\Software\Classes\CLSID\{CED4E164-BF15-2EF1-89A4-6EA5785A} /f
reg delete HKLM\Software\Classes\CLSID\{DF3D602D-5C5A-0433-D124-31BCDFA2} /f
reg delete HKLM\Software\Classes\CLSID\3E2543F2-E994-928C-DF50-5B0F68F5 /f
reg delete HKLM\Software\Classes\CLSID\CED4E164-BF15-2EF1-89A4-6EA5785A /f
reg delete HKLM\Software\Classes\CLSID\DF3D602D-5C5A-0433-D124-31BCDFA2 /f
reg delete HKLM\Software\Classes\CLSID\{9E084E09-AB11-1FF5-072A-B8556240} /f
reg delete HKLM\Software\Classes\CLSID\{9F1BB8FC-CAAB-4F7D-DF52-5503BEB3} /f
reg delete HKLM\Software\Classes\CLSID\9E084E09-AB11-1FF5-072A-B8556240 /f
reg delete HKLM\Software\Classes\CLSID\9F1BB8FC-CAAB-4F7D-DF52-5503BEB3 /f
reg delete HKLM\Software\Classes\CLSID\{F61C1473-076E-6153-A49F-029637B5} /f
reg delete HKLM\Software\Classes\CLSID\{84F08B6F-D3AC-12E8-5F56-BF7C0D44} /f
reg delete HKLM\Software\Classes\CLSID\F61C1473-076E-6153-A49F-029637B5 /f
reg delete HKLM\Software\Classes\CLSID\84F08B6F-D3AC-12E8-5F56-BF7C0D44 /f
reg delete HKLM\Software\Classes\CLSID\{FDE1DA06-D4D2-11DC-92C2-8BD056D89593} /f
reg delete HKLM\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-E468FDD8} /f
reg delete HKLM\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-A94D25D8} /f
reg delete HKLM\Software\Classes\CLSID\FDE1DA06-D4D2-11DC-92C2-8BD056D89593 /f
reg delete HKLM\Software\Classes\CLSID\9E56BE60-C50F-11CF-9A2C-E468FDD8 /f
reg delete HKLM\Software\Classes\CLSID\9E56BE60-C50F-11CF-9A2C-A94D25D8 /f


reg delete HKLM\SOFTWARE\Classes\CompressedFolder\CLSID /f
reg delete HKLM\SOFTWARE\Classes\CertificateAuthority.Request\CLSID /f
reg delete HKLM\SOFTWARE\Classes\CcFWSettg.Category\CLSID /f
reg delete HKLM\SOFTWARE\Microsoft\DrWatson /f

reg delete HKLM\Software\Classes\.wej60j /f
reg delete HKLM\Software\Classes\.fuk67d /f
reg delete HKLM\Software\Classes\.glf95y /f
reg delete HKLM\Software\Classes\.ake25w /f
reg delete HKLM\Software\Classes\.yiu94b /f
reg delete HKLM\Software\Classes\.omt83f /f
reg delete HKLM\Software\Classes\.uot73w /f
reg delete HKLM\Software\Classes\.eex43m /f
reg delete HKLM\Software\Classes\.hte39s /f
reg delete HKLM\Software\Classes\.gqo92n /f

reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v Guide50926c.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v Guide52197t.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v Guide55627s.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v Guide85649m.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v Guide25671m.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v DB5092bc.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v DB5219ct.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v DB5562cs.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v DB8564ym.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v DB2567vm.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v jng71au.hlp /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\Help /v ghi61vc.hlp /f

reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v Seed5219742 /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v Seed3961209 /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v Seed6929857 /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v Seed6736112 /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v Seed4817100 /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (id09309309)" /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (uy21109594)" /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (ob29960432)" /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (dv14434326)" /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (ts74396155)" /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "texrakeh" /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "awqxwomt" /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "prdoqgwu" /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "iycvsgqo" /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v "ujqeninj" /f


reg delete HKCU\Software\Classes\CLSID\{211E25DE-E7AE-FD39-91C7-516D736F} /f
reg delete HKCU\Software\Classes\CLSID\{5B0D242E-67EB-6CC0-1A14-672FC999} /f
reg delete HKCU\Software\Classes\CLSID\{A90545F5-3E4C-725A-4AD0-8D3EBAD5} /f
reg delete HKCU\Software\Classes\CLSID\211E25DE-E7AE-FD39-91C7-516D736F /f
reg delete HKCU\Software\Classes\CLSID\5B0D242E-67EB-6CC0-1A14-672FC999 /f
reg delete HKCU\Software\Classes\CLSID\A90545F5-3E4C-725A-4AD0-8D3EBAD5 /f
reg delete HKCU\Software\Classes\CLSID\{3E2543F2-E994-928C-DF50-5B0F68F5} /f
reg delete HKCU\Software\Classes\CLSID\{CED4E164-BF15-2EF1-89A4-6EA5785A} /f
reg delete HKCU\Software\Classes\CLSID\{DF3D602D-5C5A-0433-D124-31BCDFA2} /f
reg delete HKCU\Software\Classes\CLSID\3E2543F2-E994-928C-DF50-5B0F68F5 /f
reg delete HKCU\Software\Classes\CLSID\CED4E164-BF15-2EF1-89A4-6EA5785A /f
reg delete HKCU\Software\Classes\CLSID\DF3D602D-5C5A-0433-D124-31BCDFA2 /f
reg delete HKCU\Software\Classes\CLSID\{9E084E09-AB11-1FF5-072A-B8556240} /f
reg delete HKCU\Software\Classes\CLSID\{9F1BB8FC-CAAB-4F7D-DF52-5503BEB3} /f
reg delete HKCU\Software\Classes\CLSID\9E084E09-AB11-1FF5-072A-B8556240 /f
reg delete HKCU\Software\Classes\CLSID\9F1BB8FC-CAAB-4F7D-DF52-5503BEB3 /f
reg delete HKCU\Software\Classes\CLSID\{F61C1473-076E-6153-A49F-029637B5} /f
reg delete HKCU\Software\Classes\CLSID\{84F08B6F-D3AC-12E8-5F56-BF7C0D44} /f
reg delete HKCU\Software\Classes\CLSID\F61C1473-076E-6153-A49F-029637B5 /f
reg delete HKCU\Software\Classes\CLSID\84F08B6F-D3AC-12E8-5F56-BF7C0D44 /f
reg delete HKCU\Software\Classes\CLSID\{FDE1DA06-D4D2-11DC-92C2-8BD056D89593} /f
reg delete HKCU\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-E468FDD8} /f
reg delete HKCU\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-A94D25D8} /f
reg delete HKCU\Software\Classes\CLSID\FDE1DA06-D4D2-11DC-92C2-8BD056D89593 /f
reg delete HKCU\Software\Classes\CLSID\9E56BE60-C50F-11CF-9A2C-E468FDD8 /f
reg delete HKCU\Software\Classes\CLSID\9E56BE60-C50F-11CF-9A2C-A94D25D8 /f


reg delete HKCU\SOFTWARE\Classes\CompressedFolder\CLSID /f
reg delete HKCU\SOFTWARE\Classes\CertificateAuthority.Request\CLSID /f
reg delete HKCU\SOFTWARE\Classes\CcFWSettg.Category\CLSID /f
reg delete HKCU\SOFTWARE\Microsoft\DrWatson /f

reg delete HKCU\Software\Classes\.wej60j /f
reg delete HKCU\Software\Classes\.fuk67d /f
reg delete HKCU\Software\Classes\.glf95y /f
reg delete HKCU\Software\Classes\.ake25w /f
reg delete HKCU\Software\Classes\.yiu94b /f
reg delete HKCU\Software\Classes\.omt83f /f
reg delete HKCU\Software\Classes\.uot73w /f
reg delete HKCU\Software\Classes\.eex43m /f
reg delete HKCU\Software\Classes\.hte39s /f
reg delete HKCU\Software\Classes\.gqo92n /f

reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v Guide50926c.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v Guide52197t.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v Guide55627s.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v Guide85649m.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v Guide25671m.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v DB5092bc.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v DB5219ct.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v DB5562cs.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v DB8564ym.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v DB2567vm.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v jng71au.hlp /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\Help /v ghi61vc.hlp /f


reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v Seed5219742 /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v Seed3961209 /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v Seed6929857 /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v Seed6736112 /f
reg delete HKLM\SOFTWARE\Microsoft\Cryptography\RNG /v Seed4817100 /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (id09309309)" /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (uy21109594)" /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (ob29960432)" /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (dv14434326)" /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "RndSeed (ts74396155)" /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "texrakeh" /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "awqxwomt" /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "prdoqgwu" /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "iycvsgqo" /f
reg delete HKCU\SOFTWARE\Microsoft\Cryptography\RNG /v "ujqeninj" /f


exit
Je ne m'y connais pas en registre mais les les clées supprimées/modifiées paraissent importantes "HKCU\SOFTWARE\Microsoft\Cryptography\RNG".

Voici le .reg

Code : Tout sélectionner

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{211E25DE-E7AE-FD39-91C7-516D736F}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5B0D242E-67EB-6CC0-1A14-672FC999}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A90545F5-3E4C-725A-4AD0-8D3EBAD5}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\5B0D242E-67EB-6CC0-1A14-672FC999]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\A90545F5-3E4C-725A-4AD0-8D3EBAD5]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\211E25DE-E7AE-FD39-91C7-516D736F]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3E2543F2-E994-928C-DF50-5B0F68F5}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CED4E164-BF15-2EF1-89A4-6EA5785A}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF3D602D-5C5A-0433-D124-31BCDFA2}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\3E2543F2-E994-928C-DF50-5B0F68F5]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\CED4E164-BF15-2EF1-89A4-6EA5785A]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\DF3D602D-5C5A-0433-D124-31BCDFA2]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9E084E09-AB11-1FF5-072A-B8556240}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F1BB8FC-CAAB-4F7D-DF52-5503BEB3}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\9E084E09-AB11-1FF5-072A-B8556240]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\9F1BB8FC-CAAB-4F7D-DF52-5503BEB3]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F61C1473-076E-6153-A49F-029637B5}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{84F08B6F-D3AC-12E8-5F56-BF7C0D44}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\F61C1473-076E-6153-A49F-029637B5]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\84F08B6F-D3AC-12E8-5F56-BF7C0D44]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FDE1DA06-D4D2-11DC-92C2-8BD056D89593}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-E468FDD8}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-A94D25D8}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\FDE1DA06-D4D2-11DC-92C2-8BD056D89593]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\9E56BE60-C50F-11CF-9A2C-E468FDD8]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\9E56BE60-C50F-11CF-9A2C-A94D25D8]


[-HKEY_CURRENT_USER\Software\Classes\CLSID\{211E25DE-E7AE-FD39-91C7-516D736F}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{5B0D242E-67EB-6CC0-1A14-672FC999}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{A90545F5-3E4C-725A-4AD0-8D3EBAD5}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\5B0D242E-67EB-6CC0-1A14-672FC999]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\A90545F5-3E4C-725A-4AD0-8D3EBAD5]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\211E25DE-E7AE-FD39-91C7-516D736F]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{3E2543F2-E994-928C-DF50-5B0F68F5}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{CED4E164-BF15-2EF1-89A4-6EA5785A}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{DF3D602D-5C5A-0433-D124-31BCDFA2}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\3E2543F2-E994-928C-DF50-5B0F68F5]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\CED4E164-BF15-2EF1-89A4-6EA5785A]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\DF3D602D-5C5A-0433-D124-31BCDFA2]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{9E084E09-AB11-1FF5-072A-B8556240}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{9F1BB8FC-CAAB-4F7D-DF52-5503BEB3}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\9E084E09-AB11-1FF5-072A-B8556240]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\9F1BB8FC-CAAB-4F7D-DF52-5503BEB3]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{F61C1473-076E-6153-A49F-029637B5}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{84F08B6F-D3AC-12E8-5F56-BF7C0D44}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\F61C1473-076E-6153-A49F-029637B5]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\84F08B6F-D3AC-12E8-5F56-BF7C0D44]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{FDE1DA06-D4D2-11DC-92C2-8BD056D89593}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-E468FDD8}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{9E56BE60-C50F-11CF-9A2C-A94D25D8}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\FDE1DA06-D4D2-11DC-92C2-8BD056D89593]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\9E56BE60-C50F-11CF-9A2C-E468FDD8]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\9E56BE60-C50F-11CF-9A2C-A94D25D8]


[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder\CLSID]
 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DrWatson]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help]
"Guide50926c.hlp"=-
"Guide52197t.hlp"=-
"Guide55627s.hlp"=-
"Guide85649m.hlp"=-
"Guide25671m.hlp"=-
"DB5092bc.hlp"=-
"DB5219ct.hlp"=-
"DB5562cs.hlp"=-
"DB8564ym.hlp"=-
"DB2567vm.hlp"=-
"jng71au.hlp"=-
"ghi61vc.hlp"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Help]
"Guide50926c.hlp"=-
"Guide52197t.hlp"=-
"Guide55627s.hlp"=-
"Guide85649m.hlp"=-
"Guide25671m.hlp"=-
"DB5092bc.hlp"=-
"DB5219ct.hlp"=-
"DB5562cs.hlp"=-
"DB8564ym.hlp"=-
"DB2567vm.hlp"=-
"jng71au.hlp"=-
"ghi61vc.hlp"=-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed5219742"=-
"Seed3961209"=-
"Seed6929857"=-
"Seed6736112"=-
"Seed4817100"=-
"RndSeed (id09309309)"=-
"RndSeed (uy21109594)"=-
"RndSeed (ob29960432)"=-
"RndSeed (dv14434326)"=-
"RndSeed (ts74396155)"=-
"texrakeh"=-
"awqxwomt"=-
"prdoqgwu"=-
"iycvsgqo"=-
"ujqeninj"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed5219742"=-
"Seed3961209"=-
"Seed6929857"=-
"Seed6736112"=-
"Seed4817100"=-
"RndSeed (id09309309)"=-
"RndSeed (uy21109594)"=-
"RndSeed (ob29960432)"=-
"RndSeed (dv14434326)"=-
"RndSeed (ts74396155)"=-
"texrakeh"=-
"awqxwomt"=-
"prdoqgwu"=-
"iycvsgqo"=-
"ujqeninj"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertificateAuthority.Request\CLSID]


[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CcFWSettg.Category\CLSID]


[-HKEY_LOCAL_MACHINE\Software\Classes\.wej60j]

[-HKEY_LOCAL_MACHINE\Software\Classes\.fuk67d]

[-HKEY_LOCAL_MACHINE\Software\Classes\.glf95y]

[-HKEY_LOCAL_MACHINE\Software\Classes\.ake25w]

[-HKEY_LOCAL_MACHINE\Software\Classes\.yiu94b]

[-HKEY_LOCAL_MACHINE\Software\Classes\.omt83f]

[-HKEY_LOCAL_MACHINE\Software\Classes\.uot73w]

[-HKEY_LOCAL_MACHINE\Software\Classes\.eex43m]

[-HKEY_LOCAL_MACHINE\Software\Classes\.hte39s]

[-HKEY_LOCAL_MACHINE\Software\Classes\.gqo92n]

[-HKEY_CURRENT_USER\Software\Classes\.wej60j]

[-HKEY_CURRENT_USER\Software\Classes\.fuk67d]

[-HKEY_CURRENT_USER\Software\Classes\.glf95y]

[-HKEY_CURRENT_USER\Software\Classes\.ake25w]

[-HKEY_CURRENT_USER\Software\Classes\.yiu94b]

[-HKEY_CURRENT_USER\Software\Classes\.omt83f]

[-HKEY_CURRENT_USER\Software\Classes\.uot73w]

[-HKEY_CURRENT_USER\Software\Classes\.eex43m]

[-HKEY_CURRENT_USER\Software\Classes\.hte39s]

[-HKEY_CURRENT_USER\Software\Classes\.gqo92n]
Je ne m'y connais pas en registre si vous pouviez me dire si ces fichiers sont dangereux et ce qu'il font, ce serait sympa.

Mzutg
Merci
Haut
Malekal_morte
Messages : 113188
Inscription : 10 sept. 2005 13:57

Re: Que fait ce .reg et .cmd ?

par Malekal_morte »

Salut,

Doublon d'un autre forum.
Ca supprime des clefs dans le registre.
Apparemment ça semble être liés à un logiciel spécifique.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
Haut
mzutg

Re: Que fait ce .reg et .cmd ?

par mzutg »

Ca modifie quand même "HKLM\SOFTWARE\Microsoft\Cryptography\" et "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
Je ne sais pas ce que font ces clés mais vu leur nom, elles paraissent importantes ^^. De plus je ne vois pas pourquoi ces les .cmd irait modifier ces clés du registre xD

Enfet je voudrais savoir si cela comporte un danger pour l'ordinateur ? PDT_016
Haut
Malekal_morte
Messages : 113188
Inscription : 10 sept. 2005 13:57

Re: Que fait ce .reg et .cmd ?

par Malekal_morte »

c'est difficile à dire avec certitude car ça semble dé-enregistré des DLLs et comme on sait pas lesquelles...
Il sort d'où ?
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
Haut
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Supprimer/Desinfecter les virus (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »