Pour les utilisateurs

Fermer

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Recherche
Recherche

Contacter-nous !
Support 24/24 | Rules regarding submitting

Envoyer un message

Requête à l'aide du formulaire

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -
Créer une nouvelle requête

Nous téléphoner

0 825 300 230

Profil

FR

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Fermer
Services support
Scanners
Dr.Web vxCube
Démo
Bibliothèque virale
Base documentaire

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Actualités

Trojan.MulDrop24.38687

Added to the Dr.Web virus database: 2023-12-22

Virus description added:

Technical Information

To ensure autorun and distribution
Sets the following service settings
  • [HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\UserManager] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\StorSvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\sppsvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\Schedule] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\RasMan] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\Power] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\nsi] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\mpssvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\LSM] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\EventSystem] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\EventLog] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\Dnscache] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\Dhcp] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\BFE] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc] 'Start' = '00000002'
  • [HKLM\SYSTEM\CurrentControlSet\Services\WSearch] 'Start' = '00000002'
Malicious functions
Launches a large number of processes
Modifies file system
Creates the following files
  • %TEMP%\b07a.tmp\b07b.tmp\b07c.bat
Deletes the following files
  • %TEMP%\b07a.tmp\b07b.tmp\b07c.bat
Miscellaneous
Creates and executes the following
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\B07A.tmp\B07B.tmp\B07C.bat <Full path to file>"' (with hidden window)
Executes the following
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\B07A.tmp\B07B.tmp\B07C.bat <Full path to file>"
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\seclogon" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SEMgrSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SENS" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SensorDataService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SensorService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Schedule" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\shpamsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\smphost" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SNMPTRAP" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\sppsvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\ssh-agent" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SamSs" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\RpcSs" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\p2psvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PeerDistSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PerfHost" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\pla" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\nsi" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Power" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PushToInstall" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\QWAVE" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\RasAuto" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\RasMan" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\RmSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\StateRepository" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\StorSvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\svsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WebClient" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WerSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WinRM" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\wlpasvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WManSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\wmiApSrv" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WpcMonSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WSearch" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\wbengine" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WarpJITSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WalletService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Themes" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\TieringEngineService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\TokenBroker" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\TrkWks" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\TroubleshootingSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\tzautoupdate" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\swprv" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\UdkUserSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\upnphost" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\UserManager" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\VaultSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\vds" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\VSS" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\W32Time" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\UevAgentService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\stisvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Dnscache" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\CredentialEnrollmentManagerUserSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\CscService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\defragsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationBrokerSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Dhcp" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\diagnosticshub.standardcollector.service" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\diagsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DispBrokerDesktopSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DisplayEnhancementService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\cbdhsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\CaptureService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AJRouter" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\ALG" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Appinfo" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AppVClient" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AssignedAccessManagerSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AarSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\BcastDVRUserService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\BFE" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\BITS" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\BTAGService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\BthAvctpSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\bthserv" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\camsvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\autotimesvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DoSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\dot3svc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\lfsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\lmhosts" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\LSM" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\LxpSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\MessagingService" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\KtmRm" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\mpssvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\msiserver" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\NaturalAuthentication" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\NcbService" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Netlogon" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Netman" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\netprofm" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\MSDTC" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\KeyIso" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DsSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DusmSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\Eaphost" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\EFS" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\EventLog" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\EventSystem" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\fdPHost" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\DPS" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\FDResPub" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\FontCache" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\FrameServer" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\gpsvc" /v "Start" /t REG_DWORD /d "2" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\GraphicsPerfSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\hidserv" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\HvHost" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\icssvc" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\InstallService" /v "Start" /t REG_DWORD /d "3" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\fhsvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc" /v "Start" /t REG_DWORD /d "4" /f
  • '<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc" /v "Start" /t REG_DWORD /d "4" /f

Recommandations pour le traitement

  1. Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space.
  2. Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.
Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

Veuillez lancer le scan complet du système à l'aide de Dr.Web Antivirus pour Mac OS.

Version démo gratuite

 

Télécharger Dr.Web sur le site

Par le numéro de série

Télécharger Dr.Web sur l'Apple Store

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

  1. Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android. Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
  2. Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
    • démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
    • puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
    • Débranchez votre appareil et rebranchez-le.

En savoir plus sur Dr.Web pour Android

Free trial

14 days

Download now
Get it on Google Play