exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 activexupdate.com
127.0.0.1
www.activexupdate.com127.0.0.1 avpcheckupdate.com
127.0.0.1
www.avpcheckupdate.com127.0.0.1 client.exeupdate.com
127.0.0.1 eupdatepage.com
127.0.0.1
www.eupdatepage.com127.0.0.1 exeupdate.com
127.0.0.1
www.exeupdate.com127.0.0.1 hotwinupdates.com
127.0.0.1
www.hotwinupdates.com127.0.0.1 lavasoftupdate.com
127.0.0.1
www.lavasoftupdate.com127.0.0.1 malwarewipeupdate.com
127.0.0.1
www.malwarewipeupdate.com127.0.0.1 msupdate.net
127.0.0.1
www.msupdate.net127.0.0.1 msupdater.net
127.0.0.1
www.msupdater.net127.0.0.1 necessaryupdates.com
127.0.0.1
www.necessaryupdates.com127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 securityupdatesite.com
127.0.0.1
www.securityupdatesite.com127.0.0.1 settings.updatemysettings.com
127.0.0.1 spyaxeupdate.com
127.0.0.1
www.spyaxeupdate.com127.0.0.1 spyfalconupdate.com
127.0.0.1
www.spyfalconupdate.com127.0.0.1 systemupdates.net
127.0.0.1
www.systemupdates.net127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 updatemysettings.com
127.0.0.1
www.updatemysettings.com127.0.0.1 updates.spywarequake.com
127.0.0.1 urgentsystemupdate.biz
127.0.0.1
www.urgentsystemupdate.biz127.0.0.1 urgentsystemupdate.com
127.0.0.1
www.urgentsystemupdate.com127.0.0.1 windupdates.com
127.0.0.1 update.680180.net
127.0.0.1 update.shareaza.com
127.0.0.1
www.antispywareupdates.net127.0.0.1 antispywareupdates.net
127.0.0.1 pandaantivirus-2007.com
127.0.0.1
www.pandaantivirus-2007.com127.0.0.1 pandadownload-now.com
127.0.0.1
www.pandadownload-now.com127.0.0.1 panda-hq.com
127.0.0.1
www.panda-hq.comcatchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-28 10:05:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden services & system hive ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
www.security.org.sg)Process list by traversal of KiWaitListHead
4 - System
424 - csrss.exe
452 - winlogon.exe
496 - services.exe
508 - lsass.exe
692 - svchost.exe
752 - svchost.exe
812 - svchost.exe
976 - svchost.exe
1080 - ashServ.exe
1368 - svchost.exe
1540 - kpf4ss.exe
1664 - kpf4gui.exe
1748 - explorer.exe
1828 - guard.exe
1860 - CLSched.exe
1956 - CLMLService.exe
1976 - WLLoginProxy.ex
2028 - MDM.EXE
2340 - ALCWZRD.EXE
2372 - AOSD.EXE
2396 - avgas.exe
2416 - PCMService.exe
2436 - ashDisp.exe
2460 - kpf4gui.exe
2512 - TaskBarIcon.exe
2536 - TeaTimer.exe
2552 - NMBgMonitor.exe
2668 - GestionnaireInt
2684 - hpqtra08.exe
2736 - ComComp.exe
2792 - NMIndexStoreSvr
2832 - Toaster.exe
2840 - Inactivity.exe
2868 - PollingModule.e
2920 - ALERTM~1.EXE
3044 - iexplore.exe
3100 - cmd.exe
3192 - ashMaiSv.exe
3224 - ashWebSv.exe
3276 - hpqste08.exe
3560 - alg.exe
3604 - hpqimzone.exe
3908 - Watch.exe
Total number of processes = 44
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (
www.security.org.sg)Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E4000 - \WINDOWS\system32\hal.dll
F79DB000 - \WINDOWS\system32\KDCOM.DLL
F78EB000 - \WINDOWS\system32\BOOTVID.dll
F73AB000 - ACPI.sys
F79DD000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F739A000 - pci.sys
F74DB000 - isapnp.sys
F7AA3000 - pciide.sys
F775B000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F79DF000 - aliide.sys
F79E1000 - cmdide.sys
F79E3000 - toside.sys
F79E5000 - viaide.sys
F79E7000 - intelide.sys
F74EB000 - MountMgr.sys
F737B000 - ftdisk.sys
F7763000 - PartMgr.sys
F74FB000 - VolSnap.sys
F78EF000 - cpqarray.sys
F7363000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
F734B000 - atapi.sys
F78F3000 - aha154x.sys
F776B000 - sparrow.sys
F78F7000 - symc810.sys
F750B000 - aic78xx.sys
F78FB000 - dac960nt.sys
F751B000 - ql10wnt.sys
F78FF000 - amsint.sys
F7773000 - asc.sys
F7903000 - asc3550.sys
F777B000 - mraid35x.sys
F7783000 - i2omp.sys
F7907000 - ini910u.sys
F752B000 - ql1240.sys
F753B000 - aic78u2.sys
F778B000 - symc8xx.sys
F7793000 - sym_hi.sys
F779B000 - sym_u3.sys
F77A3000 - ABP480N5.SYS
F77AB000 - asc3350p.sys
F79E9000 - cd20xrnt.sys
F754B000 - ultra.sys
F7332000 - adpu160m.sys
F77B3000 - dpti2o.sys
F755B000 - ql1080.sys
F756B000 - ql1280.sys
F757B000 - ql12160.sys
F77BB000 - perc2.sys
F79EB000 - perc2hib.sys
F77C3000 - hpn.sys
F790B000 - cbidf2k.sys
F7306000 - dac2w2k.sys
F758B000 - disk.sys
F759B000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F72E6000 - fltmgr.sys
F72D4000 - sr.sys
F77CB000 - PxHelp20.sys
F72BD000 - KSecDD.sys
F7230000 - Ntfs.sys
F7203000 - NDIS.sys
F75AB000 - sisagp.sys
F75BB000 - viaagp.sys
F75CB000 - ohci1394.sys
F75DB000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F71E9000 - Mup.sys
F75EB000 - alim1541.sys
F75FB000 - amdagp.sys
F760B000 - agp440.sys
F761B000 - agpCPQ.sys
F764B000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F6905000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F67DF000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F67CB000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F67A3000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F77FB000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F677F000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F7803000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F66D1000 - \SystemRoot\system32\DRIVERS\3xHybrid.sys
F66AE000 - \SystemRoot\system32\DRIVERS\ks.sys
F79D3000 - \SystemRoot\system32\DRIVERS\BdaSup.SYS
F669D000 - \SystemRoot\system32\DRIVERS\Rtlnic51.sys
F668C000 - \SystemRoot\system32\DRIVERS\serial.sys
F79D7000 - \SystemRoot\system32\DRIVERS\serenum.sys
F6678000 - \SystemRoot\system32\DRIVERS\parport.sys
F68F5000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F780B000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7813000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F68E5000 - \SystemRoot\system32\DRIVERS\imapi.sys
F766B000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F767B000 - \SystemRoot\system32\DRIVERS\redbook.sys
F7B08000 - \SystemRoot\system32\DRIVERS\audstub.sys
F768B000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7121000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6661000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F769B000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F76AB000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F781B000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6650000 - \SystemRoot\system32\DRIVERS\psched.sys
F76BB000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7823000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F782B000 - \SystemRoot\system32\DRIVERS\raspti.sys
F7833000 - \SystemRoot\system32\DRIVERS\wanatw4.sys
F76CB000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7A09000 - \SystemRoot\system32\DRIVERS\swenum.sys
F65F2000 - \SystemRoot\system32\DRIVERS\update.sys
F7115000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F76DB000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F230F000 - \SystemRoot\system32\drivers\RtkHDAud.sys
F22EB000 - \SystemRoot\system32\drivers\portcls.sys
F770B000 - \SystemRoot\system32\drivers\drmk.sys
F772B000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7A0D000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F799B000 - \SystemRoot\System32\Drivers\i2omgmt.SYS
F799F000 - \SystemRoot\System32\Drivers\cdrbsdrv.SYS
F7A1B000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B92000 - \SystemRoot\System32\Drivers\Null.SYS
F7A1D000 - \SystemRoot\System32\Drivers\Beep.SYS
F7B93000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F784B000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7853000 - \SystemRoot\System32\drivers\vga.sys
F7A1F000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7A21000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F225A000 - \SystemRoot\system32\drivers\fwdrv.sys
F785B000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7863000 - \SystemRoot\System32\Drivers\Npfs.SYS
F79A7000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F2247000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F21EE000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F773B000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F21C8000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F21A0000 - \SystemRoot\system32\DRIVERS\netbt.sys
F774B000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F20B6000 - \SystemRoot\System32\drivers\afd.sys
F71D9000 - \SystemRoot\system32\DRIVERS\netbios.sys
F208B000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F71B9000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F201B000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F200A000 - \SystemRoot\system32\drivers\khips.sys
F71A9000 - \SystemRoot\System32\Drivers\Fips.SYS
F7BB5000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F1FA3000 - \SystemRoot\System32\Drivers\aswSP.SYS
F7873000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F787B000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F6573000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F7149000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F655F000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
F765B000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F1F8B000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7A3F000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F22DB000 - \SystemRoot\System32\drivers\Dxapi.sys
F78AB000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7B53000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA10000 - \SystemRoot\System32\ati2cqag.dll
BFA42000 - \SystemRoot\System32\atikvmag.dll
BFA74000 - \SystemRoot\System32\ati3duag.dll
BFCA5000 - \SystemRoot\System32\ativvaxx.dll
F78A3000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
B8EE8000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B8CCA000 - \SystemRoot\System32\Drivers\aswMon2.SYS
B8B35000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
B8ACA000 - \SystemRoot\system32\DRIVERS\atksgt.sys
B89C1000 - \SystemRoot\System32\Drivers\HTTP.sys
F783B000 - \SystemRoot\system32\DRIVERS\lirsgt.sys
B8D08000 - \SystemRoot\system32\DRIVERS\secdrv.sys
B8857000 - \SystemRoot\system32\DRIVERS\srv.sys
B85EA000 - \SystemRoot\system32\drivers\wdmaud.sys
B88D1000 * --[Hidden]--
B8847000 - \SystemRoot\System32\Drivers\aswRdr.SYS
B7E63000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS
B7AC9000 - \SystemRoot\system32\drivers\kmixer.sys
F7BC6000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 175