[RESOLU]pub intempestives

[pear]

Sélectionner(Ctrl A et Ctrl C) toutes les lignes en vert ci dessous(et seulement elles)

 

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}]

O64 - Services: CurCS - (.not file.) - service de mise a jour pour IP networker (IP netservices) .(...) - LEGACY_IP_NETSERVICES

O64 - Services: CurCS - E:\CDriver.sys (.not file.) - MSICDSetup (MSICDSetup) .(...) - LEGACY_MSICDSETUP

O64 - Services: CurCS - (.not file.) - Sftredir (Sftredir) .(...) - LEGACY_SFTREDIR

 

Cliquer sur l'icône Zhpfix qui est sur votre bureau

Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur

Collez (Ctrl V) les lignes vertes dans le cadre 1

Cliquez ensuite sur-

Cliquer sur "OK", ce qui fait apparaître un carré à gauche de chaque ligne.

Cliquer sur "Tous" puis sur "Nettoyer" 2.

Acceptez de Redémarrer pour achever le nettoyage.

Un rapport apparait:

Copier-coller le rapport de suppression dans la prochaine réponse.

Si le rapport n'apparait pas, Cliquer sur ce bouton:

[marsouin10_0]

bonjour

voici le rapport:

 

Rapport de ZHPFix 1.12.3275 par Nicolas Coolman, Update du 11/04/2011

Fichier d'export Registre :

Run by Robert at 23/04/2011 15:35:59

Windows XP Home Edition Service Pack 3 (Build 2600)

Web site : ZHPFix Fix de rapport

 

========== Clé(s) du Registre ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} => Clé supprimée avec succès

O64 - Services: CurCS - (.not file.) - service de mise a jour pour IP networker (IP netservices) .(...) - LEGACY_IP_NETSERVICES => Clé supprimée avec succès

O64 - Services: CurCS - E:\CDriver.sys (.not file.) - MSICDSetup (MSICDSetup) .(...) - LEGACY_MSICDSETUP => Clé supprimée avec succès

O64 - Services: CurCS - (.not file.) - Sftredir (Sftredir) .(...) - LEGACY_SFTREDIR => Clé supprimée avec succès

 

========== Elément(s) de donnée du Registre ==========

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified => Donnée supprimée avec succès

 

 

========== Récapitulatif ==========

4 : Clé(s) du Registre

1 : Elément(s) de donnée du Registre

 

 

End of the scan

 

 

Rapport de ZHPFix 1.12.3275 par Nicolas Coolman, Update du 11/04/2011

Fichier d'export Registre : C:\ZHPExportRegistry-23-04-2011-16-51-55.txt

Run by Robert at 23/04/2011 16:54:41

Windows XP Home Edition Service Pack 3 (Build 2600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

 

========== Clé(s) du Registre ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} => Clé absente

O64 - Services: CurCS - (.not file.) - service de mise a jour pour IP networker (IP netservices) .(...) - LEGACY_IP_NETSERVICES => Clé supprimée avec succès

O64 - Services: CurCS - E:\CDriver.sys (.not file.) - MSICDSetup (MSICDSetup) .(...) - LEGACY_MSICDSETUP => Clé supprimée avec succès

O64 - Services: CurCS - (.not file.) - Sftredir (Sftredir) .(...) - LEGACY_SFTREDIR => Clé supprimée avec succès

 

========== Autre ==========

HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified => Format Non supporté

 

 

========== Récapitulatif ==========

4 : Clé(s) du Registre

1 : Autre

 

 

End of the scan

Modifié le 23 avril 2011 par marsouin10_0

[pear]

Toujours des pubs ?

[marsouin10_0]

re

pour l instant non.je post demain matin si j en ai d autres.

merci encore et toutes mes excuses pour l autre post.

[marsouin10_0]

bonjour et bon w.e de Paques

 

hélas ce matin j'ai encore des pub

pourtant rien depuis hier après midi

[pear]

 

Combofix est un logiciel très puissant qui ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version téléchargée sera obsolète dans quelques jours.

 

Télécharger combofix.exe de sUBs

et sauvegardez le sur le bureau

 

La console de Récupération

Tout d'abord, Combofix vérifie si la Console de récupération est installée et vous propose de le faire dans le cas contraire.

Certaines infections comme braviax empêcheront son installation.

La Console de récupération Windows vous permettra de démarrer dans un mode spécial de récupération (réparation).

Elle peut être nécessaire si votre ordinateur rencontre un problème après une tentative de nettoyage

C'est une procédure simple, qui ne vous prendra que peu de temps et pourra peut-être un jour vous sauver la mise.

Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération,

D'importantes procédures que Combofix est susceptible de lancer ne fonctionneront qu'à la condition que la console de récupération(Sous Xp) soit installée

C'est pourquoi il vous est vivement conseillé d' installer d'abord la Console de Récupération sur le pc .

 

Les utilisateurs de Windows Vista,Seven peuvent utiliser leur CD Windows pour démarrer en mode Vista Recovery Environment (Win RE)

Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection.

Après avoir cliqué sur le lien correspondant à votre version de Windows, vous serez dirigé sur une page:

cliquez sur le bouton Télécharger afin de récupérer le package d'installation sur leBureau:

Ne modifiez pas le nom du fichier

Windows XP Service Pack 2 (SP2) > Microsoft Windows XP Professionnel SP2

Faites un glisser/déposer de ce fichier sur le fichier ComboFix.exe

 

Suivre les indications à l'écran pour lancer ComboFix et lorsqu'on le demande, accepter le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

Après installation,vous devriez voir ce message:

The Recovery Console was successfully installed. puis un rapport nommé CF_RC.txt va s'afficher:

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs car ils pourraient perturber le fonctionnement de cet outil

Pour cela:

Démarrer->Exécuter->Msconfig->Démarrage : décochez les protections Antivirus, Antispyware,Teatimer

 

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

 

Vous avez téléchargé Combofix.

Double cliquer sur combofix.exe pour le lancer.

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

Pour lancer le scan

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque, combofix ne se lançait pas,

Sous Vista, désactivez l'UAC

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Si vous avez un message de Combofix disant que votre antivirus est actif alors que vous l'avez désactivé, recommencez la procédure en mode sans échec

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

Le scan pourrait prendre un certain temps, il y a 50 procédures successives:

Patientez au moins 30 minutes pendant l'analyse.

Si le programme gèle (+ de 30 minutes), fermez le en cliquant le "X" au haut à droite de la fenêtre.

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

[marsouin10_0]

bonjour voici le rapport combofix:

 

 

ComboFix 11-04-24.04 - Robert 25/04/2011 8:57.1.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2038.1546 [GMT 2:00]

Lancé depuis: c:\documents and settings\Robert\Bureau\ComboFix.exe

AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-03-25 au 2011-04-25 ))))))))))))))))))))))))))))))))))))

.

.

2011-04-24 13:20 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll

2011-04-24 13:20 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll

2011-04-22 04:16 . 2011-04-22 04:16 -------- d-----w- c:\program files\Fichiers communs\Java

2011-04-21 16:14 . 2011-04-25 04:56 -------- d-----w- c:\program files\ZHPDiag

2011-04-21 15:09 . 2011-04-21 15:09 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2011-04-14 04:31 . 2011-04-20 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-04-14 04:30 . 2011-04-14 04:30 -------- d-----w- c:\program files\Fichiers communs\Skype

2011-04-13 05:41 . 2011-04-13 05:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-04-11 05:45 . 2011-04-11 05:45 -------- d-----w- C:\rsit

2011-04-06 10:03 . 2011-04-06 10:03 -------- d-----w- c:\documents and settings\Robert\Menu Démarrer

2011-03-29 09:34 . 2011-04-05 04:31 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-03-29 09:34 . 2011-04-05 04:31 115267 ----a-w- c:\windows\system32\drivers\klin.dat

2011-03-29 09:31 . 2011-03-29 09:31 -------- d-----w- c:\program files\Kaspersky Lab

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 06:19 . 2011-03-09 06:19 86576 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe

2011-03-09 06:19 . 2011-03-09 06:19 392728 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll

2011-03-09 06:19 . 2011-03-09 06:19 132672 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

2011-03-07 05:33 . 2010-08-20 08:38 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2004-08-05 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2004-08-05 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:05 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:05 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:05 . 2004-08-05 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:42 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2004-08-05 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2004-08-05 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-05 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:54 . 2004-08-05 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2004-08-05 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:34 . 2004-08-05 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:34 . 2004-08-05 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 19:40 . 2010-08-22 06:19 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 17:19 . 2010-08-28 09:15 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:59 . 2010-08-20 08:37 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-08-20 08:37 677888 ----a-w- c:\windows\system32\mstsc.exe

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"eCarteBleue-CLEO"="c:\program files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" [2006-02-07 200704]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-08-29 188416]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-08-29 77824]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [26/03/2011 08:34 88632]

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [26/03/2011 08:34 39352]

R2 CSObjectsSrv;Service de gestion du système CryproStorage;c:\program files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17:34 743992]

R2 WinSysINM;WinSysINM;c:\program files\Microsoft\sysNM.exe [12/04/2011 14:15 20480]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19:39 19472]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/08/2010 11:06 1691480]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [10/03/2011 14:42 311744]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/01/2011 07:26 38224]

S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

.

Contenu du dossier 'Tâches planifiées'

.

2011-04-25 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-01-16 16:24]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://aliceadsl.fr/

IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} - hxxps://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab

DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.exe

DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - file:///C:/Program%20Files/Formation%20interactive%20Microsoft/o10c/mitm0026.cab

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-25 09:03

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Heure de fin: 2011-04-25 09:06:50

ComboFix-quarantined-files.txt 2011-04-25 07:06

.

Avant-CF: 37 112 815 616 octets libres

Après-CF: 37 068 726 272 octets libres

.

- - End Of File - - BA59E6E4CB0956DA8D1A267DB55858F3

 

 

 

 

et j ai encore des pub

Modifié le 25 avril 2011 par marsouin10_0

[pear]

Bonjour,

 

Chou blanc !

 

Combofix est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous avez chargée sera obsolète dans quelques jours.

Pour supprimer Combofix:

Démarrer > Exécuter ->

Copier/coller:

"%userprofile%\Bureau\ComboFix.exe" /uninstall

En cas d'échec:

Renommer ComboFix.exe qui est sur votre bureau -> Uninstall.exe et double cliquez dessus.

 

Il y a peut-être quelque chose à faire là pour limiter les pubs:

Dans Internet Explorer, cliquer sur Outils > Options Internet...

 

Ou Installer Firefox avec l'extension Adblock+

 

 

On fait une dernière recherche:

 

Recherche de Rootkit

Télécharger SysProtsur le bureau

Installez le et double cliquez sur "SysProt.exe"

Cliquez sur l'onglet "log" ;

Cochez toutes les cases présentes dans la fenêtre "Write to log" ;

Cochez Hidden Objects Only (au bas, à gauche)

Les "Objets cachés (Hidden)" sont en Rouge dans tous les modules

Cliquez sur Create log (au bas, à droite)

Une nouvelle fenêtre apparaîtra : cochez Scan root drive et cliquez sur Start ;

Un rapport sera sauvegardé dans le dossier SysProt.

Signalez les lignes rouges, car votre rapport ne montrera pas la couleur

Copiez/collez en le contenu dans votre réponse.

[marsouin10_0]

voci le rapport:

 

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: A6040000

Module End: A6058000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: F79C9000

Module End: F79CB000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwAdjustPrivilegesToken

Address: A77D9598

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwClose

Address: A77D9E18

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwConnectPort

Address: A77DA92E

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateEvent

Address: A77DAEA0

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateFile

Address: A77DA0FA

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateKey

Address: A77D8442

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateMutant

Address: A77DAD78

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateNamedPipeFile

Address: A77D919E

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreatePort

Address: A77DAC34

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateSection

Address: A77D935A

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateSemaphore

Address: A77DAFD2

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateSymbolicLinkObject

Address: A77DCC14

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateThread

Address: A77D9AB6

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwCreateWaitablePort

Address: A77DACD6

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwDebugActiveProcess

Address: A77DC606

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwDeleteKey

Address: A77D8A06

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwDeleteValueKey

Address: A77D8D94

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwDeviceIoControlFile

Address: A77DA582

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwDuplicateObject

Address: A77DD5D6

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwEnumerateKey

Address: A77D8ED6

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwEnumerateValueKey

Address: A77D8F80

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwFsControlFile

Address: A77DA38E

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwLoadDriver

Address: A77DC698

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwLoadKey

Address: A77D841E

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwLoadKey2

Address: A77D8430

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwMapViewOfSection

Address: A77DCCC8

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwNotifyChangeKey

Address: A77D90CC

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwOpenEvent

Address: A77DAF42

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwOpenFile

Address: A77D9E9A

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwOpenKey

Address: A77D85E8

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwOpenMutant

Address: A77DAE10

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwOpenProcess

Address: A77D979E

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwOpenSection

Address: A77DCC3E

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwOpenSemaphore

Address: A77DB074

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwOpenThread

Address: A77D96C2

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwQueryKey

Address: A77D902A

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwQueryMultipleValueKey

Address: A77D8C52

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwQuerySection

Address: A77DCFE0

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwQueryValueKey

Address: A77D88A2

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwQueueApcThread

Address: A77DC92E

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwRenameKey

Address: A77D8B1A

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwReplaceKey

Address: A77D82BC

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwReplyPort

Address: A77DB3FE

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwReplyWaitReceivePort

Address: A77DB2C4

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwRequestWaitReplyPort

Address: A77DC3A6

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwRestoreKey

Address: A77DFE38

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwResumeThread

Address: A77DD4B8

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSaveKey

Address: A77D8254

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSecureConnectPort

Address: A77DA668

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSetContextThread

Address: A77D9CD4

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSetInformationToken

Address: A77DBC56

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSetSecurityObject

Address: A77DC792

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSetSystemInformation

Address: A77DD120

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSetValueKey

Address: A77D872A

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSuspendProcess

Address: A77DD204

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSuspendThread

Address: A77DD32C

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwSystemDebugControl

Address: A77DC532

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwTerminateProcess

Address: A77D9916

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwTerminateThread

Address: A77D986C

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwUnmapViewOfSection

Address: A77DCE96

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

Function Name: ZwWriteVirtualMemory

Address: A77D99F6

Driver Base: A77B9000

Driver End: A780A000

Driver Name: \SystemRoot\system32\DRIVERS\klif.sys

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

No IRP Hooks found

 

******************************************************************************************

******************************************************************************************

Ports:

Local Address: MERIGLIE-8B4AA0:1291

Remote Address: 77.67.20.193:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1277

Remote Address: 62.161.94.221:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1271

Remote Address: A92-123-231-139.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1231

Remote Address: WW-IN-F148.1E100.NET:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1219

Remote Address: BRU01M01-IN-F100.1E100.NET:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1213

Remote Address: 178.250.1.71:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1181

Remote Address: WWW.FREE.FR:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1107

Remote Address: 81.52.160.160:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1105

Remote Address: 81.52.160.160:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: CLOSE_WAIT

 

Local Address: MERIGLIE-8B4AA0:1102

Remote Address: 81.52.160.160:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: CLOSE_WAIT

 

Local Address: MERIGLIE-8B4AA0:1098

Remote Address: 81.52.160.160:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: CLOSE_WAIT

 

Local Address: MERIGLIE-8B4AA0:1076

Remote Address: BRU01S01-IN-F149.1E100.NET:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1072

Remote Address: WW-IN-F149.1E100.NET:HTTP

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1050

Remote Address: 193.110.152.58:HTTPS

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1049

Remote Address: 193.110.152.58:HTTPS

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1048

Remote Address: 193.110.152.58:HTTPS

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: MERIGLIE-8B4AA0:5152

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Java\jre6\bin\jqs.exe

State: LISTENING

 

Local Address: MERIGLIE-8B4AA0:1290

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1276

Remote Address: LOCALHOST:1110

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1270

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1230

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1218

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1180

Remote Address: LOCALHOST:1110

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1290

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1288

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1282

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1280

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1270

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1266

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1258

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1246

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1243

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1242

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1240

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1232

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1230

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1228

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1218

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1216

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1214

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1210

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1208

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1203

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1201

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1200

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1199

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1198

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1196

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1194

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1190

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1189

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1188

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1185

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1183

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1182

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1177

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1176

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1174

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1172

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1170

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1168

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1166

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1164

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1162

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1160

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1157

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1156

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1153

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1151

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1150

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1148

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1144

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1142

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1141

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1140

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1134

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1133

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1132

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1131

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1130

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1127

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1126

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1124

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1122

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1120

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1115

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1113

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1112

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:KPOP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1104

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1103

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1100

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: FIN_WAIT2

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1099

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: FIN_WAIT2

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1094

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: FIN_WAIT2

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1090

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1089

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1085

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1082

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1081

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1079

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1078

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1077

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1075

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1073

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1071

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1069

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1067

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1063

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1062

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1061

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1059

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1056

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1054

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1053

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: LOCALHOST:1037

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

 

Local Address: MERIGLIE-8B4AA0:1103

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1100

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: CLOSE_WAIT

 

Local Address: MERIGLIE-8B4AA0:1099

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: CLOSE_WAIT

 

Local Address: MERIGLIE-8B4AA0:1094

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: CLOSE_WAIT

 

Local Address: MERIGLIE-8B4AA0:1075

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1071

Remote Address: LOCALHOST:1110

Type: TCP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: ESTABLISHED

 

Local Address: MERIGLIE-8B4AA0:1031

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\alg.exe

State: LISTENING

 

Local Address: MERIGLIE-8B4AA0:19780

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: LISTENING

 

Local Address: MERIGLIE-8B4AA0:12321

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: LISTENING

 

Local Address: MERIGLIE-8B4AA0:1110

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

State: LISTENING

 

Local Address: MERIGLIE-8B4AA0:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

 

Local Address: MERIGLIE-8B4AA0:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\svchost.exe

State: LISTENING

 

Local Address: MERIGLIE-8B4AA0:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: MERIGLIE-8B4AA0:138

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: MERIGLIE-8B4AA0:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

Local Address: MERIGLIE-8B4AA0:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: MERIGLIE-8B4AA0:1900

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: MERIGLIE-8B4AA0:1036

Remote Address: NA

Type: UDP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: NA

 

Local Address: MERIGLIE-8B4AA0:123

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

 

Local Address: MERIGLIE-8B4AA0:4500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: MERIGLIE-8B4AA0:500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

 

Local Address: MERIGLIE-8B4AA0:MICROSOFT-DS

Remote Address: NA

Type: UDP

Process: System

State: NA

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume1\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{6D747480-E26F-11DF-AC2E-4

Status: Hidden

 

 

dans internet ==>options j ai mis interdire les pub mais ça ne change pas grand chose

 

 

 

 

 

 

 

 

 

 

il n'y a aucune ligne rouge

 

dois je installer Installer Firefox avec l'extension Adblock+?

Modifié le 25 avril 2011 par marsouin10_0

[pear]

il n'y a aucune ligne rouge

 

Tant mieux

 

dois je installer Installer Firefox avec l'extension Adblock+?

 

Cela en vaut la peine.C'est un logiciel bien plus sûr que IE.