Shadow SSDT : NtUserSetWindowsHookEx -> HOOKED (Unknown 0x88065DEC) Shadow SSDT : NtUserSetWindowsHookAW -> HOOKED (Unknown 0xAA2D4474) SSDT : NtWriteVirtualMemory 0x832AEA83 -> HOOKED (Unknown 0x9756DDAC) SSDT : NtTerminateThread 0x832C769B -> HOOKED (Unknown 0x97572144) SSDT : NtTerminateProcess 0x832A9D86 -> HOOKED (Unknown 0x9757130C) SSDT : NtSetSystemInformation 0x8329D37A -> HOOKED (Unknown 0x9756DC6C) SSDT : NtRenameKey 0x832EB0BB -> HOOKED (Unknown 0x97577EA4) SSDT : NtOpenSection 0x832B89EB -> HOOKED (Unknown 0x97577DE4) SSDT : NtLoadDriver 0x83214C32 -> HOOKED (Unknown 0x9756DCEC) SSDT : NtDeleteKey 0x8323AA4A -> HOOKED (Unknown 0x97577C0C) SSDT : NtCreateUserProcess 0x832BD3CD -> HOOKED (Unknown 0x8787252C) SSDT : NtCreateThreadEx 0x832BF49B -> HOOKED (Unknown 0x9756DD2C) SSDT : NtCreateThread 0x8332AFE2 -> HOOKED (Unknown 0x9756DD6C) SSDT : NtCreateSymbolicLinkObject 0x832509C6 -> HOOKED (Unknown 0x97579284) SSDT : NtCreateProcessEx 0x8332B224 -> HOOKED (Unknown 0x97571B94) SSDT : NtCreateProcess 0x8332B1D9 -> HOOKED (Unknown 0x975426CC) SSDT : NtCreateMutant 0x8325F34C -> HOOKED (Unknown 0x9756DCAC) SSDT : NtCreateKey 0x8324FFFB -> HOOKED (Unknown 0x97572104) Install : C:\Program Files\Google\Desktop\Install -> TROUVÉ Install : C:\Users\mbernard\AppData\Local\Google\Desktop\Install -> TROUVÉ MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll > \systemroot\system32\config -> TROUVÉ MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll > \systemroot\system32\config -> TROUVÉ MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll > \systemroot\system32\config -> TROUVÉ MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe > \systemroot\system32\config -> TROUVÉ MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll > \systemroot\system32\config -> TROUVÉ MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll > \systemroot\system32\config -> TROUVÉ MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll > \systemroot\system32\config -> TROUVÉ MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll > \systemroot\system32\config -> TROUVÉ MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll > \systemroot\system32\config -> TROUVÉ MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe > \systemroot\system32\config -> TROUVÉ MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll > \systemroot\system32\config -> TROUVÉ MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll > \systemroot\system32\config -> TROUVÉ fr-FR : C:\Program Files\Windows Defender\fr-FR > \systemroot\system32\config -> TROUVÉ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ msconfig.lnk : C:\Users\mbernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk C:\PROGRA~2\08jer.dat,FG00 -> TROUVÉ jimtviphqpxrqjbpqhj.lnk : C:\Users\mbernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jimtviphqpxrqjbpqhj.lnk C:\Users\mbernard\AppData\Local\Temp\jhqpbjqrxpqhpivtmij.bfg,OKL00 -> TROUVÉ Test TimeTrigger : C:\Users\mbernard\AppData\Local\Temp\Runner.exe - C:\Users\mbernard\AppData\Local\Temp\DNS.exe -> TROUVÉ HKLM\\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ ?etadpug - "C:\Program Files\Google\Desktop\Install\\GoogleUpdate.exe" TROUVÉ Systeme d'exploitation : Windows 7 ( Service Pack 1) 32 bits version It has been identified by Mawarebyte, but there no way to get rid of it.Īs I already had roguekiller installed on my computer and as I couldn't download any other software even in safe mode , I directly ran it and obtaind the report pasted below After some analysis made with Malwarbyte, it becomes clear that I'm infected with the zeroaccess trojan.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |