system-log2.txt

Document joint : GLmdkf6fr5d_system-log2.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.726.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.992000 GHz
Memory total: 8436027392, free: 5179015168

Downloaded database version: v2017.12.12.01
Downloaded database version: v2017.11.28.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
12/12/2017 02:28:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\dam.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f2308ff1d90596bf\igdkmd64.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\Netwtw06.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\iaLPSS2_UART2.sys
\SystemRoot\system32\drivers\SerCx2.sys
\SystemRoot\System32\drivers\iaLPSS2_SPI.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\dptf_acpi.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iaLPSS2_GPIO2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsRadioControl.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AsusPTPFilter.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\system32\drivers\mfeaack.sys
\SystemRoot\system32\drivers\mfeplk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\drivers\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\7624D7F0.sys
----------- End -----------
Done!

Scan started
Database versions:
main: v2017.12.12.01
rootkit: v2017.10.14.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9b88c0040510, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff9b88bdd829f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9b88c0040510, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffff9b88bcf29da0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9b88bcf29060, DeviceName: \Device\0000003f\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
Volume is encrypted by BITLOCKER
<<<2>>>
<<<3>>>
Volume: C:
Volume is encrypted by BITLOCKER
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 6F072854

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1583950638
GPT Header CurrentLba = 1 BackupLba 1000215215
GPT Header FirstUsableLba 34 LastUsableLba 1000215182
GPT Header Guid 4f68675d-5b1f-4a6c-b637-d7925cf815d3
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1583950638
Backup GPT header CurrentLba = 1000215215 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1000215182
Backup GPT header Guid 4f68675d-5b1f-4a6c-b637-d7925cf815d3
Backup GPT header Contains 128 partition entries starting at LBA 1000215183
Backup GPT header Partition entry size = 128

Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 430cc831-9e5-465c-ac34-4faafbbe83e
FirstLBA 2048 Last LBA 534527
Attributes 0
Partition Name EFI system partition

GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID a48642f4-bc35-4519-85db-6ee4f928f64f
FirstLBA 534528 Last LBA 567295
Attributes 0
Partition Name Microsoft reserved partition

Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 533424b2-914a-4f7b-835a-5ed1ffbda66c
FirstLBA 567296 Last LBA 998576127
Attributes 0
Partition Name Basic data partition

Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 53632522-3495-4df7-a51b-ca23391bfee2
FirstLBA 998576128 Last LBA 1000214527
Attributes 1
Partition Name Basic data partition

Disk Size: 512110190592 bytes
Sector size: 512 bytes

Done!
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} --> [Adware.NeoBar]
Infected: C:\Program Files (x86)\B1dMyRtuobPX\b1dmyrtuobpx.exe --> [Adware.CloudGuard.TskLnk]
Infected file C:\Program Files\WinRAR\Default.SFX could not be remediated because backup file is not available
Infected: C:\Users\siteh\AppData\Local\Temp\psfALkdCizfRj2ftQWTa(Z).exe --> [Adware.InstallMonster]
Infected: C:\Users\siteh\AppData\Local\Temp\psfALkdCizfRj2ftQWTa.exe --> [Adware.InstallMonster]
Infected: C:\Users\siteh\AppData\Local\Temp\revomc.exe --> [Trojan.UbarServ]
Infected: C:\Users\siteh\AppData\Local\Temp\s2s.exe --> [Adware.Wajam]
Infected: C:\Users\siteh\AppData\Local\Temp\6kXvcK0rr\ytab_m_1_big.exe --> [Adware.Neoreklami]
Infected: C:\Users\siteh\AppData\Local\Temp\E1I2BMUUFZ\SecondL.exe --> [Adware.Tuto4PC]
Infected: C:\Users\siteh\AppData\Local\Temp\LHwARYabS\setup.exe --> [Adware.DNSUnlocker.Generic]
Infected: C:\Users\siteh\AppData\Local\Temp\pOz29ar4D\pOz29ar4D.exe --> [Adware.Tuto4PC]
Infected: C:\Users\siteh\AppData\Local\Temp\prPRPGoZt\prPRPGoZt.exe --> [Adware.Tuto4PC]
Infected: C:\Users\siteh\AppData\Local\Temp\vA2f487jw\vA2f487jw.exe --> [Adware.Tuto4PC]
Infected: C:\Windows\Temp\UDDE0CE.tmp --> [Adware.Wajam]
Infected: C:\Windows\7a531e26489e946c70f9d5af73440364.exe --> [Adware.Wajam]
Infected: C:\Users\siteh\AppData\Roaming\ZHP\Quarantine --> [Trojan.UbarServ]
Infected: C:\Users\siteh\AppData\Local\po.db --> [Adware.Linkury.Generic]
Infected: C:\Users\siteh\AppData\Local\Temp\is-IRS7N.tmp\letswork.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\siteh\AppData\Local\Temp\is-IRS7N.tmp --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\siteh\AppData\Local\Temp\is-IRS7N.tmp\itdownload.dll --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\siteh\AppData\Local\Temp\is-IRS7N.tmp\psvince.dll --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\siteh\AppData\Local\Temp\is-IRS7N.tmp\_isetup --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\siteh\AppData\Local\Temp\is-IRS7N.tmp\_isetup\_setup64.tmp --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\siteh\AppData\Local\Temp\svchost.exe --> [Trojan.Agent.Gen]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Trojan.Agent.Gen]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE --> [Trojan.Agent.Gen]
Infected: HKLM\SOFTWARE\MICROSOFT\APreSam --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\MPrForShutT --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\NSaveA --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\PrAmNP --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\MICROSOFT\PrIncub --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564 --> [Adware.DNSUnlocker.ACMB2]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\BIGTIME|partner --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\BIGTIME --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\EWMON|partner --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\EWMON --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|5148008 --> [Adware.Tuto4PC.Generic]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|XUSUHCP12AXDWMY --> [Adware.Tuto4PC.Generic]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LECYY8DSEEPGQQ7 --> [Adware.Tuto4PC.Generic]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|7481549 --> [Adware.Tuto4PC.Generic]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1157340 --> [Adware.Tuto4PC.Generic]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|6608634 --> [Adware.Tuto4PC.Generic]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HO9U4E7JB2DZHPP --> [Adware.Tuto4PC.Generic]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3556551 --> [Adware.Tuto4PC.Generic]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|C1WL06BSJNZAYJV --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\B1dMyRtuobPX\settings.ini --> [Adware.DNSUnlocker.ACMB2]
Infected: C:\Program Files (x86)\B1dMyRtuobPX --> [Adware.DNSUnlocker.ACMB2]
Infected: C:\Program Files (x86)\B1dMyRtuobPX\B1dMyRtuobPX.cer --> [Adware.DNSUnlocker.ACMB2]
Infected: C:\Program Files (x86)\B1dMyRtuobPX\config.ini --> [Adware.DNSUnlocker.ACMB2]
Infected: C:\Program Files (x86)\B1dMyRtuobPX\Info.rtf --> [Adware.DNSUnlocker.ACMB2]
Infected: C:\Program Files (x86)\B1dMyRtuobPX\License.rtf --> [Adware.DNSUnlocker.ACMB2]
Infected: C:\Program Files (x86)\B1dMyRtuobPX\unins000.dat --> [Adware.DNSUnlocker.ACMB2]
Infected: C:\Program Files (x86)\B1dMyRtuobPX\unins000.exe --> [Adware.DNSUnlocker.ACMB2]
Infected: C:\Program Files (x86)\SDownloader\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\SDownloader --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\SDownloader\2WVL1.exe --> [Adware.Tuto4PC.Generic]
Infected: HKU\S-1-5-21-4009766753-2876665748-4057158324-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YVCGO6LR8L806SY --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\SDownloader\2WVL1.exe --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\SDownloader\2WVL1.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\SDownloader\8SQIIR6SHD1YI18.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\SDownloader\config.conf --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\SDownloader\S4O.exe --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\siteh\AppData\Local\InstallationConfiguration.xml --> [Adware.Linkury.TskLnk]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action reg.exe...
Success!
Executing an action cmd.exe...
Success!
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action reg.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action reg.exe...
Success!
Queuing an action reg.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Queuing an action reg.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.15063 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.726.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.992000 GHz
Memory total: 8436027392, free: 6306131968

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.726.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.992000 GHz
Memory total: 8436027392, free: 5902860288

Downloaded database version: v2017.12.12.01
Downloaded database version: v2017.11.28.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
12/12/2017 02:37:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\dam.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f2308ff1d90596bf\igdkmd64.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\Netwtw06.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\iaLPSS2_UART2.sys
\SystemRoot\system32\drivers\SerCx2.sys
\SystemRoot\System32\drivers\iaLPSS2_SPI.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\dptf_acpi.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iaLPSS2_GPIO2.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsRadioControl.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AsusPTPFilter.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\system32\drivers\mfeaack.sys
\SystemRoot\system32\drivers\mfeplk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\vwifimp.sys
\??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
\SystemRoot\system32\drivers\cfwids.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\1181446D.sys
----------- End -----------
Done!

Scan started
Database versions:
main: v2017.12.12.01
rootkit: v2017.10.14.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffd989ecf16510, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffd989eccf39f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd989ecf16510, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffd989e9d90e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffd989e9d97060, DeviceName: \Device\0000003f\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
Volume is encrypted by BITLOCKER
<<<2>>>
<<<3>>>
Volume: C:
Volume is encrypted by BITLOCKER
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 6F072854

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1583950638
GPT Header CurrentLba = 1 BackupLba 1000215215
GPT Header FirstUsableLba 34 LastUsableLba 1000215182
GPT Header Guid 4f68675d-5b1f-4a6c-b637-d7925cf815d3
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1583950638
Backup GPT header CurrentLba = 1000215215 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1000215182
Backup GPT header Guid 4f68675d-5b1f-4a6c-b637-d7925cf815d3
Backup GPT header Contains 128 partition entries starting at LBA 1000215183
Backup GPT header Partition entry size = 128

Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 430cc831-9e5-465c-ac34-4faafbbe83e
FirstLBA 2048 Last LBA 534527
Attributes 0
Partition Name EFI system partition

GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID a48642f4-bc35-4519-85db-6ee4f928f64f
FirstLBA 534528 Last LBA 567295
Attributes 0
Partition Name Microsoft reserved partition

Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 533424b2-914a-4f7b-835a-5ed1ffbda66c
FirstLBA 567296 Last LBA 998576127
Attributes 0
Partition Name Basic data partition

Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 53632522-3495-4df7-a51b-ca23391bfee2
FirstLBA 998576128 Last LBA 1000214527
Attributes 1
Partition Name Basic data partition

Disk Size: 512110190592 bytes
Sector size: 512 bytes

Done!
Infected file C:\Program Files\WinRAR\Default.SFX could not be remediated because backup file is not available
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Default.SFX-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Default.SFX-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Default.SFX-r.mbam...
Removal finished

Signaler le contenu de ce document