ÿþ--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.192.16299.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.167000 GHz Memory total: 4175745024, free: 1430081536 Downloaded database version: v2018.01.06.05 Downloaded database version: v2017.11.28.01 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 01/06/2018 22:13:23 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\WppRecorder.sys \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\drivers\MBI.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\drivers\btath_bus.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\vmbkmclr.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9539C615-ED2A-404D-8EF6-6880E039791D}\MpKslc935b79e.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\bam.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\drivers\CAD.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\system32\DRIVERS\AiCharger.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\TXEIx64.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys \SystemRoot\system32\DRIVERS\RtsPer.sys \SystemRoot\System32\drivers\rt640x64.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbfiltr.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\AsHIDSwitch64.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\system32\DRIVERS\btfilter.sys \SystemRoot\System32\drivers\BTHUSB.sys \SystemRoot\System32\drivers\bthport.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\cldflt.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\rassstp.sys \SystemRoot\System32\DRIVERS\NDProxy.sys \SystemRoot\System32\drivers\AgileVpn.sys \SystemRoot\System32\drivers\rasl2tp.sys \SystemRoot\System32\drivers\raspptp.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\drivers\ndiswan.sys \SystemRoot\system32\drivers\wd\WdFilter.sys \SystemRoot\system32\drivers\wd\WdNisDrv.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\drivers\tunnel.sys \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C40DA08C-CE31-423A-8121-69D52578650C}\MpKslf269b741.sys \SystemRoot\System32\drivers\athw8x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\System32\drivers\umpass.sys \SystemRoot\System32\drivers\WSDPrint.sys \SystemRoot\system32\DRIVERS\WSDScan.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\5231969F.sys ----------- End ----------- Done! Scan started Database versions: main: v2018.01.06.05 rootkit: v2017.10.14.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe182e2b5b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffe182e2a669d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe182e2b5b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffe182e2970060, DeviceName: \Device\0000002f\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 1E031287 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1527299760 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid eacca424-9bb4-43e9-8881-f2148618b8fc GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1527299760 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid eacca424-9bb4-43e9-8881-f2148618b8fc Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e918e3c9-df12-4c6c-a791-2149c4c17772 FirstLBA 2048 Last LBA 206847 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 944fcbce-9e72-4baf-9f86-a0cde4b6643e FirstLBA 206848 Last LBA 2050047 Attributes 1 Partition Name Basic data partition Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 84a77d4e-4977-446e-a471-14afcfb2729d FirstLBA 2050048 Last LBA 2312191 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID b037908b-c083-4735-8171-c19ad9ab5e54 FirstLBA 2312192 Last LBA 783718399 Attributes 0 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 8a7399b3-895b-4c64-8389-8897e4737493 FirstLBA 783718400 Last LBA 1922045951 Attributes 0 Partition Name Basic data partition Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 1404b1b5-efe5-479c-8e53-fa21244ee658 FirstLBA 1922045952 Last LBA 1953523711 Attributes 1 Partition Name Basic data partition Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! File "C:\Users\BLANDINE\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3B512EE91041866AF87B9DA0EEE924F024C76474.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3B512EE91041866AF87B9DA0EEE924F024C76474.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3B512EE91041866AF87B9DA0EEE924F024C76474.bin.83" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished