Le rapport Mbar, je relance l'analyse
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.576.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 4145299456, free: 2104164352
Downloaded database version: v2017.10.15.07
Downloaded database version: v2017.10.14.01
Downloaded database version: v2017.09.01.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
10/15/2017 20:51:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64lp.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TXEIx64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\rtwlane.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\VirtualButtons.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\iai2c.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\iagpio.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\dptf_acpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\clwvd6.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\RtkBtfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2017.10.15.07
rootkit: v2017.10.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffb40841f7d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffb40841f7dae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffb40841f7d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffb40841ec4910, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffb408413f7060, DeviceName: \Device\00000038\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A6B3ED6C
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 799077393
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 10d76397-2973-4ff8-8d3c-e94e3b84da5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 799077393
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 10d76397-2973-4ff8-8d3c-e94e3b84da5
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 3a2b7c64-e15b-401d-9e9b-b3873388b360
FirstLBA 2048 Last LBA 3074047
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID d02a3188-26d4-4129-8cc6-380ff72a48a
FirstLBA 3074048 Last LBA 3606527
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID a034a4ea-739d-4fad-b877-60f449f29b56
FirstLBA 3606528 Last LBA 3868671
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 2ca4949e-b4f5-4b1f-b520-e245357e0c9
FirstLBA 3868672 Last LBA 946053119
Attributes 0
Partition Name Basic data partition
Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID a986616d-3fe-486d-aaa7-7a30f3bcdddb
FirstLBA 946053120 Last LBA 976773119
Attributes 1
Partition Name Basic data partition
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Infected: C:\Users\Responsable\Downloads\Asterix et obelix contre cesar _1999_ movie (1).exe --> [Adware.InstallMonster]
Infected: C:\Users\Responsable\Downloads\Asterix et obelix contre cesar _1999_ movie (2).exe --> [Adware.InstallMonster]
Infected: C:\Program Files (x86)\UDpJuHWFll\SSL\OtherSearch Inc CA 2.cer --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\SSL --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\SSL\cert.db --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\data.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\kl.dll --> [Adware.OtherSearch.TSKRST]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OtherSearch --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\kl.ecf --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\s.xml --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\slite.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\uninstall.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\upd.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\updengine.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\certutil.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\mozcrt19.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\nspr4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\nss3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\plc4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\plds4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\smime3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\softokn3.dll --> [Adware.OtherSearch.TSKRST]
File C:\Windows\System32\drivers\Lace_wpf_x64.sys will be destroyed
Infected: C:\Windows\System32\drivers\Lace_wpf_x64.sys --> [Rootkit.Komodia.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Lace514 --> [Rootkit.Komodia.PUA]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.14393 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.576.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 4145299456, free: 2617507840
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.576.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 4145299456, free: 2104164352
Downloaded database version: v2017.10.15.07
Downloaded database version: v2017.10.14.01
Downloaded database version: v2017.09.01.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
10/15/2017 20:51:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64lp.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TXEIx64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\rtwlane.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\VirtualButtons.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\iai2c.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\iagpio.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\dptf_acpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\clwvd6.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\hidi2c.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\RtkBtfilter.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2017.10.15.07
rootkit: v2017.10.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffb40841f7d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffb40841f7dae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffb40841f7d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffb40841ec4910, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffb408413f7060, DeviceName: \Device\00000038\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A6B3ED6C
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 799077393
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 10d76397-2973-4ff8-8d3c-e94e3b84da5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 799077393
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 10d76397-2973-4ff8-8d3c-e94e3b84da5
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 3a2b7c64-e15b-401d-9e9b-b3873388b360
FirstLBA 2048 Last LBA 3074047
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID d02a3188-26d4-4129-8cc6-380ff72a48a
FirstLBA 3074048 Last LBA 3606527
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID a034a4ea-739d-4fad-b877-60f449f29b56
FirstLBA 3606528 Last LBA 3868671
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 2ca4949e-b4f5-4b1f-b520-e245357e0c9
FirstLBA 3868672 Last LBA 946053119
Attributes 0
Partition Name Basic data partition
Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID a986616d-3fe-486d-aaa7-7a30f3bcdddb
FirstLBA 946053120 Last LBA 976773119
Attributes 1
Partition Name Basic data partition
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Infected: C:\Users\Responsable\Downloads\Asterix et obelix contre cesar _1999_ movie (1).exe --> [Adware.InstallMonster]
Infected: C:\Users\Responsable\Downloads\Asterix et obelix contre cesar _1999_ movie (2).exe --> [Adware.InstallMonster]
Infected: C:\Program Files (x86)\UDpJuHWFll\SSL\OtherSearch Inc CA 2.cer --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\SSL --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\SSL\cert.db --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\data.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\kl.dll --> [Adware.OtherSearch.TSKRST]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OtherSearch --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\kl.ecf --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\s.xml --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\slite.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\uninstall.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\upd.dt --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\updengine.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\certutil.exe --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\mozcrt19.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\nspr4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\nss3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\plc4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\plds4.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\smime3.dll --> [Adware.OtherSearch.TSKRST]
Infected: C:\Program Files (x86)\UDpJuHWFll\nss\softokn3.dll --> [Adware.OtherSearch.TSKRST]
File C:\Windows\System32\drivers\Lace_wpf_x64.sys will be destroyed
Infected: C:\Windows\System32\drivers\Lace_wpf_x64.sys --> [Rootkit.Komodia.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Lace514 --> [Rootkit.Komodia.PUA]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.14393 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.576.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 4145299456, free: 2617507840
=======================================
Poursuivez
