GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-09 07:34:23 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000041 HGST_HTS721010A9E630 rev.JB0OA3J0 931,51GB Running: 6evfmou7.exe; Driver: C:\Users\MSI\AppData\Local\Temp\pxldipob.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [7140:2220] ffffde5c84e06c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ?????????????? ?????? ????????????????????????????.??????????????????????????????????????n??????? ??????????????????????????????????????????? ?????????????????????????????????????????????????s?=??????? ???????????????????????????????????????t??????????? ????????n???????????????L?????????????s??????M???????????????????????????????? ??????????? ????????????????????????????????????8??????????????????????????????????????????? ??????????????????????????????b???&???????????????????????????????????s???XboxComposite???????????????-24?????????????????????????$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\LocalCacheFileEditManager\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{D47B9E5C-E2D5-455B-B7E5-110FFE885A53}\Connection@Name Reusable ISATAP Interface {D47B9E5C-E2D5-455B-B7E5-110FFE885A53} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -104657857 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\94659cc0b3b2 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{0bf18554-91ad-4a12-8501-059c322feb43}@LastProbeTime 1475803117 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{D47B9E5C-E2D5-455B-B7E5-110FFE885A53}@InterfaceName Reusable ISATAP Interface {D47B9E5C-E2D5-455B-B7E5-110FFE885A53} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{D47B9E5C-E2D5-455B-B7E5-110FFE885A53}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4151 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1068 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 172.20.10.1 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xE5 0x8D 0xBB 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xE5 0xF5 0x7F 0xFF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xE5 0x25 0xF7 0x3B ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\10@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\10@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\11@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\11@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\7@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\7@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\8@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\8@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\9@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\9@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\MMDEVAPI\{0.0.0.00000000}.{1347E402-10BB-47EE-BF65-8CCA4127BC56}\Interfaces\{e6327cad-dcec-4949-ae8a-991e976a79d2}\Properties\{a2a3fff4-353f-407c-9d86-1f9dc7d5a606}\0002@ 0x64 0x62 0x02 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----