GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-20 10:18:57 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST1000DM003-1CH162 rev.CC49 931,51GB Running: f2nn1n2v.exe; Driver: C:\Users\TEMPUS~1.006\AppData\Local\Temp\pxldapog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [7672:5948] ffffdea5d7216c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ????????????????????????$AllVolumes$\System Volume Information\FVE2.{9ef82dfa-1239-4a30-83e6-3b3e9b8fed08}.*????$UserProfile$\AppData\Local\Packages\Microsoft.Office.Desktop_8wekyb3d8bbwe\LocalCache\Local\Microsoft\Outlook\*.oab /s?????$UserProfile$\AppData\Local\Packages\Microsoft.Office.Desktop_8wekyb3d8bbwe\LocalCache\Local\Microsoft\Outlook\*.ost /s?????$UserProfile$\AppData\Local\Microsoft\Outlook\*.ost???????P?????????????????????\System Volume Information\Heat\*.* /s????????L????????A????%windir%\softwaredistribution\*.* /s???????????????C????%ProgramData%\Microsoft\RAC\*?%ProgramData%\Microsoft\RAC\StateData\*?%ProgramData%\Microsoft\RAC\Outbound\*?%ProgramData%\Microsoft\RAC\Temp\*????????????????????????? ???????? ????????????????????????????L?????????????????? "?????????????r???MountedDevices\??????????????????&L?????????????????????????????CurrentControlSet\Control\MSDTC\ASR\??????????????????????????s?????CurrentControlSet\Control\Session Manager\PendingFileRenameOperations?????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -210956156 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x0D 0xD3 0x94 0xB9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x0D 0x3B 0x59 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x0D 0x6B 0xD0 0x57 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... ---- Files - GMER 2.2 ---- File C:\Windows\WinSxS\x86_microsoft-windows-fde_31bf3856ad364e35_10.0.14393.0_none_7961cb6dba00650a\fde.dll (size mismatch) 161280/130048 bytes executable File C:\Windows\WinSxS\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_10.0.14393.0_none_08a59c81ed5c0347\gptext.dll (size mismatch) 25600/21504 bytes executable ---- EOF - GMER 2.2 ----