GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-30 10:10:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005e SAMSUNG_ rev.1AG0 1397,27GB Running: gmer.exe; Driver: C:\Users\Grzesiek\AppData\Local\Temp\kxrdrkow.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [960:6732] 000007fed8438a4c Thread C:\Windows\system32\svchost.exe [120:7900] 000007fefb831ab0 Thread C:\Windows\system32\svchost.exe [120:7924] 000007fefae54164 Thread C:\Windows\System32\spoolsv.exe [1360:2508] 000007feef1910c8 Thread C:\Windows\System32\spoolsv.exe [1360:2920] 000007feef116144 Thread C:\Windows\System32\spoolsv.exe [1360:2932] 000007fef2165fd0 Thread C:\Windows\System32\spoolsv.exe [1360:2936] 000007fef2133438 Thread C:\Windows\System32\spoolsv.exe [1360:2940] 000007fef21663ec Thread C:\Windows\System32\spoolsv.exe [1360:2952] 000007fef1ce5e5c Thread C:\Windows\System32\spoolsv.exe [1360:1896] 000007fef1bb5060 Thread C:\Windows\system32\taskhost.exe [2200:2340] 000007fefb871010 Thread C:\Windows\system32\taskhost.exe [2200:1724] 000007fef16e5170 Thread C:\Windows\System32\svchost.exe [2840:2308] 000007feed1ea1b0 Thread C:\Windows\System32\svchost.exe [2840:2380] 000007feed1d06e0 Thread C:\Windows\System32\svchost.exe [2840:2412] 000007feed1d06d0 Thread C:\Windows\System32\svchost.exe [2840:2436] 000007feed196d60 Thread C:\Windows\System32\svchost.exe [2840:2444] 000007feed1a8d40 Thread C:\Windows\System32\svchost.exe [2840:2452] 000007feed196d50 Thread C:\Windows\System32\svchost.exe [2840:2456] 000007feed20c380 Thread C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE [3104:5676] 000000005aee074b Thread C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE [3104:6056] 000000006b6bc40f Thread C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE [3104:6060] 000000006b6bc40f Thread C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE [3104:6064] 000000006b6bc40f Thread C:\Windows\SysWOW64\ntdll.dll [3476:3480] 000000000128bed3 Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [3840:3160] 000007fefb622ae8 Thread C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe [3848:644] 000007fefb622ae8 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3868:3328] 000007fee0ecd5d0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3868:2608] 000007fee0ed01d0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3868:2468] 000007fee0ecd5d0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3868:4588] 000007fee0ecd5d0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3868:4776] 000007fedee5502c Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3868:4864] 000007fee0ecd5d0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3868:4868] 000007fee0ecd5d0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3868:6772] 000007fee0ecd5d0 Thread C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3868:6516] 000007fee0ecd5d0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5060:1828] 000007fefb622ae8 Thread C:\Windows\System32\svchost.exe [5068:2992] 000007fedc1b9688 Thread C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe [2924:5636] 000000005aee074b Thread C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe [2924:4336] 000000006b6bc40f Thread C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe [2924:6048] 000000006b6bc40f Thread C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe [2924:2764] 000000006b6bc40f Thread C:\Program Files\Windows Mail\WinMail.exe [7120:7132] 000007fef16e5170 Thread C:\Program Files\Windows Mail\WinMail.exe [7120:7144] 000007fef16e5170 ---- Processes - GMER 2.2 ---- Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE [3104] 0000000064c70000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso30win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE [3104] 0000000064830000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso40uiwin32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE [3104] 0000000063f40000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe [2924] 0000000064c70000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso30win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe [2924] 0000000064830000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso40uiwin32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\Office16\MsoSync.exe [2924] 0000000063f40000 ---- EOF - GMER 2.2 ----