GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-23 09:49:13 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a INTEL_SSDSC2CT120A3 rev.300i 111,79GB Running: jm2q4i9s.exe; Driver: C:\Users\K5D91~1.KRU\AppData\Local\Temp\agdyqpod.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [532:624] ffffc95fef7a6c20 ---- Processes - GMER 2.2 ---- Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 0000000072a80000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso30win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 00000000726c0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso40uiwin32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 0000000070160000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso98win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 000000006f200000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso99Lwin32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 000000006ec60000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 000000006bff0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\riched20.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 000000006dba0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 00000000683c0000 Library C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1045\MSMAPI32.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 000000006e0d0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\ADAL.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE [6852] 0000000066b30000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso30win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10704] 00000000726c0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso40uiwin32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10704] 0000000070160000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso98win32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10704] 000000006f200000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso99Lwin32client.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10704] 000000006ec60000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10704] 000000006bff0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE [10704] 000000005d560000 ---- EOF - GMER 2.2 ----