GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-06 17:51:47 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000028 HGST_HTS545050A7E380 rev.GG2OACA0 465,76GB Running: 5cr3od1i.exe; Driver: C:\Users\JOLANT~1\AppData\Local\Temp\agldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\atiesrxx.exe[936] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdc1a6169a 4 bytes [A6, C1, FD, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[936] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdc1a616a2 4 bytes [A6, C1, FD, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[936] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdc1a6181a 4 bytes [A6, C1, FD, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[936] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdc1a61832 4 bytes [A6, C1, FD, 7F] .text C:\WINDOWS\system32\atieclxx.exe[808] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdc1a6169a 4 bytes [A6, C1, FD, 7F] .text C:\WINDOWS\system32\atieclxx.exe[808] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdc1a616a2 4 bytes [A6, C1, FD, 7F] .text C:\WINDOWS\system32\atieclxx.exe[808] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdc1a6181a 4 bytes [A6, C1, FD, 7F] .text C:\WINDOWS\system32\atieclxx.exe[808] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdc1a61832 4 bytes [A6, C1, FD, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffdc1a6169a 4 bytes [A6, C1, FD, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffdc1a616a2 4 bytes [A6, C1, FD, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffdc1a6181a 4 bytes [A6, C1, FD, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[2084] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffdc1a61832 4 bytes [A6, C1, FD, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdc1a6169a 4 bytes [A6, C1, FD, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdc1a616a2 4 bytes [A6, C1, FD, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdc1a6181a 4 bytes [A6, C1, FD, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2576] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdc1a61832 4 bytes [A6, C1, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3180] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdc1a6169a 4 bytes [A6, C1, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3180] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdc1a616a2 4 bytes [A6, C1, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3180] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdc1a6181a 4 bytes [A6, C1, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3180] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdc1a61832 4 bytes [A6, C1, FD, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [640:664] fffff96000819b90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----