GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-10 12:49:17
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 WDC_WD1002FAEX-00Y9A0 rev.05.01D05 931,51GB
Running: o1ihpwfz.exe; Driver: C:\Users\Michal\AppData\Local\Temp\uxrirpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5052] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007fa19a91532 4 bytes [A9, 19, FA, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5052] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007fa19a9153a 4 bytes [A9, 19, FA, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5052] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007fa19a9165a 4 bytes [A9, 19, FA, 07]
.text   C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                               000007fa19a91532 4 bytes [A9, 19, FA, 07]
.text   C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                               000007fa19a9153a 4 bytes [A9, 19, FA, 07]
.text   C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                             000007fa19a9165a 4 bytes [A9, 19, FA, 07]
.text   C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                     000007fa21eb177a 4 bytes {JMP 0x23}
.text   C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                     000007fa21eb1782 4 bytes {JMP 0x23}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3976] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690      000007fa19a91532 4 bytes [A9, 19, FA, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3976] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698      000007fa19a9153a 4 bytes [A9, 19, FA, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3976] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246    000007fa19a9165a 4 bytes [A9, 19, FA, 07]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[3492] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 690          000007fa19a91532 4 bytes [A9, 19, FA, 07]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[3492] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 698          000007fa19a9153a 4 bytes [A9, 19, FA, 07]
.text   C:\Program Files\ESET\ESET Smart Security\egui.exe[3492] C:\Windows\SYSTEM32\msimg32.dll!TransparentBlt + 246        000007fa19a9165a 4 bytes [A9, 19, FA, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [432:2480]                                                                             fffff960008765e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                    153968292

---- EOF - GMER 2.1 ----