GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-07-10 15:47:16
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 Samsung_SSD_840_EVO_1TB rev.EXT0DB6Q 931,51GB
Running: 2m609duu.exe; Driver: C:\Users\KRZYSZ~1\AppData\Local\Temp\uwryipoc.sys


---- User code sections - GMER 2.2 ----

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1264] C:\WINDOWS\system32\combase.dll!CoSetProxyBlanket  00007ffcd0955b60 5 bytes JMP 00007ffccd4e07a0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1264] C:\WINDOWS\system32\combase.dll!CoCreateInstance   00007ffcd097fb40 5 bytes JMP 00007ffccd4e0768
.text   C:\WINDOWS\system32\sihost.exe[3168] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                               00007ffccd4fc960 5 bytes JMP 00007ffccd4e0180
.text   C:\WINDOWS\system32\sihost.exe[3168] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                            00007ffccd50c610 6 bytes JMP 00007ffccd4e0148
.text   C:\WINDOWS\system32\sihost.exe[3168] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                          00007ffccd52c8e0 5 bytes JMP 00007ffccd4e00d8
.text   C:\WINDOWS\system32\sihost.exe[3168] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                      00007ffccd541430 5 bytes JMP 00007ffccd4e01b8
.text   C:\WINDOWS\system32\sihost.exe[3168] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                        00007ffccd546ae0 5 bytes JMP 00007ffccd4e0110
.text   C:\WINDOWS\system32\ApplicationFrameHost.exe[4164] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory                 00007ffcca8f6270 5 bytes JMP 00007ffcca8e00d8
.text   C:\WINDOWS\system32\ApplicationFrameHost.exe[4164] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1                00007ffcca8f63d0 5 bytes JMP 00007ffcca8e0110
?       C:\WINDOWS\system32\apphelp.dll [1224] entry point in ".rdata" section                                            0000000073230380

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [636:696]                                                                           fffff960d6b14030

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                 1882450099
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\742f68fa504c                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                         

---- EOF - GMER 2.2 ----