GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-05-20 14:01:45
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST1000LM014-SSHD-8GB rev.LVD5 931,51GB
Running: fvpz7n2p.exe; Driver: C:\Users\Aga\AppData\Local\Temp\pxldrpow.sys


---- User code sections - GMER 2.2 ----

?       C:\Windows\SYSTEM32\NTASN1.dll [1512] entry point in ".rdata" section                                            000000007039bb10
?       C:\Windows\SYSTEM32\wlanui.dll [2124] entry point in ".rdata" section                                            0000000073a3a7e0
?       C:\Windows\SYSTEM32\NTASN1.dll [5376] entry point in ".rdata" section                                            000000007039bb10
?       C:\Windows\SYSTEM32\iertutil.dll [5156] entry point in ".rdata" section                                          000000006ccecb70
?       C:\Windows\system32\apphelp.dll [4768] entry point in ".rdata" section                                           000000006fe00380

---- Threads - GMER 2.2 ----

Thread  C:\Windows\system32\svchost.exe [1012:3420]                                                                      00007ffafcaeeb60
Thread  C:\Windows\system32\csrss.exe [1340:7760]                                                                        fffff961357c4060

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                -326310758
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@AddressCreationTimestamp  0xFE 0x8F 0x26 0x0D ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@UPnPState                 0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@ClientLocalPort           52676
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@UPnPExternalPort          52676
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-00-00-00-00-00@TeredoAddress             2001:0:9d38:6ab8:185f:323b:3caf:7931
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                 541

---- Files - GMER 2.2 ----

File    C:\Users\Aga\AppData\Local\Microsoft\SmartScreen\ARCC2A4.tmp                                                     0 bytes
File    C:\Windows\assembly\NativeImages_v2.0.50727_32\index36.dat                                                       0 bytes
File    C:\Windows\assembly\NativeImages_v2.0.50727_32\index37.dat                                                       0 bytes
File    C:\Windows\Installer\{5D214A60-8ED4-49BD-BFED-2D5FADBA7225}\GfExperienceService.exe                              1165368 bytes executable
File    C:\Windows\Installer\{5D214A60-8ED4-49BD-BFED-2D5FADBA7225}\GFExperienceUpdate.dll                               952376 bytes executable
File    C:\Windows\Installer\{5D214A60-8ED4-49BD-BFED-2D5FADBA7225}\ShadowPlayController.dll                             787000 bytes
File    C:\Windows\Installer\{5D214A60-8ED4-49BD-BFED-2D5FADBA7225}\ShieldWirelessController.dll                         1350200 bytes executable
File    C:\Windows\Prefetch\NGENTASK.EXE-CD4E002C.pf                                                                     (size mismatch) 19273/19972 bytes executable
File    C:\Windows\Prefetch\CONHOST.EXE-F98A1078.pf                                                                      (size mismatch) 8534/8639 bytes executable

---- EOF - GMER 2.2 ----