GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-07-05 13:24:12
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST500LT012-1DG142 rev.0002LVM1 465,76GB
Running: phcx0wez.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\kwpcypob.sys


---- User code sections - GMER 2.2 ----

?       C:\WINDOWS\SYSTEM32\iertutil.dll [2380] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\system32\wbem\wbemsvc.dll [2380] entry point in ".rdata" section               000000006ea08fc0
?       C:\Windows\system32\dbgcore.DLL [2396] entry point in ".rdata" section                    000000007384c940
?       C:\WINDOWS\SYSTEM32\iertutil.dll [5404] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\system32\wbem\wbemsvc.dll [5404] entry point in ".rdata" section               000000006ea08fc0
?       C:\WINDOWS\SYSTEM32\iertutil.dll [4592] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\SYSTEM32\dbgcore.DLL [4592] entry point in ".rdata" section                    000000007384c940
?       C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [4592] entry point in ".rdata" section  000000005c677ec0
?       C:\WINDOWS\SYSTEM32\dbgcore.DLL [4600] entry point in ".rdata" section                    000000007384c940
?       C:\WINDOWS\SYSTEM32\iertutil.dll [4600] entry point in ".rdata" section                   000000006f6c3570
?       C:\Windows\System32\ActXPrxy.dll [4600] entry point in ".rdata" section                   0000000065269c50
?       C:\WINDOWS\SYSTEM32\iertutil.dll [7284] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\SYSTEM32\dbgcore.DLL [7256] entry point in ".rdata" section                    000000007384c940
?       C:\WINDOWS\system32\wbem\wbemsvc.dll [7256] entry point in ".rdata" section               000000006ea08fc0
?       C:\WINDOWS\SYSTEM32\iertutil.dll [7256] entry point in ".rdata" section                   000000006f6c3570
?       C:\Windows\System32\ActXPrxy.dll [7256] entry point in ".rdata" section                   0000000065269c50
?       C:\WINDOWS\system32\wbem\wbemsvc.dll [8232] entry point in ".rdata" section               000000006ea08fc0
?       C:\WINDOWS\SYSTEM32\iertutil.dll [8232] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\system32\wbem\wbemsvc.dll [8396] entry point in ".rdata" section               000000006ea08fc0
?       C:\WINDOWS\SYSTEM32\iertutil.dll [8396] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\SYSTEM32\iertutil.dll [5092] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\SYSTEM32\iertutil.dll [8184] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\SYSTEM32\iertutil.dll [9192] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\SYSTEM32\dbgcore.DLL [3116] entry point in ".rdata" section                    000000007384c940
?       C:\WINDOWS\SYSTEM32\iertutil.dll [3116] entry point in ".rdata" section                   000000006f6c3570
?       C:\WINDOWS\system32\apphelp.dll [6508] entry point in ".rdata" section                    000000006de0f7c0

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [692:748]                                                   ffffc246ace06c20

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed         -2100107014
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\48e244a52058               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime           ??r.?, ?lip ?05 ?17, 11:54:54 AM???????????????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated       0x7A 0xCF 0xD6 0xA0 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh            0x7A 0x37 0x9B 0x02 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow             0x7A 0x67 0x12 0x3F ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw                                        0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask                                    0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw                                        0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask                                    0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@Rw                                        0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@RwMask                                    0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\3@Rw                                        0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\3@RwMask                                    0x64 0x62 0x03 0x00 ...
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@E7CF176E110C211B       0xB5 0x94 0xD1 0xF4 ...

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                     unknown MBR code

---- EOF - GMER 2.2 ----