GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-25 18:52:26 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000045 LITEON_L8H-256V2G rev.F886201 238,47GB Running: 8dx1eibo.exe; Driver: C:\Users\TATERN~1.PL\AppData\Local\Temp\pxtcipow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe[58936] C:\WINDOWS\system32\KERNELBASE.dll!RegQueryValueExW 00007ffd44b23fd0 5 bytes JMP 00007ffccfdb0200 .text C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe[58936] C:\WINDOWS\SYSTEM32\mshtml.dll!RunHTMLApplication 00007ffd0fdc11e0 7 bytes JMP 00007ffccfdb0198 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!_amsg_exit] [7ffd169825d4] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!__clean_type_info_names_internal] [7ffd169bf9f8] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!_onexit] [7ffd169cdf18] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!__dllonexit] [7ffd169cde44] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!_calloc_crt] [7ffd169c6ab4] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!_unlock] [7ffd16982fb0] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!_lock] [7ffd16982dc0] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!??2@YAPEAX_K@Z] [7ffd169c6948] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!??3@YAXPEAX@Z] [7ffd169c69b4] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!__crtUnhandledException] [7ffd169ce91c] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!__crtTerminateProcess] [7ffd169ce8fc] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!__crtCapturePreviousContext] [7ffd169ce160] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!__CppXcptFilter] [7ffd169cfcbc] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!__crt_debugger_hook] [7ffd169d3304] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!free] [7ffd169c69bc] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!_malloc_crt] [7ffd169c6b34] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!_initterm] [7ffd1698272c] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!_initterm_e] [7ffd1698278c] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll IAT C:\Program Files (x86)\Lenovo\Harmony\Setting\HarmonySettingService.exe[1832] @ C:\Program Files (x86)\Lenovo\Harmony\Setting\TouchScreenContronlDLL.dll[MSVCR120.dll!__C_specific_handler] [7ffd169cf238] C:\Program Files (x86)\Lenovo\Harmony\Setting\MSVCR120.dll ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1936:1940] 000000000074c2ae Thread C:\WINDOWS\system32\csrss.exe [56812:52660] fffff9600096d2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SDC434A0_00_07DE_69^1C7E53F28C155F8181664E47CEFB704F@Timestamp 0x68 0xE6 0x51 0x90 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -277815556 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 1550 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 240530370 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 240529202 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 240529204 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 240530281 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 1025 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FileRuns 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0xA8 0x8E 0x8D 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 4671 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 25 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8df4366 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8df4366@382de86b0d6d 0xDD 0x5F 0x4D 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8df4366@f82fa8ff1fd2 0xE7 0x3E 0x9D 0x90 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8df4366\f5db0546adac Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8df4366\f5db0546adac@LTK 0x1B 0x28 0x5B 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8df4366\f5db0546adac@KeyLength 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8df4366\f5db0546adac@ERand 0x86 0x38 0x03 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8df4366\f5db0546adac@EDIV 1607 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\acd1b8df4366\f5db0546adac@CSRK 0x33 0x12 0x64 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Parameters@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv\Parameters@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 299 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 536 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count 960 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553891B7-A0D5-4526-BE18-D3CE461D6310}\iexplore@Count 960 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x01 0x9C 0xBF 0x38 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications@MobileBroadbandLastResetDate 0x2D 0xC0 0x1A 0xB8 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@0 C:\Users\taternicki.pl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth\Galaxy J5.lnk?C:\Program Files\Lenovo\Bluetooth Software\BTWUIExt.exe? /deviceAddr=382de86b0d6d? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@1 C:\Users\taternicki.pl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth\Galaxy J5.lnk?C:\Program Files\Lenovo\Bluetooth Software\BTWUIExt.exe? /deviceAddr=382de86b0d6d? ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----