GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-05-15 13:07:44
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 TOSHIBA_MQ01ABD100 rev.AX1P5E 931,51GB
Running: etjd63i5.exe; Driver: C:\Users\notebook\AppData\Local\Temp\fxlyrpog.sys


---- User code sections - GMER 2.2 ----

.text   C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe[5772] C:\WINDOWS\system32\KERNELBASE.dll!RegQueryValueExW  00007ffb7ba23fd0 5 bytes JMP 00007ffb1cdf0200
.text   C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe[5772] C:\WINDOWS\SYSTEM32\mshtml.dll!RunHTMLApplication    00007ffb5ce03490 7 bytes JMP 00007ffb1cdf0198

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [5848:2948]                                                                                   fffff960008d32d0

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                           -1473290757
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\34e6adb28d3c                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\34e6adb28d3c@fc923b3e6029                                    0x73 0xD8 0x3F 0xC1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\12@Timestamp                                             0x8C 0x33 0x78 0xF5 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                            2229
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                              1
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}\iexplore@Count              4422
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore@Count              24514
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}\iexplore@Count              14330
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}\iexplore@Blocked            14330
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count              701
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count              99491
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\iexplore@Count              6016
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime                                                          0x07 0x16 0xEF 0x14 ...

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                                                       unknown MBR code

---- EOF - GMER 2.2 ----