Witam, kilka dni temu ktoś zainstalował mi Perfect Keyloggera, na program wpadłam przypadkiem - jest to wersja demo i przy każdym uruchomieniu komputera keylogger wysyła mi monit o wprowadzenie numeru seryjnego!! Folder z zainstalowanymi plikami znalazłam. Niestety dostęp do programu zabezpieczony jest hasłem, co uniemożliwia mi sprawdzenie pod jaki adres email wysyłane są logi z mojego komputera. Czy jest możliwość złamania tego hasła? W jaki sposób usunąć całkowicie program? załączam log Gmer
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-11 19:00:05
Windows 6.0.6000 Harddisk0\DR0 - & gt; \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542525K9SA00 rev.BBFOC32P
Running: n4ph1euy.exe; Driver: C:\Users\Ola\AppData\Local\Temp\pxrdrpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x8D6E069A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x8D6E05DA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x8D6E063E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8D6ED50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8D6ED32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8D6ED468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8259852A 7 Bytes JMP 8D6ED46C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 825D7893 7 Bytes JMP 8D6ED332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 825F1ADB 5 Bytes JMP 8D6E94AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 825F75F6 5 Bytes JMP 8D6EA97E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82612645 7 Bytes JMP 8D6ED50E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[384] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Windows\Explorer.EXE[384] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Windows\Explorer.EXE[384] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Windows\Explorer.EXE[384] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Windows\Explorer.EXE[384] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[556] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[556] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[556] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[556] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[556] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\BPK\bpk.exe[716] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\BPK\bpk.exe[716] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\BPK\bpk.exe[716] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\BPK\bpk.exe[716] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\BPK\bpk.exe[716] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[824] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[824] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[824] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[824] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[824] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[832] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[832] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[832] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[832] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[832] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1000] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 0153F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1000] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 0153ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1000] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 01532B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1000] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 01532E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1000] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 0153EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1104] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1104] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1104] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1104] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1104] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1176] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1176] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1176] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1176] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1176] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Phone\Skype.exe[1348] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Phone\Skype.exe[1348] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1460] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 003DF2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1460] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 003DED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1460] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 003D2B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1460] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 003D2E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[1460] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 003DEB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[1484] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[1484] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[1484] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[1484] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[1484] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1516] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1516] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1516] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1516] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1516] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1540] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1540] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1540] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1540] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1540] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1556] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1556] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1556] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1556] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1556] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1704] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1704] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1704] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1704] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[1704] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\nvvsvc.exe[1712] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 00E2F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\nvvsvc.exe[1712] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 00E2ED20 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\nvvsvc.exe[1712] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 00E22B70 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\nvvsvc.exe[1712] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 00E22E50 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\nvvsvc.exe[1712] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 00E2EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1800] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1800] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1800] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1800] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[1800] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1992] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1992] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1992] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1992] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1992] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\Dwm.exe[2032] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\Dwm.exe[2032] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\Dwm.exe[2032] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\Dwm.exe[2032] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\Dwm.exe[2032] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2040] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2040] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2040] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2040] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2040] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\taskeng.exe[2272] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\taskeng.exe[2272] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\taskeng.exe[2272] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\taskeng.exe[2272] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Windows\system32\taskeng.exe[2272] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3588] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3588] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3588] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3588] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3588] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3956] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3956] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3956] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3956] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3956] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text E:\instalki\n4ph1euy.exe[3992] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text E:\instalki\n4ph1euy.exe[3992] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text E:\instalki\n4ph1euy.exe[3992] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text E:\instalki\n4ph1euy.exe[3992] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text E:\instalki\n4ph1euy.exe[3992] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4492] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4492] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4492] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4492] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4492] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4528] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4528] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4528] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4528] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4528] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4564] ntdll.dll!NtQueryDirectoryFile 7703FDF4 5 Bytes JMP 1000F2C0 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4564] ntdll.dll!NtQuerySystemInformation 7703FFD4 5 Bytes JMP 1000ED20 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4564] kernel32.dll!CreateProcessW 76E31D27 5 Bytes JMP 10002B70 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4564] kernel32.dll!CreateProcessA 76E31D5C 5 Bytes JMP 10002E50 C:\Windows\System32\mskRniern.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4564] kernel32.dll!OpenProcess 76E77BC0 5 Bytes JMP 1000EB60 C:\Windows\System32\mskRniern.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [738FFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [738CB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [738BA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [738BCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [738B8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [738CCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [738B7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [738B7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738B6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7394C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [738D7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [738B90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [738C2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738C21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738C7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738C7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [738F83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 01919BE0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 01918650
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 01916640
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0191A160
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 01914D50
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01913E20
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 019147D0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 019164A0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 019170D0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 01916BB0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 01917050
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 01917BB0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 01917280
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 019167F0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 01916CF0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 019165E0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 019161A0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 01919C00
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 01914C00
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 01918B80
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 01918AA0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 01918A60
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 01915A20
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 019135F0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 019166E0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01913040
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01914220
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01911CA0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 01915D70
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 01919BD0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 01919EA0
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 01919E40
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0191A090
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0191A130
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 01919F60
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 01919890
IAT c:\program files\xivpvlkljuhbh\gepcwcs.exe[488] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 01919580
IAT C:\Windows\system32\services.exe[804] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00330002
IAT C:\Windows\system32\services.exe[804] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00330000
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/ALWIL Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try & Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try & Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try & Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpm174.sys (Acronis Try & Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Processes - GMER 1.0.15 ----
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [384] 0x10000000
Process c:\program files\xivpvlkljuhbh\gepcwcs.exe (*** hidden *** ) 436
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ c:\program files\xivpvlkljuhbh\gepcwcs.exe [436] 0x10000000
Process c:\program files\xivpvlkljuhbh\gepcwcs.exe (*** hidden *** ) 488
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ c:\program files\xivpvlkljuhbh\gepcwcs.exe [488] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [556] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\BPK\bpk.exe [716] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [824] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Windows Sidebar\sidebar.exe [832] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1000] 0x01530000
Process c:\windows\system32\gepcwcsc.exe (*** hidden *** ) 1080
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnscfg.exe [1104] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1176] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Skype\Phone\Skype.exe [1348] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1460] 0x003D0000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Windows Defender\MSASCui.exe [1484] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1516] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1540] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [1556] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [1704] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Windows\system32\nvvsvc.exe [1712] 0x00E20000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [1800] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast5\AvastUI.exe [1992] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Windows\system32\Dwm.exe [2032] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Common Files\Java\Java Update\jusched.exe [2040] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [2272] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Skype\Plugin Manager\skypePM.exe [3588] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [3956] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ E:\instalki\n4ph1euy.exe [3992] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [4492] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [4528] 0x10000000
Library C:\Windows\System32\mskRniern.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [4564] 0x10000000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b3ed71
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b3ed71@001a8a8fb7ef 0x26 0xAF 0x1F 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b3ed71@58170c0569df 0xA9 0x34 0x2C 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37b3ed71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37b3ed71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e37b3ed71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001e37b3ed71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e37b3ed71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001e37b3ed71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001e37b3ed71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\001e37b3ed71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\001e37b3ed71 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\001e37b3ed71@001a8a8fb7ef 0x26 0xAF 0x1F 0xB9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\001e37b3ed71@58170c0569df 0xA9 0x34 0x2C 0xF7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{05CFD766-2C16-6907-5D3C-C27D8E2073F1}\ucZpiTdaQuakq@ axv|bwcClGLC@fiLgG?E`
Reg HKLM\SOFTWARE\Classes\CLSID\{05CFD766-2C16-6907-5D3C-C27D8E2073F1}\zvjO@ uR]z_vVj~UoxFMwmYV
---- Files - GMER 1.0.15 ----
File C:\Program Files\Xivpvlkljuhbh 0 bytes
File C:\Program Files\Xivpvlkljuhbh\gepcwcs.exe 2296161 bytes executable
File C:\Program Files\Xivpvlkljuhbh\help.chm 767462 bytes
File C:\Program Files\Xivpvlkljuhbh\Log 0 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Audio 0 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Text 0 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Text\aiotxt.dat 326683 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Text\aioweb.dat 180774 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Visual 0 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Visual\11182010.dat 250350775 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Visual\11192010.dat 19704624 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Visual\11202010.dat 17624834 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Visual\11212010.dat 96345195 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Visual\11222010.dat 29992821 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Visual\11242010.dat 139160787 bytes
File C:\Program Files\Xivpvlkljuhbh\Log\Visual\11252010.dat 11879152 bytes
File C:\Program Files\Xivpvlkljuhbh\unins000.dat 17888 bytes
File C:\Program Files\Xivpvlkljuhbh\unins000.exe 708211 bytes
File C:\Windows\System32\mskRniern.dll 151552 bytes executable
---- EOF - GMER 1.0.15 ----