croquis
-
Compteur de contenus
270 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par croquis
-
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Voici le log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:56:04, on 5/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcourrier.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201170073125 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 3905 bytes -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut, Le rapport de GMER sur le scan des processus (uniquement) a la blancheur des neiges éternelles... Sans doute est-ce là une bonne nouvelle..? Au fait cet après-midi, j'ai désinstallé (avec succès cette fois) Antivir qui était corrompu puis je l'ai réinstallé. Aucun problème; j'ai même commencé un scan sans difficulté. Le seul hic constaté c'est qu'il lui est apparemment impossible de rechercher les updates... (la fenêtre "scan for updates" s'ouvre et puis rien n'avance dans la barre d'avancement) Cordialement Croquis -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Oui elle semble en forme! Log HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:09:41, on 5/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcourrier.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201170073125 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 3938 bytes -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut, Voici le log: ComboFix 10-03-04.05 - Administrateur 05/03/2010 15:54:59.2.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.32.1036.18.247.123 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFscript.txt.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\drivers\ezlwy.sys" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_owsqckcsbnkr ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-05 au 2010-03-05 )))))))))))))))))))))))))))))))))))) . 2010-03-05 14:17 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-03-05 14:17 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-03-05 14:17 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-03-05 14:17 . 2010-03-05 14:17 -------- d-----w- c:\program files\Avira 2010-03-05 14:17 . 2010-03-05 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-03-05 11:07 . 2010-03-05 11:16 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-03-04 09:04 . 2010-03-04 09:04 -------- d-----w- c:\program files\CCleaner 2010-03-03 11:07 . 2010-03-03 11:08 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp 2010-03-03 10:07 . 2010-03-03 10:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-03-03 10:02 . 2010-03-03 10:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-03-03 09:44 . 2010-03-03 09:44 -------- d-----w- C:\_OTM 2010-03-02 11:10 . 2010-03-02 11:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-03-02 11:10 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-02 11:10 . 2010-03-02 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-02 11:10 . 2010-03-02 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-02 11:10 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-02 10:25 . 2010-03-02 10:25 -------- d-----w- C:\rsit 2010-03-02 10:14 . 2010-03-02 10:14 -------- d-----w- c:\program files\Trend Micro 2010-03-02 09:21 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-03-01 14:24 . 2010-03-04 08:26 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google 2010-03-01 14:23 . 2010-03-03 10:02 -------- d-----w- c:\program files\Google . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-01 12:37 . 2010-01-25 10:03 3774 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{55C90349-0475-44C4-B8BA-06CF4438AC8A}\_bb32ea6.exe 2010-03-01 12:37 . 2010-01-25 10:03 3774 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{55C90349-0475-44C4-B8BA-06CF4438AC8A}\_12db153c.exe 2010-01-25 10:25 . 2008-01-24 10:58 -------- d-----w- c:\program files\Windows Media Connect 2 2010-01-25 10:05 . 2008-01-23 13:11 12328 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-25 10:03 . 2010-01-25 10:03 -------- d-----w- c:\program files\Mardon Software 2010-01-25 09:46 . 2006-03-02 12:00 85022 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-25 09:46 . 2006-03-02 12:00 511066 ----a-w- c:\windows\system32\perfh00C.dat . ((((((((((((((((((((((((((((( SnapShot@2010-03-05_10.59.30 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-05 14:17 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys - 2010-03-02 09:21 . 2009-05-11 08:11 28520 c:\windows\system32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-01 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\avscan.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/03/2010 15:17 108289] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/03/2010 11:02 135664] . Contenu du dossier 'Tâches planifiées' 2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 10:02] 2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 10:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.netcourrier.com/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-05 16:01 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2472) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe . ************************************************************************** . Heure de fin: 2010-03-05 16:04:29 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-05 15:04 ComboFix2.txt 2010-03-05 11:01 Avant-CF: 34.418.987.008 octets libres Après-CF: 34.416.582.656 octets libres - - End Of File - - 861AE904A426A30B40FBEA314BB79B7D -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Oups un souci: Lors du démarrage de comboFix (suite au glissement du fichier téléchargé) le message suivant apparaît: "Etiez-vous en train d'exécuter CFSript? Le nom CFScript semble être mal écrit." Je clique OK (pas d'autre choix possible) et la fenêtre ComboFix se ferme sans lancer le scan... Quid? -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut! Rapport de ComboFix: ComboFix 10-03-04.05 - Administrateur 05/03/2010 11:52:41.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.32.1036.18.247.103 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\10.scr c:\windows\system32\crt.dat c:\windows\system32\drivers\ezlwy.sys c:\windows\system32\drivers\str.sys c:\windows\win7.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OWSQCKCSBNKR ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-05 au 2010-03-05 )))))))))))))))))))))))))))))))))))) . 2010-03-05 07:55 . 2010-03-05 07:58 -------- d-----w- c:\windows\LastGood.Tmp 2010-03-04 09:04 . 2010-03-04 09:04 -------- d-----w- c:\program files\CCleaner 2010-03-03 11:07 . 2010-03-03 11:08 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp 2010-03-03 10:07 . 2010-03-03 10:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-03-03 10:02 . 2010-03-03 10:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-03-03 09:44 . 2010-03-03 09:44 -------- d-----w- C:\_OTM 2010-03-02 11:10 . 2010-03-02 11:10 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-03-02 11:10 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-02 11:10 . 2010-03-02 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-02 11:10 . 2010-03-02 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-02 11:10 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-02 10:25 . 2010-03-02 10:25 -------- d-----w- C:\rsit 2010-03-02 10:14 . 2010-03-02 10:14 -------- d-----w- c:\program files\Trend Micro 2010-03-02 09:21 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-03-02 09:21 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-03-02 09:21 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-03-02 09:21 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-03-02 09:21 . 2010-03-02 09:21 -------- d-----w- c:\program files\Avira 2010-03-02 09:21 . 2010-03-02 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-03-01 14:24 . 2010-03-04 08:26 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google 2010-03-01 14:23 . 2010-03-03 10:02 -------- d-----w- c:\program files\Google . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-01 12:37 . 2010-01-25 10:03 3774 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{55C90349-0475-44C4-B8BA-06CF4438AC8A}\_bb32ea6.exe 2010-03-01 12:37 . 2010-01-25 10:03 3774 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{55C90349-0475-44C4-B8BA-06CF4438AC8A}\_12db153c.exe 2010-01-25 10:25 . 2008-01-24 10:58 -------- d-----w- c:\program files\Windows Media Connect 2 2010-01-25 10:05 . 2008-01-23 13:11 12328 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-25 10:03 . 2010-01-25 10:03 -------- d-----w- c:\program files\Mardon Software 2010-01-25 09:46 . 2006-03-02 12:00 85022 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-25 09:46 . 2006-03-02 12:00 511066 ----a-w- c:\windows\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-01 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 209665] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2/03/2010 10:21 108289] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/03/2010 11:02 135664] S2 owsqckcsbnkr;owsqckcsbnkr;\??\c:\windows\system32\drivers\ezlwy.sys --> c:\windows\system32\drivers\ezlwy.sys [?] . Contenu du dossier 'Tâches planifiées' 2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 10:02] 2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 10:02] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.netcourrier.com/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-05 12:00 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3192) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2010-03-05 12:01:44 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-05 11:01 Avant-CF: 34.668.621.824 octets libres Après-CF: 34.735.448.064 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - 145686AF7BF54B38547E2CDA1DA79294 -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Eh bien non toujours pas de C:\windows\system32\drivers\str.sys -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Au temps pour moi! -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut Falkra, Je suis bien perplexe .... impossible de mettre la main sur C:\windows\system32\drivers\str.sys J'ai pourtant cliqué au préalable sur afficher les fichiers et dossiers cachés... Croquis -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut Effectivement j'ai eu droit à un "warning" (attendu d'ailleurs) avant et après le scan... --> Dois-je fermer le programme GMER? --> Voici donc le log "Ark.txt" demandé: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-04 12:07:54 Windows 5.1.2600 Service Pack 2 Running: zsq8ym6e.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pglcraoc.sys ---- System - GMER 1.0.15 ---- SSDT F20E0B3E ZwCreateKey SSDT F20E0B34 ZwCreateThread SSDT F20E0B43 ZwDeleteKey SSDT F20E0B4D ZwDeleteValueKey SSDT F20E0B52 ZwLoadKey SSDT F20E0B20 ZwOpenProcess SSDT F20E0B25 ZwOpenThread SSDT F20E0B5C ZwReplaceKey SSDT F20E0B57 ZwRestoreKey SSDT F20E0B48 ZwSetValueKey SSDT F20E0B2F ZwTerminateProcess INT 0x73 ? FEA7090C INT 0x93 ? FEA79624 INT 0xA3 ? FEAC81A4 INT 0xA4 ? FE94DDD4 ---- Devices - GMER 1.0.15 ---- Device \Driver\owsqckcsbnkr \Device\{9DD6AFA1-8646-4720-836B-EDCB1085864A} 000006B8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:1024] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E System [4.1024] ZwCreateKey SSDT F20E0B34 System [4.1024] ZwCreateThread SSDT F20E0B43 System [4.1024] ZwDeleteKey SSDT 000006B8 System [4.1024] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 System [4.1024] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 System [4.1024] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 System [4.1024] ZwLoadKey SSDT 000006B8 System [4.1024] ZwOpenKey [0xB296910F] SSDT 000006B8 System [4.1024] ZwOpenProcess [0xB2968E79] SSDT 000006B8 System [4.1024] ZwOpenThread [0xB2968F01] SSDT 000006B8 System [4.1024] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 System [4.1024] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 System [4.1024] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 System [4.1024] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C System [4.1024] ZwReplaceKey SSDT F20E0B57 System [4.1024] ZwRestoreKey SSDT 000006B8 System [4.1024] ZwSetContextThread [0xB29690AC] SSDT 000006B8 System [4.1024] ZwSetValueKey [0xB2969413] SSDT 000006B8 System [4.1024] ZwSuspendThread [0xB2969049] SSDT F20E0B2F System [4.1024] ZwTerminateProcess SSDT 000006B8 System [4.1024] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 System [4.1024] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread System [4:1028] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E System [4.1028] ZwCreateKey SSDT F20E0B34 System [4.1028] ZwCreateThread SSDT F20E0B43 System [4.1028] ZwDeleteKey SSDT 000006B8 System [4.1028] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 System [4.1028] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 System [4.1028] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 System [4.1028] ZwLoadKey SSDT 000006B8 System [4.1028] ZwOpenKey [0xB296910F] SSDT 000006B8 System [4.1028] ZwOpenProcess [0xB2968E79] SSDT 000006B8 System [4.1028] ZwOpenThread [0xB2968F01] SSDT 000006B8 System [4.1028] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 System [4.1028] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 System [4.1028] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 System [4.1028] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C System [4.1028] ZwReplaceKey SSDT F20E0B57 System [4.1028] ZwRestoreKey SSDT 000006B8 System [4.1028] ZwSetContextThread [0xB29690AC] SSDT 000006B8 System [4.1028] ZwSetValueKey [0xB2969413] SSDT 000006B8 System [4.1028] ZwSuspendThread [0xB2969049] SSDT F20E0B2F System [4.1028] ZwTerminateProcess SSDT 000006B8 System [4.1028] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 System [4.1028] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread System [4:1792] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E System [4.1792] ZwCreateKey SSDT F20E0B34 System [4.1792] ZwCreateThread SSDT F20E0B43 System [4.1792] ZwDeleteKey SSDT 000006B8 System [4.1792] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 System [4.1792] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 System [4.1792] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 System [4.1792] ZwLoadKey SSDT 000006B8 System [4.1792] ZwOpenKey [0xB296910F] SSDT 000006B8 System [4.1792] ZwOpenProcess [0xB2968E79] SSDT 000006B8 System [4.1792] ZwOpenThread [0xB2968F01] SSDT 000006B8 System [4.1792] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 System [4.1792] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 System [4.1792] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 System [4.1792] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C System [4.1792] ZwReplaceKey SSDT F20E0B57 System [4.1792] ZwRestoreKey SSDT 000006B8 System [4.1792] ZwSetContextThread [0xB29690AC] SSDT 000006B8 System [4.1792] ZwSetValueKey [0xB2969413] SSDT 000006B8 System [4.1792] ZwSuspendThread [0xB2969049] SSDT F20E0B2F System [4.1792] ZwTerminateProcess SSDT 000006B8 System [4.1792] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 System [4.1792] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread System [4:348] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E System [4.348] ZwCreateKey SSDT F20E0B34 System [4.348] ZwCreateThread SSDT F20E0B43 System [4.348] ZwDeleteKey SSDT 000006B8 System [4.348] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 System [4.348] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 System [4.348] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 System [4.348] ZwLoadKey SSDT 000006B8 System [4.348] ZwOpenKey [0xB296910F] SSDT 000006B8 System [4.348] ZwOpenProcess [0xB2968E79] SSDT 000006B8 System [4.348] ZwOpenThread [0xB2968F01] SSDT 000006B8 System [4.348] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 System [4.348] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 System [4.348] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 System [4.348] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C System [4.348] ZwReplaceKey SSDT F20E0B57 System [4.348] ZwRestoreKey SSDT 000006B8 System [4.348] ZwSetContextThread [0xB29690AC] SSDT 000006B8 System [4.348] ZwSetValueKey [0xB2969413] SSDT 000006B8 System [4.348] ZwSuspendThread [0xB2969049] SSDT F20E0B2F System [4.348] ZwTerminateProcess SSDT 000006B8 System [4.348] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 System [4.348] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread System [4:352] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E System [4.352] ZwCreateKey SSDT F20E0B34 System [4.352] ZwCreateThread SSDT F20E0B43 System [4.352] ZwDeleteKey SSDT 000006B8 System [4.352] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 System [4.352] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 System [4.352] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 System [4.352] ZwLoadKey SSDT 000006B8 System [4.352] ZwOpenKey [0xB296910F] SSDT 000006B8 System [4.352] ZwOpenProcess [0xB2968E79] SSDT 000006B8 System [4.352] ZwOpenThread [0xB2968F01] SSDT 000006B8 System [4.352] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 System [4.352] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 System [4.352] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 System [4.352] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C System [4.352] ZwReplaceKey SSDT F20E0B57 System [4.352] ZwRestoreKey SSDT 000006B8 System [4.352] ZwSetContextThread [0xB29690AC] SSDT 000006B8 System [4.352] ZwSetValueKey [0xB2969413] SSDT 000006B8 System [4.352] ZwSuspendThread [0xB2969049] SSDT F20E0B2F System [4.352] ZwTerminateProcess SSDT 000006B8 System [4.352] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 System [4.352] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread System [4:1692] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E System [4.1692] ZwCreateKey SSDT F20E0B34 System [4.1692] ZwCreateThread SSDT F20E0B43 System [4.1692] ZwDeleteKey SSDT 000006B8 System [4.1692] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 System [4.1692] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 System [4.1692] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 System [4.1692] ZwLoadKey SSDT 000006B8 System [4.1692] ZwOpenKey [0xB296910F] SSDT 000006B8 System [4.1692] ZwOpenProcess [0xB2968E79] SSDT 000006B8 System [4.1692] ZwOpenThread [0xB2968F01] SSDT 000006B8 System [4.1692] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 System [4.1692] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 System [4.1692] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 System [4.1692] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C System [4.1692] ZwReplaceKey SSDT F20E0B57 System [4.1692] ZwRestoreKey SSDT 000006B8 System [4.1692] ZwSetContextThread [0xB29690AC] SSDT 000006B8 System [4.1692] ZwSetValueKey [0xB2969413] SSDT 000006B8 System [4.1692] ZwSuspendThread [0xB2969049] SSDT F20E0B2F System [4.1692] ZwTerminateProcess SSDT 000006B8 System [4.1692] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 System [4.1692] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread System [4:1840] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E System [4.1840] ZwCreateKey SSDT F20E0B34 System [4.1840] ZwCreateThread SSDT F20E0B43 System [4.1840] ZwDeleteKey SSDT 000006B8 System [4.1840] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 System [4.1840] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 System [4.1840] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 System [4.1840] ZwLoadKey SSDT 000006B8 System [4.1840] ZwOpenKey [0xB296910F] SSDT 000006B8 System [4.1840] ZwOpenProcess [0xB2968E79] SSDT 000006B8 System [4.1840] ZwOpenThread [0xB2968F01] SSDT 000006B8 System [4.1840] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 System [4.1840] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 System [4.1840] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 System [4.1840] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C System [4.1840] ZwReplaceKey SSDT F20E0B57 System [4.1840] ZwRestoreKey SSDT 000006B8 System [4.1840] ZwSetContextThread [0xB29690AC] SSDT 000006B8 System [4.1840] ZwSetValueKey [0xB2969413] SSDT 000006B8 System [4.1840] ZwSuspendThread [0xB2969049] SSDT F20E0B2F System [4.1840] ZwTerminateProcess SSDT 000006B8 System [4.1840] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 System [4.1840] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread System [4:3688] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E System [4.3688] ZwCreateKey SSDT F20E0B34 System [4.3688] ZwCreateThread SSDT F20E0B43 System [4.3688] ZwDeleteKey SSDT 000006B8 System [4.3688] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 System [4.3688] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 System [4.3688] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 System [4.3688] ZwLoadKey SSDT 000006B8 System [4.3688] ZwOpenKey [0xB296910F] SSDT 000006B8 System [4.3688] ZwOpenProcess [0xB2968E79] SSDT 000006B8 System [4.3688] ZwOpenThread [0xB2968F01] SSDT 000006B8 System [4.3688] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 System [4.3688] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 System [4.3688] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 System [4.3688] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C System [4.3688] ZwReplaceKey SSDT F20E0B57 System [4.3688] ZwRestoreKey SSDT 000006B8 System [4.3688] ZwSetContextThread [0xB29690AC] SSDT 000006B8 System [4.3688] ZwSetValueKey [0xB2969413] SSDT 000006B8 System [4.3688] ZwSuspendThread [0xB2969049] SSDT F20E0B2F System [4.3688] ZwTerminateProcess SSDT 000006B8 System [4.3688] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 System [4.3688] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread GoogleToolbarNotifier.exe [164:768] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E GoogleToolbarNotifier.exe [164.768] ZwCreateKey SSDT F20E0B34 GoogleToolbarNotifier.exe [164.768] ZwCreateThread SSDT F20E0B43 GoogleToolbarNotifier.exe [164.768] ZwDeleteKey SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 GoogleToolbarNotifier.exe [164.768] ZwLoadKey SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwOpenKey [0xB296910F] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwOpenProcess [0xB2968E79] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwOpenThread [0xB2968F01] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C GoogleToolbarNotifier.exe [164.768] ZwReplaceKey SSDT F20E0B57 GoogleToolbarNotifier.exe [164.768] ZwRestoreKey SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwSetContextThread [0xB29690AC] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwSetValueKey [0xB2969413] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwSuspendThread [0xB2969049] SSDT F20E0B2F GoogleToolbarNotifier.exe [164.768] ZwTerminateProcess SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread GoogleToolbarNotifier.exe [164:1896] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E GoogleToolbarNotifier.exe [164.1896] ZwCreateKey SSDT F20E0B34 GoogleToolbarNotifier.exe [164.1896] ZwCreateThread SSDT F20E0B43 GoogleToolbarNotifier.exe [164.1896] ZwDeleteKey SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 GoogleToolbarNotifier.exe [164.1896] ZwLoadKey SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwOpenKey [0xB296910F] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwOpenProcess [0xB2968E79] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwOpenThread [0xB2968F01] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C GoogleToolbarNotifier.exe [164.1896] ZwReplaceKey SSDT F20E0B57 GoogleToolbarNotifier.exe [164.1896] ZwRestoreKey SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwSetContextThread [0xB29690AC] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwSetValueKey [0xB2969413] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwSuspendThread [0xB2969049] SSDT F20E0B2F GoogleToolbarNotifier.exe [164.1896] ZwTerminateProcess SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread GoogleToolbarNotifier.exe [164:2208] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E GoogleToolbarNotifier.exe [164.2208] ZwCreateKey SSDT F20E0B34 GoogleToolbarNotifier.exe [164.2208] ZwCreateThread SSDT F20E0B43 GoogleToolbarNotifier.exe [164.2208] ZwDeleteKey SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 GoogleToolbarNotifier.exe [164.2208] ZwLoadKey SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwOpenKey [0xB296910F] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwOpenProcess [0xB2968E79] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwOpenThread [0xB2968F01] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C GoogleToolbarNotifier.exe [164.2208] ZwReplaceKey SSDT F20E0B57 GoogleToolbarNotifier.exe [164.2208] ZwRestoreKey SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwSetContextThread [0xB29690AC] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwSetValueKey [0xB2969413] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwSuspendThread [0xB2969049] SSDT F20E0B2F GoogleToolbarNotifier.exe [164.2208] ZwTerminateProcess SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread alg.exe [520:532] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E alg.exe [520.532] ZwCreateKey SSDT F20E0B34 alg.exe [520.532] ZwCreateThread SSDT F20E0B43 alg.exe [520.532] ZwDeleteKey SSDT 000006B8 alg.exe [520.532] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 alg.exe [520.532] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 alg.exe [520.532] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 alg.exe [520.532] ZwLoadKey SSDT 000006B8 alg.exe [520.532] ZwOpenKey [0xB296910F] SSDT 000006B8 alg.exe [520.532] ZwOpenProcess [0xB2968E79] SSDT 000006B8 alg.exe [520.532] ZwOpenThread [0xB2968F01] SSDT 000006B8 alg.exe [520.532] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 alg.exe [520.532] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 alg.exe [520.532] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 alg.exe [520.532] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C alg.exe [520.532] ZwReplaceKey SSDT F20E0B57 alg.exe [520.532] ZwRestoreKey SSDT 000006B8 alg.exe [520.532] ZwSetContextThread [0xB29690AC] SSDT 000006B8 alg.exe [520.532] ZwSetValueKey [0xB2969413] SSDT 000006B8 alg.exe [520.532] ZwSuspendThread [0xB2969049] SSDT F20E0B2F alg.exe [520.532] ZwTerminateProcess SSDT 000006B8 alg.exe [520.532] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 alg.exe [520.532] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread alg.exe [520:904] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E alg.exe [520.904] ZwCreateKey SSDT F20E0B34 alg.exe [520.904] ZwCreateThread SSDT F20E0B43 alg.exe [520.904] ZwDeleteKey SSDT 000006B8 alg.exe [520.904] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 alg.exe [520.904] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 alg.exe [520.904] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 alg.exe [520.904] ZwLoadKey SSDT 000006B8 alg.exe [520.904] ZwOpenKey [0xB296910F] SSDT 000006B8 alg.exe [520.904] ZwOpenProcess [0xB2968E79] SSDT 000006B8 alg.exe [520.904] ZwOpenThread [0xB2968F01] SSDT 000006B8 alg.exe [520.904] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 alg.exe [520.904] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 alg.exe [520.904] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 alg.exe [520.904] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C alg.exe [520.904] ZwReplaceKey SSDT F20E0B57 alg.exe [520.904] ZwRestoreKey SSDT 000006B8 alg.exe [520.904] ZwSetContextThread [0xB29690AC] SSDT 000006B8 alg.exe [520.904] ZwSetValueKey [0xB2969413] SSDT 000006B8 alg.exe [520.904] ZwSuspendThread [0xB2969049] SSDT F20E0B2F alg.exe [520.904] ZwTerminateProcess SSDT 000006B8 alg.exe [520.904] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 alg.exe [520.904] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread alg.exe [520:780] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E alg.exe [520.780] ZwCreateKey SSDT F20E0B34 alg.exe [520.780] ZwCreateThread SSDT F20E0B43 alg.exe [520.780] ZwDeleteKey SSDT 000006B8 alg.exe [520.780] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 alg.exe [520.780] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 alg.exe [520.780] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 alg.exe [520.780] ZwLoadKey SSDT 000006B8 alg.exe [520.780] ZwOpenKey [0xB296910F] SSDT 000006B8 alg.exe [520.780] ZwOpenProcess [0xB2968E79] SSDT 000006B8 alg.exe [520.780] ZwOpenThread [0xB2968F01] SSDT 000006B8 alg.exe [520.780] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 alg.exe [520.780] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 alg.exe [520.780] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 alg.exe [520.780] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C alg.exe [520.780] ZwReplaceKey SSDT F20E0B57 alg.exe [520.780] ZwRestoreKey SSDT 000006B8 alg.exe [520.780] ZwSetContextThread [0xB29690AC] SSDT 000006B8 alg.exe [520.780] ZwSetValueKey [0xB2969413] SSDT 000006B8 alg.exe [520.780] ZwSuspendThread [0xB2969049] SSDT F20E0B2F alg.exe [520.780] ZwTerminateProcess SSDT 000006B8 alg.exe [520.780] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 alg.exe [520.780] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread alg.exe [520:1000] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E alg.exe [520.1000] ZwCreateKey SSDT F20E0B34 alg.exe [520.1000] ZwCreateThread SSDT F20E0B43 alg.exe [520.1000] ZwDeleteKey SSDT 000006B8 alg.exe [520.1000] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 alg.exe [520.1000] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 alg.exe [520.1000] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 alg.exe [520.1000] ZwLoadKey SSDT 000006B8 alg.exe [520.1000] ZwOpenKey [0xB296910F] SSDT 000006B8 alg.exe [520.1000] ZwOpenProcess [0xB2968E79] SSDT 000006B8 alg.exe [520.1000] ZwOpenThread [0xB2968F01] SSDT 000006B8 alg.exe [520.1000] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 alg.exe [520.1000] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 alg.exe [520.1000] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 alg.exe [520.1000] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C alg.exe [520.1000] ZwReplaceKey SSDT F20E0B57 alg.exe [520.1000] ZwRestoreKey SSDT 000006B8 alg.exe [520.1000] ZwSetContextThread [0xB29690AC] SSDT 000006B8 alg.exe [520.1000] ZwSetValueKey [0xB2969413] SSDT 000006B8 alg.exe [520.1000] ZwSuspendThread [0xB2969049] SSDT F20E0B2F alg.exe [520.1000] ZwTerminateProcess SSDT 000006B8 alg.exe [520.1000] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 alg.exe [520.1000] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread alg.exe [520:692] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E alg.exe [520.692] ZwCreateKey SSDT F20E0B34 alg.exe [520.692] ZwCreateThread SSDT F20E0B43 alg.exe [520.692] ZwDeleteKey SSDT 000006B8 alg.exe [520.692] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 alg.exe [520.692] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 alg.exe [520.692] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 alg.exe [520.692] ZwLoadKey SSDT 000006B8 alg.exe [520.692] ZwOpenKey [0xB296910F] SSDT 000006B8 alg.exe [520.692] ZwOpenProcess [0xB2968E79] SSDT 000006B8 alg.exe [520.692] ZwOpenThread [0xB2968F01] SSDT 000006B8 alg.exe [520.692] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 alg.exe [520.692] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 alg.exe [520.692] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 alg.exe [520.692] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C alg.exe [520.692] ZwReplaceKey SSDT F20E0B57 alg.exe [520.692] ZwRestoreKey SSDT 000006B8 alg.exe [520.692] ZwSetContextThread [0xB29690AC] SSDT 000006B8 alg.exe [520.692] ZwSetValueKey [0xB2969413] SSDT 000006B8 alg.exe [520.692] ZwSuspendThread [0xB2969049] SSDT F20E0B2F alg.exe [520.692] ZwTerminateProcess SSDT 000006B8 alg.exe [520.692] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 alg.exe [520.692] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread alg.exe [520:1536] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E alg.exe [520.1536] ZwCreateKey SSDT F20E0B34 alg.exe [520.1536] ZwCreateThread SSDT F20E0B43 alg.exe [520.1536] ZwDeleteKey SSDT 000006B8 alg.exe [520.1536] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 alg.exe [520.1536] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 alg.exe [520.1536] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 alg.exe [520.1536] ZwLoadKey SSDT 000006B8 alg.exe [520.1536] ZwOpenKey [0xB296910F] SSDT 000006B8 alg.exe [520.1536] ZwOpenProcess [0xB2968E79] SSDT 000006B8 alg.exe [520.1536] ZwOpenThread [0xB2968F01] SSDT 000006B8 alg.exe [520.1536] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 alg.exe [520.1536] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 alg.exe [520.1536] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 alg.exe [520.1536] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C alg.exe [520.1536] ZwReplaceKey SSDT F20E0B57 alg.exe [520.1536] ZwRestoreKey SSDT 000006B8 alg.exe [520.1536] ZwSetContextThread [0xB29690AC] SSDT 000006B8 alg.exe [520.1536] ZwSetValueKey [0xB2969413] SSDT 000006B8 alg.exe [520.1536] ZwSuspendThread [0xB2969049] SSDT F20E0B2F alg.exe [520.1536] ZwTerminateProcess SSDT 000006B8 alg.exe [520.1536] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 alg.exe [520.1536] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [620:628] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E csrss.exe [620.628] ZwCreateKey SSDT F20E0B34 csrss.exe [620.628] ZwCreateThread SSDT F20E0B43 csrss.exe [620.628] ZwDeleteKey SSDT 000006B8 csrss.exe [620.628] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 csrss.exe [620.628] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 csrss.exe [620.628] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 csrss.exe [620.628] ZwLoadKey SSDT 000006B8 csrss.exe [620.628] ZwOpenKey [0xB296910F] SSDT 000006B8 csrss.exe [620.628] ZwOpenProcess [0xB2968E79] SSDT 000006B8 csrss.exe [620.628] ZwOpenThread [0xB2968F01] SSDT 000006B8 csrss.exe [620.628] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 csrss.exe [620.628] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 csrss.exe [620.628] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 csrss.exe [620.628] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C csrss.exe [620.628] ZwReplaceKey SSDT F20E0B57 csrss.exe [620.628] ZwRestoreKey SSDT 000006B8 csrss.exe [620.628] ZwSetContextThread [0xB29690AC] SSDT 000006B8 csrss.exe [620.628] ZwSetValueKey [0xB2969413] SSDT 000006B8 csrss.exe [620.628] ZwSuspendThread [0xB2969049] SSDT F20E0B2F csrss.exe [620.628] ZwTerminateProcess SSDT 000006B8 csrss.exe [620.628] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 csrss.exe [620.628] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread csrss.exe [620:1772] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E csrss.exe [620.1772] ZwCreateKey SSDT F20E0B34 csrss.exe [620.1772] ZwCreateThread SSDT F20E0B43 csrss.exe [620.1772] ZwDeleteKey SSDT 000006B8 csrss.exe [620.1772] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 csrss.exe [620.1772] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 csrss.exe [620.1772] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 csrss.exe [620.1772] ZwLoadKey SSDT 000006B8 csrss.exe [620.1772] ZwOpenKey [0xB296910F] SSDT 000006B8 csrss.exe [620.1772] ZwOpenProcess [0xB2968E79] SSDT 000006B8 csrss.exe [620.1772] ZwOpenThread [0xB2968F01] SSDT 000006B8 csrss.exe [620.1772] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 csrss.exe [620.1772] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 csrss.exe [620.1772] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 csrss.exe [620.1772] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C csrss.exe [620.1772] ZwReplaceKey SSDT F20E0B57 csrss.exe [620.1772] ZwRestoreKey SSDT 000006B8 csrss.exe [620.1772] ZwSetContextThread [0xB29690AC] SSDT 000006B8 csrss.exe [620.1772] ZwSetValueKey [0xB2969413] SSDT 000006B8 csrss.exe [620.1772] ZwSuspendThread [0xB2969049] SSDT F20E0B2F csrss.exe [620.1772] ZwTerminateProcess SSDT 000006B8 csrss.exe [620.1772] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 csrss.exe [620.1772] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [644:1728] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E winlogon.exe [644.1728] ZwCreateKey SSDT F20E0B34 winlogon.exe [644.1728] ZwCreateThread SSDT F20E0B43 winlogon.exe [644.1728] ZwDeleteKey SSDT 000006B8 winlogon.exe [644.1728] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 winlogon.exe [644.1728] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 winlogon.exe [644.1728] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 winlogon.exe [644.1728] ZwLoadKey SSDT 000006B8 winlogon.exe [644.1728] ZwOpenKey [0xB296910F] SSDT 000006B8 winlogon.exe [644.1728] ZwOpenProcess [0xB2968E79] SSDT 000006B8 winlogon.exe [644.1728] ZwOpenThread [0xB2968F01] SSDT 000006B8 winlogon.exe [644.1728] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 winlogon.exe [644.1728] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 winlogon.exe [644.1728] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 winlogon.exe [644.1728] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C winlogon.exe [644.1728] ZwReplaceKey SSDT F20E0B57 winlogon.exe [644.1728] ZwRestoreKey SSDT 000006B8 winlogon.exe [644.1728] ZwSetContextThread [0xB29690AC] SSDT 000006B8 winlogon.exe [644.1728] ZwSetValueKey [0xB2969413] SSDT 000006B8 winlogon.exe [644.1728] ZwSuspendThread [0xB2969049] SSDT F20E0B2F winlogon.exe [644.1728] ZwTerminateProcess SSDT 000006B8 winlogon.exe [644.1728] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 winlogon.exe [644.1728] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [644:2344] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E winlogon.exe [644.2344] ZwCreateKey SSDT F20E0B34 winlogon.exe [644.2344] ZwCreateThread SSDT F20E0B43 winlogon.exe [644.2344] ZwDeleteKey SSDT 000006B8 winlogon.exe [644.2344] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 winlogon.exe [644.2344] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 winlogon.exe [644.2344] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 winlogon.exe [644.2344] ZwLoadKey SSDT 000006B8 winlogon.exe [644.2344] ZwOpenKey [0xB296910F] SSDT 000006B8 winlogon.exe [644.2344] ZwOpenProcess [0xB2968E79] SSDT 000006B8 winlogon.exe [644.2344] ZwOpenThread [0xB2968F01] SSDT 000006B8 winlogon.exe [644.2344] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 winlogon.exe [644.2344] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 winlogon.exe [644.2344] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 winlogon.exe [644.2344] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C winlogon.exe [644.2344] ZwReplaceKey SSDT F20E0B57 winlogon.exe [644.2344] ZwRestoreKey SSDT 000006B8 winlogon.exe [644.2344] ZwSetContextThread [0xB29690AC] SSDT 000006B8 winlogon.exe [644.2344] ZwSetValueKey [0xB2969413] SSDT 000006B8 winlogon.exe [644.2344] ZwSuspendThread [0xB2969049] SSDT F20E0B2F winlogon.exe [644.2344] ZwTerminateProcess SSDT 000006B8 winlogon.exe [644.2344] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 winlogon.exe [644.2344] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [644:2352] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E winlogon.exe [644.2352] ZwCreateKey SSDT F20E0B34 winlogon.exe [644.2352] ZwCreateThread SSDT F20E0B43 winlogon.exe [644.2352] ZwDeleteKey SSDT 000006B8 winlogon.exe [644.2352] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 winlogon.exe [644.2352] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 winlogon.exe [644.2352] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 winlogon.exe [644.2352] ZwLoadKey SSDT 000006B8 winlogon.exe [644.2352] ZwOpenKey [0xB296910F] SSDT 000006B8 winlogon.exe [644.2352] ZwOpenProcess [0xB2968E79] SSDT 000006B8 winlogon.exe [644.2352] ZwOpenThread [0xB2968F01] SSDT 000006B8 winlogon.exe [644.2352] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 winlogon.exe [644.2352] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 winlogon.exe [644.2352] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 winlogon.exe [644.2352] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C winlogon.exe [644.2352] ZwReplaceKey SSDT F20E0B57 winlogon.exe [644.2352] ZwRestoreKey SSDT 000006B8 winlogon.exe [644.2352] ZwSetContextThread [0xB29690AC] SSDT 000006B8 winlogon.exe [644.2352] ZwSetValueKey [0xB2969413] SSDT 000006B8 winlogon.exe [644.2352] ZwSuspendThread [0xB2969049] SSDT F20E0B2F winlogon.exe [644.2352] ZwTerminateProcess SSDT 000006B8 winlogon.exe [644.2352] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 winlogon.exe [644.2352] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [644:2476] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E winlogon.exe [644.2476] ZwCreateKey SSDT F20E0B34 winlogon.exe [644.2476] ZwCreateThread SSDT F20E0B43 winlogon.exe [644.2476] ZwDeleteKey SSDT 000006B8 winlogon.exe [644.2476] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 winlogon.exe [644.2476] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 winlogon.exe [644.2476] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 winlogon.exe [644.2476] ZwLoadKey SSDT 000006B8 winlogon.exe [644.2476] ZwOpenKey [0xB296910F] SSDT 000006B8 winlogon.exe [644.2476] ZwOpenProcess [0xB2968E79] SSDT 000006B8 winlogon.exe [644.2476] ZwOpenThread [0xB2968F01] SSDT 000006B8 winlogon.exe [644.2476] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 winlogon.exe [644.2476] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 winlogon.exe [644.2476] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 winlogon.exe [644.2476] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C winlogon.exe [644.2476] ZwReplaceKey SSDT F20E0B57 winlogon.exe [644.2476] ZwRestoreKey SSDT 000006B8 winlogon.exe [644.2476] ZwSetContextThread [0xB29690AC] SSDT 000006B8 winlogon.exe [644.2476] ZwSetValueKey [0xB2969413] SSDT 000006B8 winlogon.exe [644.2476] ZwSuspendThread [0xB2969049] SSDT F20E0B2F winlogon.exe [644.2476] ZwTerminateProcess SSDT 000006B8 winlogon.exe [644.2476] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 winlogon.exe [644.2476] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread winlogon.exe [644:2700] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E winlogon.exe [644.2700] ZwCreateKey SSDT F20E0B34 winlogon.exe [644.2700] ZwCreateThread SSDT F20E0B43 winlogon.exe [644.2700] ZwDeleteKey SSDT 000006B8 winlogon.exe [644.2700] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 winlogon.exe [644.2700] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 winlogon.exe [644.2700] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 winlogon.exe [644.2700] ZwLoadKey SSDT 000006B8 winlogon.exe [644.2700] ZwOpenKey [0xB296910F] SSDT 000006B8 winlogon.exe [644.2700] ZwOpenProcess [0xB2968E79] SSDT 000006B8 winlogon.exe [644.2700] ZwOpenThread [0xB2968F01] SSDT 000006B8 winlogon.exe [644.2700] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 winlogon.exe [644.2700] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 winlogon.exe [644.2700] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 winlogon.exe [644.2700] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C winlogon.exe [644.2700] ZwReplaceKey SSDT F20E0B57 winlogon.exe [644.2700] ZwRestoreKey SSDT 000006B8 winlogon.exe [644.2700] ZwSetContextThread [0xB29690AC] SSDT 000006B8 winlogon.exe [644.2700] ZwSetValueKey [0xB2969413] SSDT 000006B8 winlogon.exe [644.2700] ZwSuspendThread [0xB2969049] SSDT F20E0B2F winlogon.exe [644.2700] ZwTerminateProcess SSDT 000006B8 winlogon.exe [644.2700] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 winlogon.exe [644.2700] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread services.exe [688:1104] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E services.exe [688.1104] ZwCreateKey SSDT F20E0B34 services.exe [688.1104] ZwCreateThread SSDT F20E0B43 services.exe [688.1104] ZwDeleteKey SSDT 000006B8 services.exe [688.1104] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 services.exe [688.1104] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 services.exe [688.1104] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 services.exe [688.1104] ZwLoadKey SSDT 000006B8 services.exe [688.1104] ZwOpenKey [0xB296910F] SSDT 000006B8 services.exe [688.1104] ZwOpenProcess [0xB2968E79] SSDT 000006B8 services.exe [688.1104] ZwOpenThread [0xB2968F01] SSDT 000006B8 services.exe [688.1104] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 services.exe [688.1104] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 services.exe [688.1104] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 services.exe [688.1104] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C services.exe [688.1104] ZwReplaceKey SSDT F20E0B57 services.exe [688.1104] ZwRestoreKey SSDT 000006B8 services.exe [688.1104] ZwSetContextThread [0xB29690AC] SSDT 000006B8 services.exe [688.1104] ZwSetValueKey [0xB2969413] SSDT 000006B8 services.exe [688.1104] ZwSuspendThread [0xB2969049] SSDT F20E0B2F services.exe [688.1104] ZwTerminateProcess SSDT 000006B8 services.exe [688.1104] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 services.exe [688.1104] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread services.exe [688:468] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E services.exe [688.468] ZwCreateKey SSDT F20E0B34 services.exe [688.468] ZwCreateThread SSDT F20E0B43 services.exe [688.468] ZwDeleteKey SSDT 000006B8 services.exe [688.468] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 services.exe [688.468] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 services.exe [688.468] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 services.exe [688.468] ZwLoadKey SSDT 000006B8 services.exe [688.468] ZwOpenKey [0xB296910F] SSDT 000006B8 services.exe [688.468] ZwOpenProcess [0xB2968E79] SSDT 000006B8 services.exe [688.468] ZwOpenThread [0xB2968F01] SSDT 000006B8 services.exe [688.468] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 services.exe [688.468] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 services.exe [688.468] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 services.exe [688.468] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C services.exe [688.468] ZwReplaceKey SSDT F20E0B57 services.exe [688.468] ZwRestoreKey SSDT 000006B8 services.exe [688.468] ZwSetContextThread [0xB29690AC] SSDT 000006B8 services.exe [688.468] ZwSetValueKey [0xB2969413] SSDT 000006B8 services.exe [688.468] ZwSuspendThread [0xB2969049] SSDT F20E0B2F services.exe [688.468] ZwTerminateProcess SSDT 000006B8 services.exe [688.468] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 services.exe [688.468] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread services.exe [688:436] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E services.exe [688.436] ZwCreateKey SSDT F20E0B34 services.exe [688.436] ZwCreateThread SSDT F20E0B43 services.exe [688.436] ZwDeleteKey SSDT 000006B8 services.exe [688.436] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 services.exe [688.436] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 services.exe [688.436] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 services.exe [688.436] ZwLoadKey SSDT 000006B8 services.exe [688.436] ZwOpenKey [0xB296910F] SSDT 000006B8 services.exe [688.436] ZwOpenProcess [0xB2968E79] SSDT 000006B8 services.exe [688.436] ZwOpenThread [0xB2968F01] SSDT 000006B8 services.exe [688.436] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 services.exe [688.436] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 services.exe [688.436] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 services.exe [688.436] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C services.exe [688.436] ZwReplaceKey SSDT F20E0B57 services.exe [688.436] ZwRestoreKey SSDT 000006B8 services.exe [688.436] ZwSetContextThread [0xB29690AC] SSDT 000006B8 services.exe [688.436] ZwSetValueKey [0xB2969413] SSDT 000006B8 services.exe [688.436] ZwSuspendThread [0xB2969049] SSDT F20E0B2F services.exe [688.436] ZwTerminateProcess SSDT 000006B8 services.exe [688.436] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 services.exe [688.436] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread services.exe [688:2712] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E services.exe [688.2712] ZwCreateKey SSDT F20E0B34 services.exe [688.2712] ZwCreateThread SSDT F20E0B43 services.exe [688.2712] ZwDeleteKey SSDT 000006B8 services.exe [688.2712] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 services.exe [688.2712] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 services.exe [688.2712] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 services.exe [688.2712] ZwLoadKey SSDT 000006B8 services.exe [688.2712] ZwOpenKey [0xB296910F] SSDT 000006B8 services.exe [688.2712] ZwOpenProcess [0xB2968E79] SSDT 000006B8 services.exe [688.2712] ZwOpenThread [0xB2968F01] SSDT 000006B8 services.exe [688.2712] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 services.exe [688.2712] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 services.exe [688.2712] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 services.exe [688.2712] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C services.exe [688.2712] ZwReplaceKey SSDT F20E0B57 services.exe [688.2712] ZwRestoreKey SSDT 000006B8 services.exe [688.2712] ZwSetContextThread [0xB29690AC] SSDT 000006B8 services.exe [688.2712] ZwSetValueKey [0xB2969413] SSDT 000006B8 services.exe [688.2712] ZwSuspendThread [0xB2969049] SSDT F20E0B2F services.exe [688.2712] ZwTerminateProcess SSDT 000006B8 services.exe [688.2712] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 services.exe [688.2712] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread services.exe [688:3304] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E services.exe [688.3304] ZwCreateKey SSDT F20E0B34 services.exe [688.3304] ZwCreateThread SSDT F20E0B43 services.exe [688.3304] ZwDeleteKey SSDT 000006B8 services.exe [688.3304] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 services.exe [688.3304] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 services.exe [688.3304] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 services.exe [688.3304] ZwLoadKey SSDT 000006B8 services.exe [688.3304] ZwOpenKey [0xB296910F] SSDT 000006B8 services.exe [688.3304] ZwOpenProcess [0xB2968E79] SSDT 000006B8 services.exe [688.3304] ZwOpenThread [0xB2968F01] SSDT 000006B8 services.exe [688.3304] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 services.exe [688.3304] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 services.exe [688.3304] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 services.exe [688.3304] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C services.exe [688.3304] ZwReplaceKey SSDT F20E0B57 services.exe [688.3304] ZwRestoreKey SSDT 000006B8 services.exe [688.3304] ZwSetContextThread [0xB29690AC] SSDT 000006B8 services.exe [688.3304] ZwSetValueKey [0xB2969413] SSDT 000006B8 services.exe [688.3304] ZwSuspendThread [0xB2969049] SSDT F20E0B2F services.exe [688.3304] ZwTerminateProcess SSDT 000006B8 services.exe [688.3304] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 services.exe [688.3304] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread services.exe [688:3652] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E services.exe [688.3652] ZwCreateKey SSDT F20E0B34 services.exe [688.3652] ZwCreateThread SSDT F20E0B43 services.exe [688.3652] ZwDeleteKey SSDT 000006B8 services.exe [688.3652] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 services.exe [688.3652] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 services.exe [688.3652] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 services.exe [688.3652] ZwLoadKey SSDT 000006B8 services.exe [688.3652] ZwOpenKey [0xB296910F] SSDT 000006B8 services.exe [688.3652] ZwOpenProcess [0xB2968E79] SSDT 000006B8 services.exe [688.3652] ZwOpenThread [0xB2968F01] SSDT 000006B8 services.exe [688.3652] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 services.exe [688.3652] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 services.exe [688.3652] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 services.exe [688.3652] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C services.exe [688.3652] ZwReplaceKey SSDT F20E0B57 services.exe [688.3652] ZwRestoreKey SSDT 000006B8 services.exe [688.3652] ZwSetContextThread [0xB29690AC] SSDT 000006B8 services.exe [688.3652] ZwSetValueKey [0xB2969413] SSDT 000006B8 services.exe [688.3652] ZwSuspendThread [0xB2969049] SSDT F20E0B2F services.exe [688.3652] ZwTerminateProcess SSDT 000006B8 services.exe [688.3652] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 services.exe [688.3652] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [732:612] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E lsass.exe [732.612] ZwCreateKey SSDT F20E0B34 lsass.exe [732.612] ZwCreateThread SSDT F20E0B43 lsass.exe [732.612] ZwDeleteKey SSDT 000006B8 lsass.exe [732.612] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 lsass.exe [732.612] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 lsass.exe [732.612] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 lsass.exe [732.612] ZwLoadKey SSDT 000006B8 lsass.exe [732.612] ZwOpenKey [0xB296910F] SSDT 000006B8 lsass.exe [732.612] ZwOpenProcess [0xB2968E79] SSDT 000006B8 lsass.exe [732.612] ZwOpenThread [0xB2968F01] SSDT 000006B8 lsass.exe [732.612] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 lsass.exe [732.612] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 lsass.exe [732.612] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 lsass.exe [732.612] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C lsass.exe [732.612] ZwReplaceKey SSDT F20E0B57 lsass.exe [732.612] ZwRestoreKey SSDT 000006B8 lsass.exe [732.612] ZwSetContextThread [0xB29690AC] SSDT 000006B8 lsass.exe [732.612] ZwSetValueKey [0xB2969413] SSDT 000006B8 lsass.exe [732.612] ZwSuspendThread [0xB2969049] SSDT F20E0B2F lsass.exe [732.612] ZwTerminateProcess SSDT 000006B8 lsass.exe [732.612] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 lsass.exe [732.612] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [732:1096] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E lsass.exe [732.1096] ZwCreateKey SSDT F20E0B34 lsass.exe [732.1096] ZwCreateThread SSDT F20E0B43 lsass.exe [732.1096] ZwDeleteKey SSDT 000006B8 lsass.exe [732.1096] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 lsass.exe [732.1096] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 lsass.exe [732.1096] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 lsass.exe [732.1096] ZwLoadKey SSDT 000006B8 lsass.exe [732.1096] ZwOpenKey [0xB296910F] SSDT 000006B8 lsass.exe [732.1096] ZwOpenProcess [0xB2968E79] SSDT 000006B8 lsass.exe [732.1096] ZwOpenThread [0xB2968F01] SSDT 000006B8 lsass.exe [732.1096] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 lsass.exe [732.1096] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 lsass.exe [732.1096] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 lsass.exe [732.1096] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C lsass.exe [732.1096] ZwReplaceKey SSDT F20E0B57 lsass.exe [732.1096] ZwRestoreKey SSDT 000006B8 lsass.exe [732.1096] ZwSetContextThread [0xB29690AC] SSDT 000006B8 lsass.exe [732.1096] ZwSetValueKey [0xB2969413] SSDT 000006B8 lsass.exe [732.1096] ZwSuspendThread [0xB2969049] SSDT F20E0B2F lsass.exe [732.1096] ZwTerminateProcess SSDT 000006B8 lsass.exe [732.1096] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 lsass.exe [732.1096] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [732:1108] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E lsass.exe [732.1108] ZwCreateKey SSDT F20E0B34 lsass.exe [732.1108] ZwCreateThread SSDT F20E0B43 lsass.exe [732.1108] ZwDeleteKey SSDT 000006B8 lsass.exe [732.1108] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 lsass.exe [732.1108] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 lsass.exe [732.1108] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 lsass.exe [732.1108] ZwLoadKey SSDT 000006B8 lsass.exe [732.1108] ZwOpenKey [0xB296910F] SSDT 000006B8 lsass.exe [732.1108] ZwOpenProcess [0xB2968E79] SSDT 000006B8 lsass.exe [732.1108] ZwOpenThread [0xB2968F01] SSDT 000006B8 lsass.exe [732.1108] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 lsass.exe [732.1108] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 lsass.exe [732.1108] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 lsass.exe [732.1108] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C lsass.exe [732.1108] ZwReplaceKey SSDT F20E0B57 lsass.exe [732.1108] ZwRestoreKey SSDT 000006B8 lsass.exe [732.1108] ZwSetContextThread [0xB29690AC] SSDT 000006B8 lsass.exe [732.1108] ZwSetValueKey [0xB2969413] SSDT 000006B8 lsass.exe [732.1108] ZwSuspendThread [0xB2969049] SSDT F20E0B2F lsass.exe [732.1108] ZwTerminateProcess SSDT 000006B8 lsass.exe [732.1108] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 lsass.exe [732.1108] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [732:1112] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E lsass.exe [732.1112] ZwCreateKey SSDT F20E0B34 lsass.exe [732.1112] ZwCreateThread SSDT F20E0B43 lsass.exe [732.1112] ZwDeleteKey SSDT 000006B8 lsass.exe [732.1112] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 lsass.exe [732.1112] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 lsass.exe [732.1112] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 lsass.exe [732.1112] ZwLoadKey SSDT 000006B8 lsass.exe [732.1112] ZwOpenKey [0xB296910F] SSDT 000006B8 lsass.exe [732.1112] ZwOpenProcess [0xB2968E79] SSDT 000006B8 lsass.exe [732.1112] ZwOpenThread [0xB2968F01] SSDT 000006B8 lsass.exe [732.1112] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 lsass.exe [732.1112] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 lsass.exe [732.1112] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 lsass.exe [732.1112] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C lsass.exe [732.1112] ZwReplaceKey SSDT F20E0B57 lsass.exe [732.1112] ZwRestoreKey SSDT 000006B8 lsass.exe [732.1112] ZwSetContextThread [0xB29690AC] SSDT 000006B8 lsass.exe [732.1112] ZwSetValueKey [0xB2969413] SSDT 000006B8 lsass.exe [732.1112] ZwSuspendThread [0xB2969049] SSDT F20E0B2F lsass.exe [732.1112] ZwTerminateProcess SSDT 000006B8 lsass.exe [732.1112] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 lsass.exe [732.1112] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [732:2448] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E lsass.exe [732.2448] ZwCreateKey SSDT F20E0B34 lsass.exe [732.2448] ZwCreateThread SSDT F20E0B43 lsass.exe [732.2448] ZwDeleteKey SSDT 000006B8 lsass.exe [732.2448] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 lsass.exe [732.2448] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 lsass.exe [732.2448] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 lsass.exe [732.2448] ZwLoadKey SSDT 000006B8 lsass.exe [732.2448] ZwOpenKey [0xB296910F] SSDT 000006B8 lsass.exe [732.2448] ZwOpenProcess [0xB2968E79] SSDT 000006B8 lsass.exe [732.2448] ZwOpenThread [0xB2968F01] SSDT 000006B8 lsass.exe [732.2448] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 lsass.exe [732.2448] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 lsass.exe [732.2448] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 lsass.exe [732.2448] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C lsass.exe [732.2448] ZwReplaceKey SSDT F20E0B57 lsass.exe [732.2448] ZwRestoreKey SSDT 000006B8 lsass.exe [732.2448] ZwSetContextThread [0xB29690AC] SSDT 000006B8 lsass.exe [732.2448] ZwSetValueKey [0xB2969413] SSDT 000006B8 lsass.exe [732.2448] ZwSuspendThread [0xB2969049] SSDT F20E0B2F lsass.exe [732.2448] ZwTerminateProcess SSDT 000006B8 lsass.exe [732.2448] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 lsass.exe [732.2448] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread lsass.exe [732:2612] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E lsass.exe [732.2612] ZwCreateKey SSDT F20E0B34 lsass.exe [732.2612] ZwCreateThread SSDT F20E0B43 lsass.exe [732.2612] ZwDeleteKey SSDT 000006B8 lsass.exe [732.2612] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 lsass.exe [732.2612] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 lsass.exe [732.2612] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 lsass.exe [732.2612] ZwLoadKey SSDT 000006B8 lsass.exe [732.2612] ZwOpenKey [0xB296910F] SSDT 000006B8 lsass.exe [732.2612] ZwOpenProcess [0xB2968E79] SSDT 000006B8 lsass.exe [732.2612] ZwOpenThread [0xB2968F01] SSDT 000006B8 lsass.exe [732.2612] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 lsass.exe [732.2612] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 lsass.exe [732.2612] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 lsass.exe [732.2612] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C lsass.exe [732.2612] ZwReplaceKey SSDT F20E0B57 lsass.exe [732.2612] ZwRestoreKey SSDT 000006B8 lsass.exe [732.2612] ZwSetContextThread [0xB29690AC] SSDT 000006B8 lsass.exe [732.2612] ZwSetValueKey [0xB2969413] SSDT 000006B8 lsass.exe [732.2612] ZwSuspendThread [0xB2969049] SSDT F20E0B2F lsass.exe [732.2612] ZwTerminateProcess SSDT 000006B8 lsass.exe [732.2612] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 lsass.exe [732.2612] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:624] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.624] ZwCreateKey SSDT F20E0B34 svchost.exe [884.624] ZwCreateThread SSDT F20E0B43 svchost.exe [884.624] ZwDeleteKey SSDT 000006B8 svchost.exe [884.624] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.624] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.624] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.624] ZwLoadKey SSDT 000006B8 svchost.exe [884.624] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.624] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.624] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.624] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.624] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.624] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.624] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.624] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.624] ZwRestoreKey SSDT 000006B8 svchost.exe [884.624] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.624] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.624] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.624] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.624] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.624] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:1672] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.1672] ZwCreateKey SSDT F20E0B34 svchost.exe [884.1672] ZwCreateThread SSDT F20E0B43 svchost.exe [884.1672] ZwDeleteKey SSDT 000006B8 svchost.exe [884.1672] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.1672] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.1672] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.1672] ZwLoadKey SSDT 000006B8 svchost.exe [884.1672] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.1672] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.1672] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.1672] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.1672] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.1672] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.1672] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.1672] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.1672] ZwRestoreKey SSDT 000006B8 svchost.exe [884.1672] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.1672] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.1672] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.1672] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.1672] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.1672] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:1716] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.1716] ZwCreateKey SSDT F20E0B34 svchost.exe [884.1716] ZwCreateThread SSDT F20E0B43 svchost.exe [884.1716] ZwDeleteKey SSDT 000006B8 svchost.exe [884.1716] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.1716] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.1716] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.1716] ZwLoadKey SSDT 000006B8 svchost.exe [884.1716] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.1716] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.1716] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.1716] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.1716] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.1716] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.1716] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.1716] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.1716] ZwRestoreKey SSDT 000006B8 svchost.exe [884.1716] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.1716] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.1716] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.1716] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.1716] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.1716] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:1720] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.1720] ZwCreateKey SSDT F20E0B34 svchost.exe [884.1720] ZwCreateThread SSDT F20E0B43 svchost.exe [884.1720] ZwDeleteKey SSDT 000006B8 svchost.exe [884.1720] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.1720] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.1720] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.1720] ZwLoadKey SSDT 000006B8 svchost.exe [884.1720] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.1720] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.1720] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.1720] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.1720] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.1720] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.1720] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.1720] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.1720] ZwRestoreKey SSDT 000006B8 svchost.exe [884.1720] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.1720] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.1720] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.1720] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.1720] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.1720] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:1740] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.1740] ZwCreateKey SSDT F20E0B34 svchost.exe [884.1740] ZwCreateThread SSDT F20E0B43 svchost.exe [884.1740] ZwDeleteKey SSDT 000006B8 svchost.exe [884.1740] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.1740] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.1740] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.1740] ZwLoadKey SSDT 000006B8 svchost.exe [884.1740] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.1740] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.1740] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.1740] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.1740] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.1740] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.1740] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.1740] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.1740] ZwRestoreKey SSDT 000006B8 svchost.exe [884.1740] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.1740] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.1740] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.1740] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.1740] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.1740] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:1660] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.1660] ZwCreateKey SSDT F20E0B34 svchost.exe [884.1660] ZwCreateThread SSDT F20E0B43 svchost.exe [884.1660] ZwDeleteKey SSDT 000006B8 svchost.exe [884.1660] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.1660] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.1660] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.1660] ZwLoadKey SSDT 000006B8 svchost.exe [884.1660] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.1660] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.1660] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.1660] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.1660] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.1660] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.1660] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.1660] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.1660] ZwRestoreKey SSDT 000006B8 svchost.exe [884.1660] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.1660] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.1660] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.1660] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.1660] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.1660] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:1748] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.1748] ZwCreateKey SSDT F20E0B34 svchost.exe [884.1748] ZwCreateThread SSDT F20E0B43 svchost.exe [884.1748] ZwDeleteKey SSDT 000006B8 svchost.exe [884.1748] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.1748] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.1748] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.1748] ZwLoadKey SSDT 000006B8 svchost.exe [884.1748] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.1748] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.1748] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.1748] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.1748] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.1748] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.1748] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.1748] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.1748] ZwRestoreKey SSDT 000006B8 svchost.exe [884.1748] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.1748] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.1748] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.1748] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.1748] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.1748] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:1756] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.1756] ZwCreateKey SSDT F20E0B34 svchost.exe [884.1756] ZwCreateThread SSDT F20E0B43 svchost.exe [884.1756] ZwDeleteKey SSDT 000006B8 svchost.exe [884.1756] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.1756] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.1756] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.1756] ZwLoadKey SSDT 000006B8 svchost.exe [884.1756] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.1756] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.1756] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.1756] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.1756] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.1756] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.1756] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.1756] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.1756] ZwRestoreKey SSDT 000006B8 svchost.exe [884.1756] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.1756] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.1756] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.1756] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.1756] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.1756] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:2204] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.2204] ZwCreateKey SSDT F20E0B34 svchost.exe [884.2204] ZwCreateThread SSDT F20E0B43 svchost.exe [884.2204] ZwDeleteKey SSDT 000006B8 svchost.exe [884.2204] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.2204] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.2204] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.2204] ZwLoadKey SSDT 000006B8 svchost.exe [884.2204] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.2204] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.2204] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.2204] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.2204] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.2204] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.2204] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.2204] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.2204] ZwRestoreKey SSDT 000006B8 svchost.exe [884.2204] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.2204] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.2204] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.2204] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.2204] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.2204] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:2348] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.2348] ZwCreateKey SSDT F20E0B34 svchost.exe [884.2348] ZwCreateThread SSDT F20E0B43 svchost.exe [884.2348] ZwDeleteKey SSDT 000006B8 svchost.exe [884.2348] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.2348] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.2348] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.2348] ZwLoadKey SSDT 000006B8 svchost.exe [884.2348] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.2348] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.2348] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.2348] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.2348] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.2348] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.2348] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.2348] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.2348] ZwRestoreKey SSDT 000006B8 svchost.exe [884.2348] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.2348] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.2348] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.2348] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.2348] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.2348] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:2376] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.2376] ZwCreateKey SSDT F20E0B34 svchost.exe [884.2376] ZwCreateThread SSDT F20E0B43 svchost.exe [884.2376] ZwDeleteKey SSDT 000006B8 svchost.exe [884.2376] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.2376] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.2376] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.2376] ZwLoadKey SSDT 000006B8 svchost.exe [884.2376] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.2376] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.2376] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.2376] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.2376] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.2376] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.2376] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.2376] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.2376] ZwRestoreKey SSDT 000006B8 svchost.exe [884.2376] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.2376] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.2376] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.2376] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.2376] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.2376] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [884:3420] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [884.3420] ZwCreateKey SSDT F20E0B34 svchost.exe [884.3420] ZwCreateThread SSDT F20E0B43 svchost.exe [884.3420] ZwDeleteKey SSDT 000006B8 svchost.exe [884.3420] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [884.3420] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [884.3420] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [884.3420] ZwLoadKey SSDT 000006B8 svchost.exe [884.3420] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [884.3420] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [884.3420] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [884.3420] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [884.3420] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [884.3420] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [884.3420] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [884.3420] ZwReplaceKey SSDT F20E0B57 svchost.exe [884.3420] ZwRestoreKey SSDT 000006B8 svchost.exe [884.3420] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [884.3420] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [884.3420] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [884.3420] ZwTerminateProcess SSDT 000006B8 svchost.exe [884.3420] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [884.3420] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [948:1236] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [948.1236] ZwCreateKey SSDT F20E0B34 svchost.exe [948.1236] ZwCreateThread SSDT F20E0B43 svchost.exe [948.1236] ZwDeleteKey SSDT 000006B8 svchost.exe [948.1236] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [948.1236] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [948.1236] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [948.1236] ZwLoadKey SSDT 000006B8 svchost.exe [948.1236] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [948.1236] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [948.1236] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [948.1236] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [948.1236] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [948.1236] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [948.1236] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [948.1236] ZwReplaceKey SSDT F20E0B57 svchost.exe [948.1236] ZwRestoreKey SSDT 000006B8 svchost.exe [948.1236] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [948.1236] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [948.1236] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [948.1236] ZwTerminateProcess SSDT 000006B8 svchost.exe [948.1236] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [948.1236] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [948:2616] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [948.2616] ZwCreateKey SSDT F20E0B34 svchost.exe [948.2616] ZwCreateThread SSDT F20E0B43 svchost.exe [948.2616] ZwDeleteKey SSDT 000006B8 svchost.exe [948.2616] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [948.2616] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [948.2616] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [948.2616] ZwLoadKey SSDT 000006B8 svchost.exe [948.2616] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [948.2616] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [948.2616] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [948.2616] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [948.2616] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [948.2616] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [948.2616] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [948.2616] ZwReplaceKey SSDT F20E0B57 svchost.exe [948.2616] ZwRestoreKey SSDT 000006B8 svchost.exe [948.2616] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [948.2616] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [948.2616] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [948.2616] ZwTerminateProcess SSDT 000006B8 svchost.exe [948.2616] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [948.2616] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1652] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1652] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1652] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1652] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1652] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1652] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1652] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1652] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1652] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1652] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1652] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1652] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1652] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1652] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1652] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1652] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1652] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1652] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1652] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1652] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1652] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1652] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1652] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1904] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1904] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1904] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1904] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1904] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1904] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1904] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1904] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1904] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1904] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1904] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1904] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1904] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1904] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1904] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1904] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1904] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1904] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1904] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1904] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1904] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1904] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1904] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:616] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.616] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.616] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.616] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.616] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.616] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.616] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.616] ZwLoadKey SSDT 000006B8 svchost.exe [1044.616] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.616] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.616] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.616] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.616] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.616] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.616] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.616] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.616] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.616] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.616] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.616] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.616] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.616] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.616] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:916] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.916] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.916] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.916] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.916] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.916] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.916] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.916] ZwLoadKey SSDT 000006B8 svchost.exe [1044.916] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.916] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.916] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.916] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.916] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.916] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.916] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.916] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.916] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.916] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.916] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.916] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.916] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.916] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.916] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:892] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.892] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.892] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.892] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.892] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.892] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.892] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.892] ZwLoadKey SSDT 000006B8 svchost.exe [1044.892] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.892] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.892] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.892] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.892] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.892] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.892] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.892] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.892] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.892] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.892] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.892] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.892] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.892] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.892] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1068] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1068] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1068] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1068] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1068] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1068] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1068] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1068] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1068] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1068] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1068] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1068] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1068] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1068] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1068] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1068] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1068] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1068] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1068] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1068] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1068] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1068] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1068] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1136] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1136] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1136] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1136] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1136] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1136] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1136] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1136] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1136] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1136] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1136] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1136] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1136] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1136] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1136] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1136] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1136] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1136] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1136] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1136] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1136] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1136] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1136] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1144] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1144] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1144] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1144] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1144] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1144] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1144] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1144] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1144] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1144] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1144] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1144] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1144] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1144] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1144] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1144] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1144] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1144] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1144] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1144] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1144] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1144] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1144] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1156] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1156] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1156] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1156] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1156] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1156] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1156] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1156] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1156] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1156] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1156] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1156] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1156] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1156] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1156] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1156] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1156] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1156] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1156] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1156] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1156] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1156] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1156] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1316] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1316] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1316] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1316] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1316] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1316] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1316] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1316] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1316] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1316] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1316] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1316] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1316] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1316] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1316] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1316] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1316] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1316] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1316] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1316] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1316] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1316] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1316] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1440] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1440] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1440] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1440] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1440] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1440] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1440] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1440] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1440] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1440] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1440] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1440] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1440] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1440] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1440] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1440] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1440] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1440] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1440] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1440] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1440] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1440] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1440] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1520] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1520] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1520] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1520] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1520] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1520] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1520] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1520] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1520] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1520] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1520] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1520] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1520] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1520] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1520] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1520] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1520] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1520] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1520] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1520] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1520] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1520] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1520] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:760] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.760] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.760] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.760] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.760] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.760] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.760] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.760] ZwLoadKey SSDT 000006B8 svchost.exe [1044.760] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.760] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.760] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.760] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.760] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.760] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.760] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.760] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.760] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.760] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.760] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.760] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.760] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.760] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.760] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1724] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1724] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1724] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1724] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1724] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1724] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1724] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1724] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1724] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1724] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1724] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1724] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1724] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1724] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1724] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1724] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1724] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1724] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1724] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1724] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1724] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1724] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1724] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1708] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1708] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1708] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1708] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1708] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1708] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1708] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1708] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1708] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1708] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1708] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1708] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1708] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1708] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1708] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1708] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1708] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1708] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1708] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1708] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1708] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1708] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1708] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1080] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1080] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1080] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1080] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1080] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1080] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1080] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1080] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1080] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1080] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1080] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1080] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1080] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1080] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1080] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1080] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1080] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1080] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1080] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1080] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1080] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1080] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1080] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1816] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1816] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1816] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1816] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1816] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1816] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1816] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1816] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1816] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1816] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1816] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1816] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1816] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1816] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1816] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1816] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1816] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1816] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1816] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1816] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1816] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1816] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1816] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:380] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.380] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.380] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.380] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.380] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.380] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.380] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.380] ZwLoadKey SSDT 000006B8 svchost.exe [1044.380] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.380] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.380] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.380] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.380] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.380] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.380] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.380] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.380] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.380] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.380] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.380] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.380] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.380] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.380] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:448] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.448] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.448] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.448] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.448] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.448] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.448] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.448] ZwLoadKey SSDT 000006B8 svchost.exe [1044.448] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.448] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.448] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.448] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.448] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.448] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.448] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.448] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.448] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.448] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.448] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.448] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.448] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.448] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.448] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:452] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.452] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.452] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.452] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.452] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.452] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.452] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.452] ZwLoadKey SSDT 000006B8 svchost.exe [1044.452] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.452] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.452] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.452] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.452] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.452] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.452] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.452] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.452] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.452] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.452] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.452] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.452] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.452] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.452] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:432] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.432] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.432] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.432] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.432] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.432] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.432] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.432] ZwLoadKey SSDT 000006B8 svchost.exe [1044.432] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.432] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.432] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.432] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.432] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.432] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.432] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.432] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.432] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.432] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.432] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.432] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.432] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.432] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.432] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:460] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.460] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.460] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.460] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.460] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.460] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.460] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.460] ZwLoadKey SSDT 000006B8 svchost.exe [1044.460] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.460] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.460] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.460] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.460] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.460] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.460] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.460] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.460] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.460] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.460] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.460] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.460] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.460] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.460] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:420] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.420] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.420] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.420] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.420] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.420] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.420] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.420] ZwLoadKey SSDT 000006B8 svchost.exe [1044.420] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.420] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.420] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.420] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.420] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.420] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.420] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.420] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.420] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.420] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.420] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.420] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.420] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.420] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.420] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1612] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1612] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1612] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1612] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1612] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1612] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1612] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1612] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1612] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1612] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1612] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1612] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1612] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1612] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1612] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1612] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1612] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1612] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1612] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1612] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1612] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1612] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1612] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:412] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.412] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.412] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.412] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.412] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.412] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.412] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.412] ZwLoadKey SSDT 000006B8 svchost.exe [1044.412] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.412] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.412] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.412] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.412] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.412] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.412] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.412] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.412] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.412] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.412] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.412] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.412] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.412] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.412] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:704] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.704] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.704] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.704] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.704] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.704] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.704] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.704] ZwLoadKey SSDT 000006B8 svchost.exe [1044.704] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.704] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.704] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.704] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.704] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.704] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.704] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.704] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.704] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.704] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.704] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.704] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.704] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.704] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.704] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:840] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.840] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.840] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.840] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.840] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.840] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.840] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.840] ZwLoadKey SSDT 000006B8 svchost.exe [1044.840] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.840] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.840] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.840] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.840] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.840] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.840] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.840] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.840] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.840] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.840] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.840] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.840] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.840] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.840] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:836] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.836] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.836] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.836] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.836] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.836] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.836] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.836] ZwLoadKey SSDT 000006B8 svchost.exe [1044.836] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.836] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.836] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.836] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.836] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.836] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.836] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.836] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.836] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.836] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.836] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.836] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.836] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.836] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.836] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:936] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.936] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.936] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.936] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.936] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.936] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.936] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.936] ZwLoadKey SSDT 000006B8 svchost.exe [1044.936] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.936] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.936] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.936] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.936] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.936] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.936] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.936] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.936] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.936] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.936] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.936] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.936] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.936] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.936] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:984] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.984] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.984] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.984] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.984] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.984] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.984] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.984] ZwLoadKey SSDT 000006B8 svchost.exe [1044.984] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.984] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.984] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.984] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.984] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.984] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.984] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.984] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.984] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.984] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.984] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.984] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.984] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.984] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.984] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1364] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1364] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1364] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1364] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1364] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1364] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1364] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1364] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1364] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1364] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1364] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1364] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1364] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1364] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1364] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1364] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1364] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1364] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1364] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1364] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1364] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1364] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1364] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:664] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.664] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.664] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.664] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.664] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.664] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.664] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.664] ZwLoadKey SSDT 000006B8 svchost.exe [1044.664] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.664] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.664] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.664] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.664] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.664] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.664] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.664] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.664] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.664] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.664] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.664] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.664] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.664] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.664] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1676] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1676] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1676] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1676] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1676] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1676] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1676] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1676] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1676] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1676] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1676] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1676] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1676] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1676] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1676] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1676] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1676] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1676] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1676] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1676] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1676] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1676] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1676] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1444] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1444] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1444] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1444] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1444] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1444] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1444] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1444] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1444] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1444] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1444] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1444] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1444] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1444] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1444] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1444] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1444] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1444] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1444] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1444] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1444] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1444] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1444] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1940] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1940] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1940] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1940] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1940] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1940] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1940] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1940] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1940] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1940] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1940] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1940] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1940] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1940] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1940] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1940] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1940] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1940] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1940] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1940] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1940] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1940] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1940] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:1972] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.1972] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.1972] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.1972] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.1972] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.1972] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.1972] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.1972] ZwLoadKey SSDT 000006B8 svchost.exe [1044.1972] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.1972] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.1972] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.1972] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.1972] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.1972] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.1972] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.1972] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.1972] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.1972] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.1972] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.1972] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.1972] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.1972] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.1972] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:2168] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.2168] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.2168] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.2168] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.2168] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.2168] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.2168] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.2168] ZwLoadKey SSDT 000006B8 svchost.exe [1044.2168] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.2168] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.2168] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.2168] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.2168] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.2168] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.2168] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.2168] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.2168] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.2168] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.2168] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.2168] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.2168] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.2168] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.2168] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:2172] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.2172] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.2172] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.2172] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.2172] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.2172] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.2172] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.2172] ZwLoadKey SSDT 000006B8 svchost.exe [1044.2172] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.2172] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.2172] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.2172] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.2172] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.2172] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.2172] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.2172] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.2172] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.2172] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.2172] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.2172] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.2172] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.2172] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.2172] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:2176] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.2176] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.2176] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.2176] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.2176] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.2176] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.2176] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.2176] ZwLoadKey SSDT 000006B8 svchost.exe [1044.2176] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.2176] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.2176] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.2176] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.2176] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.2176] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.2176] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.2176] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.2176] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.2176] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.2176] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.2176] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.2176] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.2176] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.2176] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:2180] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.2180] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.2180] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.2180] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.2180] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.2180] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.2180] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.2180] ZwLoadKey SSDT 000006B8 svchost.exe [1044.2180] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.2180] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.2180] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.2180] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.2180] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.2180] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.2180] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.2180] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.2180] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.2180] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.2180] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.2180] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.2180] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.2180] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.2180] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:2288] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.2288] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.2288] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.2288] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.2288] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.2288] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.2288] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.2288] ZwLoadKey SSDT 000006B8 svchost.exe [1044.2288] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.2288] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.2288] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.2288] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.2288] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.2288] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.2288] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.2288] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.2288] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.2288] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.2288] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.2288] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.2288] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.2288] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.2288] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:2892] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.2892] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.2892] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.2892] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.2892] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.2892] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.2892] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.2892] ZwLoadKey SSDT 000006B8 svchost.exe [1044.2892] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.2892] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.2892] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.2892] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.2892] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.2892] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.2892] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.2892] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.2892] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.2892] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.2892] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.2892] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.2892] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.2892] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.2892] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1044:2940] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1044.2940] ZwCreateKey SSDT F20E0B34 svchost.exe [1044.2940] ZwCreateThread SSDT F20E0B43 svchost.exe [1044.2940] ZwDeleteKey SSDT 000006B8 svchost.exe [1044.2940] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1044.2940] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1044.2940] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1044.2940] ZwLoadKey SSDT 000006B8 svchost.exe [1044.2940] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1044.2940] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1044.2940] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1044.2940] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1044.2940] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1044.2940] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1044.2940] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1044.2940] ZwReplaceKey SSDT F20E0B57 svchost.exe [1044.2940] ZwRestoreKey SSDT 000006B8 svchost.exe [1044.2940] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1044.2940] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1044.2940] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1044.2940] ZwTerminateProcess SSDT 000006B8 svchost.exe [1044.2940] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1044.2940] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1128:2896] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1128.2896] ZwCreateKey SSDT F20E0B34 svchost.exe [1128.2896] ZwCreateThread SSDT F20E0B43 svchost.exe [1128.2896] ZwDeleteKey SSDT 000006B8 svchost.exe [1128.2896] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1128.2896] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1128.2896] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1128.2896] ZwLoadKey SSDT 000006B8 svchost.exe [1128.2896] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1128.2896] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1128.2896] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1128.2896] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1128.2896] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1128.2896] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1128.2896] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1128.2896] ZwReplaceKey SSDT F20E0B57 svchost.exe [1128.2896] ZwRestoreKey SSDT 000006B8 svchost.exe [1128.2896] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1128.2896] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1128.2896] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1128.2896] ZwTerminateProcess SSDT 000006B8 svchost.exe [1128.2896] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1128.2896] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1128:2900] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1128.2900] ZwCreateKey SSDT F20E0B34 svchost.exe [1128.2900] ZwCreateThread SSDT F20E0B43 svchost.exe [1128.2900] ZwDeleteKey SSDT 000006B8 svchost.exe [1128.2900] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1128.2900] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1128.2900] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1128.2900] ZwLoadKey SSDT 000006B8 svchost.exe [1128.2900] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1128.2900] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1128.2900] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1128.2900] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1128.2900] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1128.2900] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1128.2900] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1128.2900] ZwReplaceKey SSDT F20E0B57 svchost.exe [1128.2900] ZwRestoreKey SSDT 000006B8 svchost.exe [1128.2900] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1128.2900] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1128.2900] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1128.2900] ZwTerminateProcess SSDT 000006B8 svchost.exe [1128.2900] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1128.2900] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1240:1844] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1240.1844] ZwCreateKey SSDT F20E0B34 svchost.exe [1240.1844] ZwCreateThread SSDT F20E0B43 svchost.exe [1240.1844] ZwDeleteKey SSDT 000006B8 svchost.exe [1240.1844] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1240.1844] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1240.1844] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1240.1844] ZwLoadKey SSDT 000006B8 svchost.exe [1240.1844] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1240.1844] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1240.1844] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1240.1844] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1240.1844] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1240.1844] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1240.1844] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1240.1844] ZwReplaceKey SSDT F20E0B57 svchost.exe [1240.1844] ZwRestoreKey SSDT 000006B8 svchost.exe [1240.1844] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1240.1844] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1240.1844] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1240.1844] ZwTerminateProcess SSDT 000006B8 svchost.exe [1240.1844] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1240.1844] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1240:1884] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1240.1884] ZwCreateKey SSDT F20E0B34 svchost.exe [1240.1884] ZwCreateThread SSDT F20E0B43 svchost.exe [1240.1884] ZwDeleteKey SSDT 000006B8 svchost.exe [1240.1884] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1240.1884] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1240.1884] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1240.1884] ZwLoadKey SSDT 000006B8 svchost.exe [1240.1884] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1240.1884] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1240.1884] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1240.1884] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1240.1884] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1240.1884] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1240.1884] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1240.1884] ZwReplaceKey SSDT F20E0B57 svchost.exe [1240.1884] ZwRestoreKey SSDT 000006B8 svchost.exe [1240.1884] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1240.1884] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1240.1884] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1240.1884] ZwTerminateProcess SSDT 000006B8 svchost.exe [1240.1884] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1240.1884] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1240:1876] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1240.1876] ZwCreateKey SSDT F20E0B34 svchost.exe [1240.1876] ZwCreateThread SSDT F20E0B43 svchost.exe [1240.1876] ZwDeleteKey SSDT 000006B8 svchost.exe [1240.1876] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1240.1876] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1240.1876] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1240.1876] ZwLoadKey SSDT 000006B8 svchost.exe [1240.1876] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1240.1876] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1240.1876] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1240.1876] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1240.1876] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1240.1876] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1240.1876] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1240.1876] ZwReplaceKey SSDT F20E0B57 svchost.exe [1240.1876] ZwRestoreKey SSDT 000006B8 svchost.exe [1240.1876] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1240.1876] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1240.1876] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1240.1876] ZwTerminateProcess SSDT 000006B8 svchost.exe [1240.1876] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1240.1876] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1240:1912] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1240.1912] ZwCreateKey SSDT F20E0B34 svchost.exe [1240.1912] ZwCreateThread SSDT F20E0B43 svchost.exe [1240.1912] ZwDeleteKey SSDT 000006B8 svchost.exe [1240.1912] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1240.1912] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1240.1912] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1240.1912] ZwLoadKey SSDT 000006B8 svchost.exe [1240.1912] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1240.1912] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1240.1912] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1240.1912] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1240.1912] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1240.1912] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1240.1912] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1240.1912] ZwReplaceKey SSDT F20E0B57 svchost.exe [1240.1912] ZwRestoreKey SSDT 000006B8 svchost.exe [1240.1912] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1240.1912] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1240.1912] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1240.1912] ZwTerminateProcess SSDT 000006B8 svchost.exe [1240.1912] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1240.1912] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1240:300] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1240.300] ZwCreateKey SSDT F20E0B34 svchost.exe [1240.300] ZwCreateThread SSDT F20E0B43 svchost.exe [1240.300] ZwDeleteKey SSDT 000006B8 svchost.exe [1240.300] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1240.300] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1240.300] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1240.300] ZwLoadKey SSDT 000006B8 svchost.exe [1240.300] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1240.300] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1240.300] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1240.300] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1240.300] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1240.300] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1240.300] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1240.300] ZwReplaceKey SSDT F20E0B57 svchost.exe [1240.300] ZwRestoreKey SSDT 000006B8 svchost.exe [1240.300] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1240.300] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1240.300] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1240.300] ZwTerminateProcess SSDT 000006B8 svchost.exe [1240.300] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1240.300] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1240:1548] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1240.1548] ZwCreateKey SSDT F20E0B34 svchost.exe [1240.1548] ZwCreateThread SSDT F20E0B43 svchost.exe [1240.1548] ZwDeleteKey SSDT 000006B8 svchost.exe [1240.1548] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1240.1548] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1240.1548] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1240.1548] ZwLoadKey SSDT 000006B8 svchost.exe [1240.1548] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1240.1548] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1240.1548] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1240.1548] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1240.1548] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1240.1548] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1240.1548] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1240.1548] ZwReplaceKey SSDT F20E0B57 svchost.exe [1240.1548] ZwRestoreKey SSDT 000006B8 svchost.exe [1240.1548] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1240.1548] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1240.1548] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1240.1548] ZwTerminateProcess SSDT 000006B8 svchost.exe [1240.1548] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1240.1548] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread svchost.exe [1240:2368] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E svchost.exe [1240.2368] ZwCreateKey SSDT F20E0B34 svchost.exe [1240.2368] ZwCreateThread SSDT F20E0B43 svchost.exe [1240.2368] ZwDeleteKey SSDT 000006B8 svchost.exe [1240.2368] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 svchost.exe [1240.2368] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 svchost.exe [1240.2368] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 svchost.exe [1240.2368] ZwLoadKey SSDT 000006B8 svchost.exe [1240.2368] ZwOpenKey [0xB296910F] SSDT 000006B8 svchost.exe [1240.2368] ZwOpenProcess [0xB2968E79] SSDT 000006B8 svchost.exe [1240.2368] ZwOpenThread [0xB2968F01] SSDT 000006B8 svchost.exe [1240.2368] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 svchost.exe [1240.2368] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 svchost.exe [1240.2368] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 svchost.exe [1240.2368] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C svchost.exe [1240.2368] ZwReplaceKey SSDT F20E0B57 svchost.exe [1240.2368] ZwRestoreKey SSDT 000006B8 svchost.exe [1240.2368] ZwSetContextThread [0xB29690AC] SSDT 000006B8 svchost.exe [1240.2368] ZwSetValueKey [0xB2969413] SSDT 000006B8 svchost.exe [1240.2368] ZwSuspendThread [0xB2969049] SSDT F20E0B2F svchost.exe [1240.2368] ZwTerminateProcess SSDT 000006B8 svchost.exe [1240.2368] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 svchost.exe [1240.2368] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1484:2236] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E spoolsv.exe [1484.2236] ZwCreateKey SSDT F20E0B34 spoolsv.exe [1484.2236] ZwCreateThread SSDT F20E0B43 spoolsv.exe [1484.2236] ZwDeleteKey SSDT 000006B8 spoolsv.exe [1484.2236] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 spoolsv.exe [1484.2236] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 spoolsv.exe [1484.2236] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 spoolsv.exe [1484.2236] ZwLoadKey SSDT 000006B8 spoolsv.exe [1484.2236] ZwOpenKey [0xB296910F] SSDT 000006B8 spoolsv.exe [1484.2236] ZwOpenProcess [0xB2968E79] SSDT 000006B8 spoolsv.exe [1484.2236] ZwOpenThread [0xB2968F01] SSDT 000006B8 spoolsv.exe [1484.2236] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 spoolsv.exe [1484.2236] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 spoolsv.exe [1484.2236] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 spoolsv.exe [1484.2236] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C spoolsv.exe [1484.2236] ZwReplaceKey SSDT F20E0B57 spoolsv.exe [1484.2236] ZwRestoreKey SSDT 000006B8 spoolsv.exe [1484.2236] ZwSetContextThread [0xB29690AC] SSDT 000006B8 spoolsv.exe [1484.2236] ZwSetValueKey [0xB2969413] SSDT 000006B8 spoolsv.exe [1484.2236] ZwSuspendThread [0xB2969049] SSDT F20E0B2F spoolsv.exe [1484.2236] ZwTerminateProcess SSDT 000006B8 spoolsv.exe [1484.2236] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 spoolsv.exe [1484.2236] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1484:2248] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E spoolsv.exe [1484.2248] ZwCreateKey SSDT F20E0B34 spoolsv.exe [1484.2248] ZwCreateThread SSDT F20E0B43 spoolsv.exe [1484.2248] ZwDeleteKey SSDT 000006B8 spoolsv.exe [1484.2248] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 spoolsv.exe [1484.2248] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 spoolsv.exe [1484.2248] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 spoolsv.exe [1484.2248] ZwLoadKey SSDT 000006B8 spoolsv.exe [1484.2248] ZwOpenKey [0xB296910F] SSDT 000006B8 spoolsv.exe [1484.2248] ZwOpenProcess [0xB2968E79] SSDT 000006B8 spoolsv.exe [1484.2248] ZwOpenThread [0xB2968F01] SSDT 000006B8 spoolsv.exe [1484.2248] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 spoolsv.exe [1484.2248] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 spoolsv.exe [1484.2248] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 spoolsv.exe [1484.2248] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C spoolsv.exe [1484.2248] ZwReplaceKey SSDT F20E0B57 spoolsv.exe [1484.2248] ZwRestoreKey SSDT 000006B8 spoolsv.exe [1484.2248] ZwSetContextThread [0xB29690AC] SSDT 000006B8 spoolsv.exe [1484.2248] ZwSetValueKey [0xB2969413] SSDT 000006B8 spoolsv.exe [1484.2248] ZwSuspendThread [0xB2969049] SSDT F20E0B2F spoolsv.exe [1484.2248] ZwTerminateProcess SSDT 000006B8 spoolsv.exe [1484.2248] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 spoolsv.exe [1484.2248] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1484:2252] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E spoolsv.exe [1484.2252] ZwCreateKey SSDT F20E0B34 spoolsv.exe [1484.2252] ZwCreateThread SSDT F20E0B43 spoolsv.exe [1484.2252] ZwDeleteKey SSDT 000006B8 spoolsv.exe [1484.2252] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 spoolsv.exe [1484.2252] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 spoolsv.exe [1484.2252] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 spoolsv.exe [1484.2252] ZwLoadKey SSDT 000006B8 spoolsv.exe [1484.2252] ZwOpenKey [0xB296910F] SSDT 000006B8 spoolsv.exe [1484.2252] ZwOpenProcess [0xB2968E79] SSDT 000006B8 spoolsv.exe [1484.2252] ZwOpenThread [0xB2968F01] SSDT 000006B8 spoolsv.exe [1484.2252] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 spoolsv.exe [1484.2252] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 spoolsv.exe [1484.2252] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 spoolsv.exe [1484.2252] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C spoolsv.exe [1484.2252] ZwReplaceKey SSDT F20E0B57 spoolsv.exe [1484.2252] ZwRestoreKey SSDT 000006B8 spoolsv.exe [1484.2252] ZwSetContextThread [0xB29690AC] SSDT 000006B8 spoolsv.exe [1484.2252] ZwSetValueKey [0xB2969413] SSDT 000006B8 spoolsv.exe [1484.2252] ZwSuspendThread [0xB2969049] SSDT F20E0B2F spoolsv.exe [1484.2252] ZwTerminateProcess SSDT 000006B8 spoolsv.exe [1484.2252] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 spoolsv.exe [1484.2252] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1484:2256] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E spoolsv.exe [1484.2256] ZwCreateKey SSDT F20E0B34 spoolsv.exe [1484.2256] ZwCreateThread SSDT F20E0B43 spoolsv.exe [1484.2256] ZwDeleteKey SSDT 000006B8 spoolsv.exe [1484.2256] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 spoolsv.exe [1484.2256] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 spoolsv.exe [1484.2256] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 spoolsv.exe [1484.2256] ZwLoadKey SSDT 000006B8 spoolsv.exe [1484.2256] ZwOpenKey [0xB296910F] SSDT 000006B8 spoolsv.exe [1484.2256] ZwOpenProcess [0xB2968E79] SSDT 000006B8 spoolsv.exe [1484.2256] ZwOpenThread [0xB2968F01] SSDT 000006B8 spoolsv.exe [1484.2256] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 spoolsv.exe [1484.2256] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 spoolsv.exe [1484.2256] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 spoolsv.exe [1484.2256] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C spoolsv.exe [1484.2256] ZwReplaceKey SSDT F20E0B57 spoolsv.exe [1484.2256] ZwRestoreKey SSDT 000006B8 spoolsv.exe [1484.2256] ZwSetContextThread [0xB29690AC] SSDT 000006B8 spoolsv.exe [1484.2256] ZwSetValueKey [0xB2969413] SSDT 000006B8 spoolsv.exe [1484.2256] ZwSuspendThread [0xB2969049] SSDT F20E0B2F spoolsv.exe [1484.2256] ZwTerminateProcess SSDT 000006B8 spoolsv.exe [1484.2256] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 spoolsv.exe [1484.2256] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread spoolsv.exe [1484:2268] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E spoolsv.exe [1484.2268] ZwCreateKey SSDT F20E0B34 spoolsv.exe [1484.2268] ZwCreateThread SSDT F20E0B43 spoolsv.exe [1484.2268] ZwDeleteKey SSDT 000006B8 spoolsv.exe [1484.2268] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 spoolsv.exe [1484.2268] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 spoolsv.exe [1484.2268] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 spoolsv.exe [1484.2268] ZwLoadKey SSDT 000006B8 spoolsv.exe [1484.2268] ZwOpenKey [0xB296910F] SSDT 000006B8 spoolsv.exe [1484.2268] ZwOpenProcess [0xB2968E79] SSDT 000006B8 spoolsv.exe [1484.2268] ZwOpenThread [0xB2968F01] SSDT 000006B8 spoolsv.exe [1484.2268] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 spoolsv.exe [1484.2268] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 spoolsv.exe [1484.2268] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 spoolsv.exe [1484.2268] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C spoolsv.exe [1484.2268] ZwReplaceKey SSDT F20E0B57 spoolsv.exe [1484.2268] ZwRestoreKey SSDT 000006B8 spoolsv.exe [1484.2268] ZwSetContextThread [0xB29690AC] SSDT 000006B8 spoolsv.exe [1484.2268] ZwSetValueKey [0xB2969413] SSDT 000006B8 spoolsv.exe [1484.2268] ZwSuspendThread [0xB2969049] SSDT F20E0B2F spoolsv.exe [1484.2268] ZwTerminateProcess SSDT 000006B8 spoolsv.exe [1484.2268] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 spoolsv.exe [1484.2268] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread sched.exe [1528:2588] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E sched.exe [1528.2588] ZwCreateKey SSDT F20E0B34 sched.exe [1528.2588] ZwCreateThread SSDT F20E0B43 sched.exe [1528.2588] ZwDeleteKey SSDT 000006B8 sched.exe [1528.2588] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 sched.exe [1528.2588] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 sched.exe [1528.2588] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 sched.exe [1528.2588] ZwLoadKey SSDT 000006B8 sched.exe [1528.2588] ZwOpenKey [0xB296910F] SSDT 000006B8 sched.exe [1528.2588] ZwOpenProcess [0xB2968E79] SSDT 000006B8 sched.exe [1528.2588] ZwOpenThread [0xB2968F01] SSDT 000006B8 sched.exe [1528.2588] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 sched.exe [1528.2588] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 sched.exe [1528.2588] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 sched.exe [1528.2588] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C sched.exe [1528.2588] ZwReplaceKey SSDT F20E0B57 sched.exe [1528.2588] ZwRestoreKey SSDT 000006B8 sched.exe [1528.2588] ZwSetContextThread [0xB29690AC] SSDT 000006B8 sched.exe [1528.2588] ZwSetValueKey [0xB2969413] SSDT 000006B8 sched.exe [1528.2588] ZwSuspendThread [0xB2969049] SSDT F20E0B2F sched.exe [1528.2588] ZwTerminateProcess SSDT 000006B8 sched.exe [1528.2588] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 sched.exe [1528.2588] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1796:1832] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E explorer.exe [1796.1832] ZwCreateKey SSDT F20E0B34 explorer.exe [1796.1832] ZwCreateThread SSDT F20E0B43 explorer.exe [1796.1832] ZwDeleteKey SSDT 000006B8 explorer.exe [1796.1832] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 explorer.exe [1796.1832] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 explorer.exe [1796.1832] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 explorer.exe [1796.1832] ZwLoadKey SSDT 000006B8 explorer.exe [1796.1832] ZwOpenKey [0xB296910F] SSDT 000006B8 explorer.exe [1796.1832] ZwOpenProcess [0xB2968E79] SSDT 000006B8 explorer.exe [1796.1832] ZwOpenThread [0xB2968F01] SSDT 000006B8 explorer.exe [1796.1832] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 explorer.exe [1796.1832] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 explorer.exe [1796.1832] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 explorer.exe [1796.1832] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C explorer.exe [1796.1832] ZwReplaceKey SSDT F20E0B57 explorer.exe [1796.1832] ZwRestoreKey SSDT 000006B8 explorer.exe [1796.1832] ZwSetContextThread [0xB29690AC] SSDT 000006B8 explorer.exe [1796.1832] ZwSetValueKey [0xB2969413] SSDT 000006B8 explorer.exe [1796.1832] ZwSuspendThread [0xB2969049] SSDT F20E0B2F explorer.exe [1796.1832] ZwTerminateProcess SSDT 000006B8 explorer.exe [1796.1832] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 explorer.exe [1796.1832] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1796:3272] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E explorer.exe [1796.3272] ZwCreateKey SSDT F20E0B34 explorer.exe [1796.3272] ZwCreateThread SSDT F20E0B43 explorer.exe [1796.3272] ZwDeleteKey SSDT 000006B8 explorer.exe [1796.3272] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 explorer.exe [1796.3272] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 explorer.exe [1796.3272] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 explorer.exe [1796.3272] ZwLoadKey SSDT 000006B8 explorer.exe [1796.3272] ZwOpenKey [0xB296910F] SSDT 000006B8 explorer.exe [1796.3272] ZwOpenProcess [0xB2968E79] SSDT 000006B8 explorer.exe [1796.3272] ZwOpenThread [0xB2968F01] SSDT 000006B8 explorer.exe [1796.3272] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 explorer.exe [1796.3272] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 explorer.exe [1796.3272] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 explorer.exe [1796.3272] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C explorer.exe [1796.3272] ZwReplaceKey SSDT F20E0B57 explorer.exe [1796.3272] ZwRestoreKey SSDT 000006B8 explorer.exe [1796.3272] ZwSetContextThread [0xB29690AC] SSDT 000006B8 explorer.exe [1796.3272] ZwSetValueKey [0xB2969413] SSDT 000006B8 explorer.exe [1796.3272] ZwSuspendThread [0xB2969049] SSDT F20E0B2F explorer.exe [1796.3272] ZwTerminateProcess SSDT 000006B8 explorer.exe [1796.3272] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 explorer.exe [1796.3272] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1796:3352] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E explorer.exe [1796.3352] ZwCreateKey SSDT F20E0B34 explorer.exe [1796.3352] ZwCreateThread SSDT F20E0B43 explorer.exe [1796.3352] ZwDeleteKey SSDT 000006B8 explorer.exe [1796.3352] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 explorer.exe [1796.3352] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 explorer.exe [1796.3352] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 explorer.exe [1796.3352] ZwLoadKey SSDT 000006B8 explorer.exe [1796.3352] ZwOpenKey [0xB296910F] SSDT 000006B8 explorer.exe [1796.3352] ZwOpenProcess [0xB2968E79] SSDT 000006B8 explorer.exe [1796.3352] ZwOpenThread [0xB2968F01] SSDT 000006B8 explorer.exe [1796.3352] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 explorer.exe [1796.3352] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 explorer.exe [1796.3352] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 explorer.exe [1796.3352] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C explorer.exe [1796.3352] ZwReplaceKey SSDT F20E0B57 explorer.exe [1796.3352] ZwRestoreKey SSDT 000006B8 explorer.exe [1796.3352] ZwSetContextThread [0xB29690AC] SSDT 000006B8 explorer.exe [1796.3352] ZwSetValueKey [0xB2969413] SSDT 000006B8 explorer.exe [1796.3352] ZwSuspendThread [0xB2969049] SSDT F20E0B2F explorer.exe [1796.3352] ZwTerminateProcess SSDT 000006B8 explorer.exe [1796.3352] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 explorer.exe [1796.3352] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread explorer.exe [1796:3540] SSDT 0xFEA2EB90 != 0x804E26A8 SSDT F20E0B3E explorer.exe [1796.3540] ZwCreateKey SSDT F20E0B34 explorer.exe [1796.3540] ZwCreateThread SSDT F20E0B43 explorer.exe [1796.3540] ZwDeleteKey SSDT 000006B8 explorer.exe [1796.3540] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 explorer.exe [1796.3540] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 explorer.exe [1796.3540] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 explorer.exe [1796.3540] ZwLoadKey SSDT 000006B8 explorer.exe [1796.3540] ZwOpenKey [0xB296910F] SSDT 000006B8 explorer.exe [1796.3540] ZwOpenProcess [0xB2968E79] SSDT 000006B8 explorer.exe [1796.3540] ZwOpenThread [0xB2968F01] SSDT 000006B8 explorer.exe [1796.3540] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 explorer.exe [1796.3540] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 explorer.exe [1796.3540] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 explorer.exe [1796.3540] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C explorer.exe [1796.3540] ZwReplaceKey SSDT F20E0B57 explorer.exe [1796.3540] ZwRestoreKey SSDT 000006B8 explorer.exe [1796.3540] ZwSetContextThread [0xB29690AC] SSDT 000006B8 explorer.exe [1796.3540] ZwSetValueKey [0xB2969413] SSDT 000006B8 explorer.exe [1796.3540] ZwSuspendThread [0xB2969049] SSDT F20E0B2F explorer.exe [1796.3540] ZwTerminateProcess SSDT 000006B8 explorer.exe [1796.3540] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 explorer.exe [1796.3540] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread notepad.exe [3656:3660] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E notepad.exe [3656.3660] ZwCreateKey SSDT F20E0B34 notepad.exe [3656.3660] ZwCreateThread SSDT F20E0B43 notepad.exe [3656.3660] ZwDeleteKey SSDT 000006B8 notepad.exe [3656.3660] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 notepad.exe [3656.3660] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 notepad.exe [3656.3660] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 notepad.exe [3656.3660] ZwLoadKey SSDT 000006B8 notepad.exe [3656.3660] ZwOpenKey [0xB296910F] SSDT 000006B8 notepad.exe [3656.3660] ZwOpenProcess [0xB2968E79] SSDT 000006B8 notepad.exe [3656.3660] ZwOpenThread [0xB2968F01] SSDT 000006B8 notepad.exe [3656.3660] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 notepad.exe [3656.3660] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 notepad.exe [3656.3660] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 notepad.exe [3656.3660] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C notepad.exe [3656.3660] ZwReplaceKey SSDT F20E0B57 notepad.exe [3656.3660] ZwRestoreKey SSDT 000006B8 notepad.exe [3656.3660] ZwSetContextThread [0xB29690AC] SSDT 000006B8 notepad.exe [3656.3660] ZwSetValueKey [0xB2969413] SSDT 000006B8 notepad.exe [3656.3660] ZwSuspendThread [0xB2969049] SSDT F20E0B2F notepad.exe [3656.3660] ZwTerminateProcess SSDT 000006B8 notepad.exe [3656.3660] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 notepad.exe [3656.3660] ZwWriteVirtualMemory [0xB2969675] ---- Threads - GMER 1.0.15 ---- Thread zsq8ym6e.exe [3680:3684] SSDT 0xFEA2FB90 != 0x804E26A8 SSDT F20E0B3E zsq8ym6e.exe [3680.3684] ZwCreateKey SSDT F20E0B34 zsq8ym6e.exe [3680.3684] ZwCreateThread SSDT F20E0B43 zsq8ym6e.exe [3680.3684] ZwDeleteKey SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwDeleteValueKey [0xB2969517] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwEnumerateKey [0xB29691C7] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwEnumerateValueKey [0xB29692D3] SSDT F20E0B52 zsq8ym6e.exe [3680.3684] ZwLoadKey SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwOpenKey [0xB296910F] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwOpenProcess [0xB2968E79] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwOpenThread [0xB2968F01] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwProtectVirtualMemory [0xB29696DB] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwQueryDirectoryFile [0xB2968CA0] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwQuerySystemInformation [0xB2968D73] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwReadVirtualMemory [0xB296960F] SSDT F20E0B5C zsq8ym6e.exe [3680.3684] ZwReplaceKey SSDT F20E0B57 zsq8ym6e.exe [3680.3684] ZwRestoreKey SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwSetContextThread [0xB29690AC] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwSetValueKey [0xB2969413] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwSuspendThread [0xB2969049] SSDT F20E0B2F zsq8ym6e.exe [3680.3684] ZwTerminateProcess SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwTerminateThread [0xB2968FE6] SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwWriteVirtualMemory [0xB2969675] ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\ezlwy.sys (*** hidden *** ) [AUTO] owsqckcsbnkr <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@ImagePath \??\C:\WINDOWS\system32\drivers\ezlwy.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@DisplayName owsqckcsbnkr Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@RulesData 0x03 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@krnl_sleepfreq 0x58 0x02 0x00 0x00 Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@krnl_servers_list 0x68 0x74 0x74 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr\Security@Security 0x01 0x00 0x14 0x80 ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\str.sys 237600 bytes File C:\WINDOWS\system32\drivers\ezlwy.sys 77440 bytes executable <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut Donc, j'ai effectué une MAJ de Mbam et refait un scan complet. Plus qu'UNE infection mais qui s'accroche! Il s'agit d'un rootkit situé dans C\WINDOWS\system32\drivers\str.sys Mbam m'invite a rebooter pour l'éradiquer mais il n'y arrive pas (j'ai refait un scan pour finalement toujours obtenir cette erreur). Que faire??? En outre, j'ai installé et fait tourner au préalable CCleaner. Pour Avira (qui ne fonctionne pas avec un message avgnt.exe cannot be started à chaque démarrage de la machine) éh bien je suis dans l'impossibilité de supprimer l'antivirus (pour le réinstaller par la suite). A chaque tentative, cela commence normalement, ouverture d'une fenêtre internet pour feed-back puis subitement l'ordinateur redémarre de lui même en plein effaçage... Je suis allé (à tort ou à raison) dans les propriétés avancées du poste de travail pour empêcher le redémarrage automatique et tout ce que j'y ai gagné, c'est une belle page bleu avec un message d'erreur et donc un redémarrage manuel subséquent. Que me conseilles-tu? Bien cordialement, Croquis -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Bonjour Falkra, Désolé d'avoir tardé mais hier, impossible de me connecter sur le net pendant plus d'une minute... J'ai suspecté que lors du reboot, certaines infections soient revenues et m'aient empêché de me connecter... bref j'ai refait à l'instant un scan mbam (en profondeur cette fois) et il a encore trouvé une trentaine d'infections Suivant les indications de mbam je viens de redémarrer (je me demande si je ne devrais pas empêcher la restauration système au cas ou elle serait la source d'une réinfection...?) et depuis je me connecte normalement! D'autre part, j'ai un message, lors de chaque redémarrage de la machine, que le fichier "avgnt.exe" de Avira ne peut être démarré... --> Dois-je effacer complètement Avira et le réinstaller..? D'autre part, le pare-feu Windows est continuellement INACTIF et lorsque je l'active, il se désactive quelques petites minutes après...Bizarre autant qu'étrange... Que me conseilles-tu? Pour l'instant, je te poste: - le dernier rapport tout frais de mbam; - suivi du rapport d'un nouveau scan HijackThis (que je laisse ouvert en attendant ta réponse). Cordialement , Croquis LOG 1: Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3811 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 4/03/2010 9:24:18 mbam-log-2010-03-04 (09-24-18).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 131494 Temps écoulé: 14 minute(s), 3 second(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 31 Processus mémoire infecté(s): C:\WINDOWS\scvchost.exe (Trojan.Inject) -> Unloaded process successfully. C:\WINDOWS\avp.exe (Trojan.Downloader) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Inject) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Inject) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\apv (Trojan.Downloader) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\scvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7DRJPD6M\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ARS2UD31\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ARS2UD31\nun[2] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ARS2UD31\nun[3] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RQ1LPFKI\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5PG95K6\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5PG95K6\nun[2] (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP22\A0002331.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP25\A0002377.exe (Spyware.Zbot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP28\A0002479.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP28\A0002505.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP29\A0002508.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP29\A0002509.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP30\A0002517.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP31\A0003557.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP31\A0003558.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP31\A0003564.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP31\A0004569.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\12.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\26.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\44.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\67.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\70.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\77.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\03032010_104453\C_WINDOWS\scvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\03032010_104453\C_WINDOWS\system32\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\avp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. ------------------------------------------------------------------------------------------------------------------------------- LOG 2: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:41:33, on 4/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcourrier.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201170073125 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 3929 bytes -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut , Voici le rapport OTM: ========== PROCESSES ========== ========== FILES ========== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Google Toolbar\gtb1.tmp.exe moved successfully. C:\WINDOWS\updated7.exe moved successfully. C:\WINDOWS\system32\lsassd.exe moved successfully. C:\WINDOWS\system32\svvchost.exe moved successfully. C:\WINDOWS\scvchost.exe moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\deports deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svvchost.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Driver Setup deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Microsoft Driver Setup deleted successfully. ========== COMMANDS ========== OTM by OldTimer - Version 3.1.10.0 log created on 03032010_104453 -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Bonjour Voici le rapport Mbam (uniquement après le balayage "rapide") suivi du log HijackThis. J'attends tes conseils pour poursuivre... Cordialement, -------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3811 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 2/03/2010 12:21:41 mbam-log-2010-03-02 (12-21-41).txt Type de recherche: Examen rapide Eléments examinés: 112920 Temps écoulé: 6 minute(s), 52 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 34 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\kbdatat4.dll (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\kbupdate.dll (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\crt4.dll (Backdoor.Bot) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbupdate (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Inject) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Inject) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Fichier(s) infecté(s): C:\WINDOWS\system32\kbdatat4.dll (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\scvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\35.scr (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\41.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\43.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\50.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\67.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\68.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\85.scr (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Trojan.Dropper) -> Delete on reboot. C:\WINDOWS\Temp\1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\2.tmp (Spyware.Zbot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tmp16.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\eraseme_21721.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\eraseme_71528.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1MSBRBJX\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1MSBRBJX\2krn[1].bin (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FZKJ9F8F\021010d501ne[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FZKJ9F8F\pon[1].exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7DRJPD6M\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7DRJPD6M\nun[2] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ARS2UD31\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RQ1LPFKI\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5PG95K6\avali[1] (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5PG95K6\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\kbupdate.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\logfile32.txt (Malware.Trace) -> Delete on reboot. C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\kboem32.dat (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\crt4.dll (Backdoor.Bot) -> Delete on reboot. ------------------------------------------------------------------------------------------------------------- Rapport HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:11:29, on 3/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\updated7.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Google Toolbar\gtb1.tmp.exe C:\Program Files\Trend Micro\HijackThis\Administrateur.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [deports] C:\WINDOWS\system32\lsassd.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [svvchost.exe] C:\WINDOWS\system32\svvchost.exe O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\scvchost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\scvchost.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201170073125 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 4044 bytes -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut Falkra, Mbam, en recherche rapide, a découvert... 41 (!) infections virales z'et autres. Il en a effacé une partie puis a commandé un reboot que j'ai effectué. Ceci dit, il s'agit de l'ordi de mon lieu de travail (école) - ce qui explique par ailleurs le nombre d'infections :P - et je suis en congé cet après-midi. Si ça ne te dérange pas, je reviendrai vers toi pour l'attaque (finale, j'espère) dès demain matin. Dois-je reprendre demain par un balayage rapide de Mbam ou bien fais-je directement un scan en profondeur? Bien cordialement -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut, Eh bien non, aussi bizarre que cela puisse paraitre, j'ai pu l'installer, effectuer la MAJ et, actuellement, il est en train de ronronner pour le scan rapide. Je te tiens au courant! Les choses avanceraient-elles? -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Salut, Voici le rapport rkill... assez succint sans doute... This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Administrateur on 02/03/2010 at 12:05:57. Processes terminated by Rkill or while it was running: C:\Documents and Settings\Administrateur\Bureau\rkill.exe Rkill completed on 02/03/2010 at 12:06:06. Merci de ton aide -
infections probables
croquis a répondu à un(e) sujet de croquis dans Analyses et éradication malwares
Bonjour voici le rapport HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:14:54, on 2/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\updated7.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\scvchost.exe O4 - HKLM\..\Run: [deports] C:\WINDOWS\system32\lsassd.exe O4 - HKLM\..\Run: [svvchost.exe] C:\WINDOWS\system32\svvchost.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\scvchost.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201170073125 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: kbupdate - C:\WINDOWS\SYSTEM32\kbupdate.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 4306 bytes -
Bonjour, Je suis sur XP SP2. Je pense que la machine doit etre assez sérieusement infectée car il m'est impossible d'installer Antivir et Mbam (message de fichier corrompu lors de l'execution de chaque programme). J'ai pu, par contre, installer hijackthis et je tiens pret le rapport si nécessaire... En outre, j'ai de manière assez récurrente l'erreur "generic host" avec perte de connexion internet... Quelqu'un a-t-il une idée..? Cordialement
-
Bonsoir et merci , Non je n'ai pas récemment changé de marque de CDs ou DVDs. Je n'ai pas Nero. Par contre, j'ai DVD Burner, Alcohol 120 et Daemon. Pensez-vous que ça pourrait être lié? Je m'étonne que ce ne soit pas réparable puisqu'il lit encore parfaitement... Cordialement,
-
Bonjour, Je suis bien embêté par mon lecteur/graveur dvd qui refuse tout processus de gravage (avec DeepBurner) ce qui m'enrage et fiche en l'air moult CD et DVD vierges lors de chaque tentative. Je suis sur Vista (PC Vaio) et la marque du graveur est : MATSHITA DVD-RAM UJ-850S 1.60 J'ai délicatement nettoyé la lentille mais rien n'y fait. J'ai essayé de mettre à jour le pilote et un message me dit que je possède déjà la dernière version de celui-ci : 6.0.6000.16386 (version de 2006). J'en ferais bien mon deuil mais puisqu'il lit encore, je me demande s'il n'est pas récupérable... Merci de votre aide !
-
Bonsoir Pear, Je te confirme (après vérification) que Coolman écrit bien de renommer le fichier ntdll.dll en ntdll.dll.old (4ème point de la deuxième méthode de la récupération de la ressource NTDLL) Ceci dit, je ne peux ni le renommer en ntdll.old ni en ntdll.dll.old..... Bonsoir Galimatias, Le fichier fd32 que tu m'as indiqué ne règle pas le problème.. Toujours impossible de renommer le fichier ntdll...D'autre part, l'url que tu m'as donné renvoie à un forum qui conseille d'utiliser le fichier fd32 de vlite.net Par contre, depuis que j'ai désactivé l'UAC, l'explorateur Windows ne semble plus planter.... Bizarre bizarre. Penses-tu que je puisse considérer le problème comme résolu? Puis-je laisser indéfiniment l'UAC désactivée??? Merci! Cordialement vôtre, Croquis
-
Bonsoir, Malheureusement, la désactivation de l'UAC ne règle pas le problème, toujours impossible de renommer le fichier ntdll.dll Au secours! Cordialement, Croquis
-
Bonjour Galimatias, Merci pour le nouveau fichier ntdll.dll; il est d'ors et déjà sur mon DD. L'absolution est totale Cependant, en suivant la méthode de Coolman, je suis bloqué dès le départ car je n'arrive pas à renommer le fichier préexistant ntdll.dll en ntdll.dll.old Vista m'envoie un sympathique message m'indiquant que je dois disposer d'une autorisation pour effectuer cette action. Je suis pourtant logué en admin. Le problème est identique en bootant en safe mode. Que faire? Merci encore, Croquis PS: Le fait que ta version du fichier soit un peu plus récente que la mienne ne posera pas de problème???
-
Bonsoir à tous, Bonsoir Le Bird, Effectivement, le problème vient bien de l'explorateur Windows et non de IE. Le lien de Coolman (que j'avais déjà repéré) me laisse perplexe étant donné qu'il concerne uniquement XP et que je suis sous Vista familiale Premium 32bit. J'imagine bien que la marche à suivre est sensiblement pareille, mais le souci, c'est que j'ignore où trouver un fichier ntdll.dll sain (ma version est 6.0.6000.16386). 1) Nulle trace du répertoire "C:\Windows\ServicePackFiles\i386" sous mon Vista. 2) Coolman conseille d'utiliser le CD d'installation or je ne suis pas certain s'il s'agit d'un des 2 DVD de réinstallation que j'ai créés ( si oui, comment savoir lequel des 2 il s'agit..?) car je n'ai jamais effectué cette opération. 3) Enfin, troisième piste conseillée par Coolman, surfer sur Google à la recherche du-dit fichier mais je ne le trouve nulle part (le site www.dll-vista.com semblait idéal mais il ne fonctionne plus) Que me conseilles-tu? Bien cordialement, Croquis