Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

infections probables

croquis

Par croquis
dans Analyses et éradication malwares

 Partager

Messages recommandés

croquis Mega Power Member

croquis

Posté(e)
  • Auteur
Posté(e)

Bonjour :P

 

Voici le rapport Mbam (uniquement après le balayage "rapide") suivi du log HijackThis.

 

J'attends tes conseils pour poursuivre...

 

Cordialement,

--------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3811

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

 

2/03/2010 12:21:41

mbam-log-2010-03-02 (12-21-41).txt

 

Type de recherche: Examen rapide

Eléments examinés: 112920

Temps écoulé: 6 minute(s), 52 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 3

Clé(s) du Registre infectée(s): 5

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 6

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 34

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\kbdatat4.dll (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\kbupdate.dll (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\crt4.dll (Backdoor.Bot) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbupdate (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Inject) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Inject) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\kbdatat4.dll (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\scvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\35.scr (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\41.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\43.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\50.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\67.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\68.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\85.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sdra64.exe (Trojan.Dropper) -> Delete on reboot.

C:\WINDOWS\Temp\1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\2.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\tmp16.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\eraseme_21721.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temp\eraseme_71528.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1MSBRBJX\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1MSBRBJX\2krn[1].bin (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FZKJ9F8F\021010d501ne[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FZKJ9F8F\pon[1].exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7DRJPD6M\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7DRJPD6M\nun[2] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ARS2UD31\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RQ1LPFKI\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5PG95K6\avali[1] (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5PG95K6\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\kbupdate.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\logfile32.txt (Malware.Trace) -> Delete on reboot.

C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\kboem32.dat (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\crt4.dll (Backdoor.Bot) -> Delete on reboot.

 

-------------------------------------------------------------------------------------------------------------

 

Rapport HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:11:29, on 3/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\updated7.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Google Toolbar\gtb1.tmp.exe

C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [deports] C:\WINDOWS\system32\lsassd.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [svvchost.exe] C:\WINDOWS\system32\svvchost.exe

O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\scvchost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\scvchost.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201170073125

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 4044 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

C'est mieux, mais il en reste apparemment.

 

Télécharge OTMoveIt (OTM) par OldTimer.

  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :processes
:files
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Google Toolbar\gtb1.tmp.exe
C:\WINDOWS\updated7.exe
C:\WINDOWS\system32\lsassd.exe
C:\WINDOWS\system32\svvchost.exe
C:\WINDOWS\scvchost.exe

:reg 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"deports"=-
"svvchost.exe"=-
"Microsoft Driver Setup"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=-

:commands
[zipfiles]


  • Retourne dans la fenêtre de OTM, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt3
  • Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

croquis Mega Power Member

croquis

Posté(e)
  • Auteur
Posté(e)

Salut :P ,

 

Voici le rapport OTM:

 

========== PROCESSES ==========

========== FILES ==========

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Google Toolbar\gtb1.tmp.exe moved successfully.

C:\WINDOWS\updated7.exe moved successfully.

C:\WINDOWS\system32\lsassd.exe moved successfully.

C:\WINDOWS\system32\svvchost.exe moved successfully.

C:\WINDOWS\scvchost.exe moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\deports deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svvchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Driver Setup deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Microsoft Driver Setup deleted successfully.

========== COMMANDS ==========

 

OTM by OldTimer - Version 3.1.10.0 log created on 03032010_104453

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Super ! :P

 

Peux-tu uploader (envoyer) le ZIP qui se trouve dans C:\_OTM\MovedFiles\ sur ce site http://www.senduit.com/ (en réglant à un jour/1day) stp ?

Récupérer ces échantillons de fichiers infectés me permettra de les transmettre aux éditeurs (comme MBAM mais aussi les éditeurs d'antivirus) et améliorer les détections.

 

Senduit te proposera un lien, transmets-moi ce lien par messagerie privée stp.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

J'ai ton fichier, merci pour ta contribution, qui fera avancer les détections ! :P

 

Redémarre la machine, et poste un rapport HijackThis stp, dis-moi aussi si ça tourne normalement, après ce redémarrage.

croquis Mega Power Member

croquis

Posté(e)
  • Auteur
Posté(e)

Bonjour Falkra,

 

Désolé d'avoir tardé mais hier, impossible de me connecter sur le net pendant plus d'une minute... J'ai suspecté que lors du reboot, certaines infections soient revenues et m'aient empêché de me connecter... bref j'ai refait à l'instant un scan mbam (en profondeur cette fois) et il a encore trouvé une trentaine d'infections :P Suivant les indications de mbam je viens de redémarrer (je me demande si je ne devrais pas empêcher la restauration système au cas ou elle serait la source d'une réinfection...?) et depuis je me connecte normalement! :P

 

D'autre part, j'ai un message, lors de chaque redémarrage de la machine, que le fichier "avgnt.exe" de Avira ne peut être démarré... --> Dois-je effacer complètement Avira et le réinstaller..? D'autre part, le pare-feu Windows est continuellement INACTIF et lorsque je l'active, il se désactive quelques petites minutes après...Bizarre autant qu'étrange... Que me conseilles-tu?

 

Pour l'instant, je te poste:

- le dernier rapport tout frais de mbam;

- suivi du rapport d'un nouveau scan HijackThis (que je laisse ouvert en attendant ta réponse).

 

Cordialement :P ,

 

Croquis

 

 

LOG 1:

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3811

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

 

4/03/2010 9:24:18

mbam-log-2010-03-04 (09-24-18).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 131494

Temps écoulé: 14 minute(s), 3 second(s)

 

Processus mémoire infecté(s): 2

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 31

 

Processus mémoire infecté(s):

C:\WINDOWS\scvchost.exe (Trojan.Inject) -> Unloaded process successfully.

C:\WINDOWS\avp.exe (Trojan.Downloader) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Trojan.Inject) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Trojan.Inject) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\apv (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\scvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7DRJPD6M\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ARS2UD31\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ARS2UD31\nun[2] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ARS2UD31\nun[3] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RQ1LPFKI\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5PG95K6\nun[1] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5PG95K6\nun[2] (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP22\A0002331.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP25\A0002377.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP28\A0002479.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP28\A0002505.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP29\A0002508.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP29\A0002509.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP30\A0002517.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP31\A0003557.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP31\A0003558.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP31\A0003564.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DD4A116E-C0B4-493C-A70F-9654F92C31F9}\RP31\A0004569.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\12.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\26.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\44.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\67.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\70.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\77.scr (Trojan.Inject) -> Quarantined and deleted successfully.

C:\_OTM\MovedFiles\03032010_104453\C_WINDOWS\scvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\_OTM\MovedFiles\03032010_104453\C_WINDOWS\system32\svvchost.exe (Trojan.Inject) -> Quarantined and deleted successfully.

C:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\avp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

-------------------------------------------------------------------------------------------------------------------------------

 

LOG 2:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:41:33, on 4/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcourrier.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201170073125

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 3929 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Les infections aiment utiliser ta connexion internet, donc n'ont intérêt à te la couper. :P

 

Tu m'as passé les fichiers infectés, je les ai remontés à MBAM, et là ce sont les nouvelles détections dont tu bénéficies, et qui trouvent tout ça (ou presque tout) grâce à tes échantillons, ils ont fait vite ! :P

Ca n'a pas été inutile, tout le monde est gagnant, et comme tu as fait un scan complet c'est remonté à la source, fichiers piégés téléchargés sur une page web selon toute vraisemblance, par IE.

 

Il y a eu une bonne dizaine de mises à jour de MBAM depuis, donc si tu veux refaire un scan, fais-le pas de souci, mais après un redémarrage, sinon ton dernier rapport HijackThis est ok, il faut par contre qu'on sécurise ta machine.

croquis Mega Power Member

croquis

Posté(e)
  • Auteur
Posté(e)

Salut ;)

 

Donc, j'ai effectué une MAJ de Mbam et refait un scan complet. Plus qu'UNE infection :) mais qui s'accroche! Il s'agit d'un rootkit situé dans C\WINDOWS\system32\drivers\str.sys Mbam m'invite a rebooter pour l'éradiquer mais il n'y arrive pas (j'ai refait un scan pour finalement toujours obtenir cette erreur). Que faire??? :P

 

En outre, j'ai installé et fait tourner au préalable CCleaner. :P

 

Pour Avira (qui ne fonctionne pas avec un message avgnt.exe cannot be started à chaque démarrage de la machine) éh bien je suis dans l'impossibilité de supprimer l'antivirus (pour le réinstaller par la suite). A chaque tentative, cela commence normalement, ouverture d'une fenêtre internet pour feed-back puis subitement l'ordinateur redémarre de lui même en plein effaçage... :P Je suis allé (à tort ou à raison) dans les propriétés avancées du poste de travail pour empêcher le redémarrage automatique et tout ce que j'y ai gagné, c'est une belle page bleu avec un message d'erreur et donc un redémarrage manuel subséquent.

 

Que me conseilles-tu? :P

 

Bien cordialement,

 

Croquis

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)
Que faire???
Continuer à creuser la question. Visiblement il reste des cochonneries. :P

 

Télécharge GMER Rootkit Scanner du lien suivant :

 

http://www.gmer.net/#files

 

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau.

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes.

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

  • Sections
  • **Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

croquis Mega Power Member

croquis

Posté(e)
  • Auteur
Posté(e)

Salut :)

 

Effectivement j'ai eu droit à un "warning" (attendu d'ailleurs) avant et après le scan...

 

--> Dois-je fermer le programme GMER?

 

--> Voici donc le log "Ark.txt" demandé:

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-04 12:07:54

Windows 5.1.2600 Service Pack 2

Running: zsq8ym6e.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pglcraoc.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT F20E0B3E ZwCreateKey

SSDT F20E0B34 ZwCreateThread

SSDT F20E0B43 ZwDeleteKey

SSDT F20E0B4D ZwDeleteValueKey

SSDT F20E0B52 ZwLoadKey

SSDT F20E0B20 ZwOpenProcess

SSDT F20E0B25 ZwOpenThread

SSDT F20E0B5C ZwReplaceKey

SSDT F20E0B57 ZwRestoreKey

SSDT F20E0B48 ZwSetValueKey

SSDT F20E0B2F ZwTerminateProcess

 

INT 0x73 ? FEA7090C

INT 0x93 ? FEA79624

INT 0xA3 ? FEAC81A4

INT 0xA4 ? FE94DDD4

 

---- Devices - GMER 1.0.15 ----

 

Device \Driver\owsqckcsbnkr \Device\{9DD6AFA1-8646-4720-836B-EDCB1085864A} 000006B8

 

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:1024] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E System [4.1024] ZwCreateKey

SSDT F20E0B34 System [4.1024] ZwCreateThread

SSDT F20E0B43 System [4.1024] ZwDeleteKey

SSDT 000006B8 System [4.1024] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 System [4.1024] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 System [4.1024] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 System [4.1024] ZwLoadKey

SSDT 000006B8 System [4.1024] ZwOpenKey [0xB296910F]

SSDT 000006B8 System [4.1024] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 System [4.1024] ZwOpenThread [0xB2968F01]

SSDT 000006B8 System [4.1024] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 System [4.1024] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 System [4.1024] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 System [4.1024] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C System [4.1024] ZwReplaceKey

SSDT F20E0B57 System [4.1024] ZwRestoreKey

SSDT 000006B8 System [4.1024] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 System [4.1024] ZwSetValueKey [0xB2969413]

SSDT 000006B8 System [4.1024] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F System [4.1024] ZwTerminateProcess

SSDT 000006B8 System [4.1024] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 System [4.1024] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:1028] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E System [4.1028] ZwCreateKey

SSDT F20E0B34 System [4.1028] ZwCreateThread

SSDT F20E0B43 System [4.1028] ZwDeleteKey

SSDT 000006B8 System [4.1028] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 System [4.1028] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 System [4.1028] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 System [4.1028] ZwLoadKey

SSDT 000006B8 System [4.1028] ZwOpenKey [0xB296910F]

SSDT 000006B8 System [4.1028] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 System [4.1028] ZwOpenThread [0xB2968F01]

SSDT 000006B8 System [4.1028] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 System [4.1028] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 System [4.1028] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 System [4.1028] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C System [4.1028] ZwReplaceKey

SSDT F20E0B57 System [4.1028] ZwRestoreKey

SSDT 000006B8 System [4.1028] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 System [4.1028] ZwSetValueKey [0xB2969413]

SSDT 000006B8 System [4.1028] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F System [4.1028] ZwTerminateProcess

SSDT 000006B8 System [4.1028] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 System [4.1028] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:1792] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E System [4.1792] ZwCreateKey

SSDT F20E0B34 System [4.1792] ZwCreateThread

SSDT F20E0B43 System [4.1792] ZwDeleteKey

SSDT 000006B8 System [4.1792] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 System [4.1792] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 System [4.1792] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 System [4.1792] ZwLoadKey

SSDT 000006B8 System [4.1792] ZwOpenKey [0xB296910F]

SSDT 000006B8 System [4.1792] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 System [4.1792] ZwOpenThread [0xB2968F01]

SSDT 000006B8 System [4.1792] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 System [4.1792] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 System [4.1792] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 System [4.1792] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C System [4.1792] ZwReplaceKey

SSDT F20E0B57 System [4.1792] ZwRestoreKey

SSDT 000006B8 System [4.1792] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 System [4.1792] ZwSetValueKey [0xB2969413]

SSDT 000006B8 System [4.1792] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F System [4.1792] ZwTerminateProcess

SSDT 000006B8 System [4.1792] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 System [4.1792] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:348] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E System [4.348] ZwCreateKey

SSDT F20E0B34 System [4.348] ZwCreateThread

SSDT F20E0B43 System [4.348] ZwDeleteKey

SSDT 000006B8 System [4.348] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 System [4.348] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 System [4.348] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 System [4.348] ZwLoadKey

SSDT 000006B8 System [4.348] ZwOpenKey [0xB296910F]

SSDT 000006B8 System [4.348] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 System [4.348] ZwOpenThread [0xB2968F01]

SSDT 000006B8 System [4.348] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 System [4.348] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 System [4.348] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 System [4.348] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C System [4.348] ZwReplaceKey

SSDT F20E0B57 System [4.348] ZwRestoreKey

SSDT 000006B8 System [4.348] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 System [4.348] ZwSetValueKey [0xB2969413]

SSDT 000006B8 System [4.348] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F System [4.348] ZwTerminateProcess

SSDT 000006B8 System [4.348] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 System [4.348] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:352] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E System [4.352] ZwCreateKey

SSDT F20E0B34 System [4.352] ZwCreateThread

SSDT F20E0B43 System [4.352] ZwDeleteKey

SSDT 000006B8 System [4.352] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 System [4.352] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 System [4.352] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 System [4.352] ZwLoadKey

SSDT 000006B8 System [4.352] ZwOpenKey [0xB296910F]

SSDT 000006B8 System [4.352] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 System [4.352] ZwOpenThread [0xB2968F01]

SSDT 000006B8 System [4.352] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 System [4.352] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 System [4.352] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 System [4.352] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C System [4.352] ZwReplaceKey

SSDT F20E0B57 System [4.352] ZwRestoreKey

SSDT 000006B8 System [4.352] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 System [4.352] ZwSetValueKey [0xB2969413]

SSDT 000006B8 System [4.352] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F System [4.352] ZwTerminateProcess

SSDT 000006B8 System [4.352] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 System [4.352] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:1692] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E System [4.1692] ZwCreateKey

SSDT F20E0B34 System [4.1692] ZwCreateThread

SSDT F20E0B43 System [4.1692] ZwDeleteKey

SSDT 000006B8 System [4.1692] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 System [4.1692] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 System [4.1692] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 System [4.1692] ZwLoadKey

SSDT 000006B8 System [4.1692] ZwOpenKey [0xB296910F]

SSDT 000006B8 System [4.1692] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 System [4.1692] ZwOpenThread [0xB2968F01]

SSDT 000006B8 System [4.1692] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 System [4.1692] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 System [4.1692] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 System [4.1692] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C System [4.1692] ZwReplaceKey

SSDT F20E0B57 System [4.1692] ZwRestoreKey

SSDT 000006B8 System [4.1692] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 System [4.1692] ZwSetValueKey [0xB2969413]

SSDT 000006B8 System [4.1692] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F System [4.1692] ZwTerminateProcess

SSDT 000006B8 System [4.1692] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 System [4.1692] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:1840] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E System [4.1840] ZwCreateKey

SSDT F20E0B34 System [4.1840] ZwCreateThread

SSDT F20E0B43 System [4.1840] ZwDeleteKey

SSDT 000006B8 System [4.1840] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 System [4.1840] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 System [4.1840] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 System [4.1840] ZwLoadKey

SSDT 000006B8 System [4.1840] ZwOpenKey [0xB296910F]

SSDT 000006B8 System [4.1840] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 System [4.1840] ZwOpenThread [0xB2968F01]

SSDT 000006B8 System [4.1840] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 System [4.1840] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 System [4.1840] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 System [4.1840] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C System [4.1840] ZwReplaceKey

SSDT F20E0B57 System [4.1840] ZwRestoreKey

SSDT 000006B8 System [4.1840] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 System [4.1840] ZwSetValueKey [0xB2969413]

SSDT 000006B8 System [4.1840] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F System [4.1840] ZwTerminateProcess

SSDT 000006B8 System [4.1840] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 System [4.1840] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:3688] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E System [4.3688] ZwCreateKey

SSDT F20E0B34 System [4.3688] ZwCreateThread

SSDT F20E0B43 System [4.3688] ZwDeleteKey

SSDT 000006B8 System [4.3688] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 System [4.3688] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 System [4.3688] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 System [4.3688] ZwLoadKey

SSDT 000006B8 System [4.3688] ZwOpenKey [0xB296910F]

SSDT 000006B8 System [4.3688] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 System [4.3688] ZwOpenThread [0xB2968F01]

SSDT 000006B8 System [4.3688] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 System [4.3688] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 System [4.3688] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 System [4.3688] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C System [4.3688] ZwReplaceKey

SSDT F20E0B57 System [4.3688] ZwRestoreKey

SSDT 000006B8 System [4.3688] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 System [4.3688] ZwSetValueKey [0xB2969413]

SSDT 000006B8 System [4.3688] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F System [4.3688] ZwTerminateProcess

SSDT 000006B8 System [4.3688] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 System [4.3688] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread GoogleToolbarNotifier.exe [164:768] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E GoogleToolbarNotifier.exe [164.768] ZwCreateKey

SSDT F20E0B34 GoogleToolbarNotifier.exe [164.768] ZwCreateThread

SSDT F20E0B43 GoogleToolbarNotifier.exe [164.768] ZwDeleteKey

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 GoogleToolbarNotifier.exe [164.768] ZwLoadKey

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwOpenKey [0xB296910F]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwOpenThread [0xB2968F01]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C GoogleToolbarNotifier.exe [164.768] ZwReplaceKey

SSDT F20E0B57 GoogleToolbarNotifier.exe [164.768] ZwRestoreKey

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwSetValueKey [0xB2969413]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F GoogleToolbarNotifier.exe [164.768] ZwTerminateProcess

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.768] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread GoogleToolbarNotifier.exe [164:1896] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E GoogleToolbarNotifier.exe [164.1896] ZwCreateKey

SSDT F20E0B34 GoogleToolbarNotifier.exe [164.1896] ZwCreateThread

SSDT F20E0B43 GoogleToolbarNotifier.exe [164.1896] ZwDeleteKey

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 GoogleToolbarNotifier.exe [164.1896] ZwLoadKey

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwOpenKey [0xB296910F]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwOpenThread [0xB2968F01]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C GoogleToolbarNotifier.exe [164.1896] ZwReplaceKey

SSDT F20E0B57 GoogleToolbarNotifier.exe [164.1896] ZwRestoreKey

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwSetValueKey [0xB2969413]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F GoogleToolbarNotifier.exe [164.1896] ZwTerminateProcess

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.1896] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread GoogleToolbarNotifier.exe [164:2208] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E GoogleToolbarNotifier.exe [164.2208] ZwCreateKey

SSDT F20E0B34 GoogleToolbarNotifier.exe [164.2208] ZwCreateThread

SSDT F20E0B43 GoogleToolbarNotifier.exe [164.2208] ZwDeleteKey

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 GoogleToolbarNotifier.exe [164.2208] ZwLoadKey

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwOpenKey [0xB296910F]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwOpenThread [0xB2968F01]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C GoogleToolbarNotifier.exe [164.2208] ZwReplaceKey

SSDT F20E0B57 GoogleToolbarNotifier.exe [164.2208] ZwRestoreKey

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwSetValueKey [0xB2969413]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F GoogleToolbarNotifier.exe [164.2208] ZwTerminateProcess

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 GoogleToolbarNotifier.exe [164.2208] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread alg.exe [520:532] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E alg.exe [520.532] ZwCreateKey

SSDT F20E0B34 alg.exe [520.532] ZwCreateThread

SSDT F20E0B43 alg.exe [520.532] ZwDeleteKey

SSDT 000006B8 alg.exe [520.532] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 alg.exe [520.532] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 alg.exe [520.532] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 alg.exe [520.532] ZwLoadKey

SSDT 000006B8 alg.exe [520.532] ZwOpenKey [0xB296910F]

SSDT 000006B8 alg.exe [520.532] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 alg.exe [520.532] ZwOpenThread [0xB2968F01]

SSDT 000006B8 alg.exe [520.532] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 alg.exe [520.532] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 alg.exe [520.532] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 alg.exe [520.532] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C alg.exe [520.532] ZwReplaceKey

SSDT F20E0B57 alg.exe [520.532] ZwRestoreKey

SSDT 000006B8 alg.exe [520.532] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 alg.exe [520.532] ZwSetValueKey [0xB2969413]

SSDT 000006B8 alg.exe [520.532] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F alg.exe [520.532] ZwTerminateProcess

SSDT 000006B8 alg.exe [520.532] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 alg.exe [520.532] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread alg.exe [520:904] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E alg.exe [520.904] ZwCreateKey

SSDT F20E0B34 alg.exe [520.904] ZwCreateThread

SSDT F20E0B43 alg.exe [520.904] ZwDeleteKey

SSDT 000006B8 alg.exe [520.904] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 alg.exe [520.904] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 alg.exe [520.904] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 alg.exe [520.904] ZwLoadKey

SSDT 000006B8 alg.exe [520.904] ZwOpenKey [0xB296910F]

SSDT 000006B8 alg.exe [520.904] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 alg.exe [520.904] ZwOpenThread [0xB2968F01]

SSDT 000006B8 alg.exe [520.904] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 alg.exe [520.904] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 alg.exe [520.904] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 alg.exe [520.904] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C alg.exe [520.904] ZwReplaceKey

SSDT F20E0B57 alg.exe [520.904] ZwRestoreKey

SSDT 000006B8 alg.exe [520.904] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 alg.exe [520.904] ZwSetValueKey [0xB2969413]

SSDT 000006B8 alg.exe [520.904] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F alg.exe [520.904] ZwTerminateProcess

SSDT 000006B8 alg.exe [520.904] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 alg.exe [520.904] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread alg.exe [520:780] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E alg.exe [520.780] ZwCreateKey

SSDT F20E0B34 alg.exe [520.780] ZwCreateThread

SSDT F20E0B43 alg.exe [520.780] ZwDeleteKey

SSDT 000006B8 alg.exe [520.780] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 alg.exe [520.780] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 alg.exe [520.780] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 alg.exe [520.780] ZwLoadKey

SSDT 000006B8 alg.exe [520.780] ZwOpenKey [0xB296910F]

SSDT 000006B8 alg.exe [520.780] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 alg.exe [520.780] ZwOpenThread [0xB2968F01]

SSDT 000006B8 alg.exe [520.780] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 alg.exe [520.780] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 alg.exe [520.780] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 alg.exe [520.780] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C alg.exe [520.780] ZwReplaceKey

SSDT F20E0B57 alg.exe [520.780] ZwRestoreKey

SSDT 000006B8 alg.exe [520.780] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 alg.exe [520.780] ZwSetValueKey [0xB2969413]

SSDT 000006B8 alg.exe [520.780] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F alg.exe [520.780] ZwTerminateProcess

SSDT 000006B8 alg.exe [520.780] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 alg.exe [520.780] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread alg.exe [520:1000] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E alg.exe [520.1000] ZwCreateKey

SSDT F20E0B34 alg.exe [520.1000] ZwCreateThread

SSDT F20E0B43 alg.exe [520.1000] ZwDeleteKey

SSDT 000006B8 alg.exe [520.1000] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 alg.exe [520.1000] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 alg.exe [520.1000] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 alg.exe [520.1000] ZwLoadKey

SSDT 000006B8 alg.exe [520.1000] ZwOpenKey [0xB296910F]

SSDT 000006B8 alg.exe [520.1000] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 alg.exe [520.1000] ZwOpenThread [0xB2968F01]

SSDT 000006B8 alg.exe [520.1000] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 alg.exe [520.1000] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 alg.exe [520.1000] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 alg.exe [520.1000] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C alg.exe [520.1000] ZwReplaceKey

SSDT F20E0B57 alg.exe [520.1000] ZwRestoreKey

SSDT 000006B8 alg.exe [520.1000] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 alg.exe [520.1000] ZwSetValueKey [0xB2969413]

SSDT 000006B8 alg.exe [520.1000] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F alg.exe [520.1000] ZwTerminateProcess

SSDT 000006B8 alg.exe [520.1000] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 alg.exe [520.1000] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread alg.exe [520:692] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E alg.exe [520.692] ZwCreateKey

SSDT F20E0B34 alg.exe [520.692] ZwCreateThread

SSDT F20E0B43 alg.exe [520.692] ZwDeleteKey

SSDT 000006B8 alg.exe [520.692] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 alg.exe [520.692] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 alg.exe [520.692] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 alg.exe [520.692] ZwLoadKey

SSDT 000006B8 alg.exe [520.692] ZwOpenKey [0xB296910F]

SSDT 000006B8 alg.exe [520.692] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 alg.exe [520.692] ZwOpenThread [0xB2968F01]

SSDT 000006B8 alg.exe [520.692] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 alg.exe [520.692] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 alg.exe [520.692] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 alg.exe [520.692] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C alg.exe [520.692] ZwReplaceKey

SSDT F20E0B57 alg.exe [520.692] ZwRestoreKey

SSDT 000006B8 alg.exe [520.692] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 alg.exe [520.692] ZwSetValueKey [0xB2969413]

SSDT 000006B8 alg.exe [520.692] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F alg.exe [520.692] ZwTerminateProcess

SSDT 000006B8 alg.exe [520.692] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 alg.exe [520.692] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread alg.exe [520:1536] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E alg.exe [520.1536] ZwCreateKey

SSDT F20E0B34 alg.exe [520.1536] ZwCreateThread

SSDT F20E0B43 alg.exe [520.1536] ZwDeleteKey

SSDT 000006B8 alg.exe [520.1536] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 alg.exe [520.1536] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 alg.exe [520.1536] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 alg.exe [520.1536] ZwLoadKey

SSDT 000006B8 alg.exe [520.1536] ZwOpenKey [0xB296910F]

SSDT 000006B8 alg.exe [520.1536] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 alg.exe [520.1536] ZwOpenThread [0xB2968F01]

SSDT 000006B8 alg.exe [520.1536] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 alg.exe [520.1536] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 alg.exe [520.1536] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 alg.exe [520.1536] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C alg.exe [520.1536] ZwReplaceKey

SSDT F20E0B57 alg.exe [520.1536] ZwRestoreKey

SSDT 000006B8 alg.exe [520.1536] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 alg.exe [520.1536] ZwSetValueKey [0xB2969413]

SSDT 000006B8 alg.exe [520.1536] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F alg.exe [520.1536] ZwTerminateProcess

SSDT 000006B8 alg.exe [520.1536] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 alg.exe [520.1536] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread csrss.exe [620:628] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E csrss.exe [620.628] ZwCreateKey

SSDT F20E0B34 csrss.exe [620.628] ZwCreateThread

SSDT F20E0B43 csrss.exe [620.628] ZwDeleteKey

SSDT 000006B8 csrss.exe [620.628] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 csrss.exe [620.628] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 csrss.exe [620.628] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 csrss.exe [620.628] ZwLoadKey

SSDT 000006B8 csrss.exe [620.628] ZwOpenKey [0xB296910F]

SSDT 000006B8 csrss.exe [620.628] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 csrss.exe [620.628] ZwOpenThread [0xB2968F01]

SSDT 000006B8 csrss.exe [620.628] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 csrss.exe [620.628] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 csrss.exe [620.628] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 csrss.exe [620.628] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C csrss.exe [620.628] ZwReplaceKey

SSDT F20E0B57 csrss.exe [620.628] ZwRestoreKey

SSDT 000006B8 csrss.exe [620.628] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 csrss.exe [620.628] ZwSetValueKey [0xB2969413]

SSDT 000006B8 csrss.exe [620.628] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F csrss.exe [620.628] ZwTerminateProcess

SSDT 000006B8 csrss.exe [620.628] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 csrss.exe [620.628] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread csrss.exe [620:1772] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E csrss.exe [620.1772] ZwCreateKey

SSDT F20E0B34 csrss.exe [620.1772] ZwCreateThread

SSDT F20E0B43 csrss.exe [620.1772] ZwDeleteKey

SSDT 000006B8 csrss.exe [620.1772] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 csrss.exe [620.1772] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 csrss.exe [620.1772] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 csrss.exe [620.1772] ZwLoadKey

SSDT 000006B8 csrss.exe [620.1772] ZwOpenKey [0xB296910F]

SSDT 000006B8 csrss.exe [620.1772] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 csrss.exe [620.1772] ZwOpenThread [0xB2968F01]

SSDT 000006B8 csrss.exe [620.1772] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 csrss.exe [620.1772] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 csrss.exe [620.1772] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 csrss.exe [620.1772] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C csrss.exe [620.1772] ZwReplaceKey

SSDT F20E0B57 csrss.exe [620.1772] ZwRestoreKey

SSDT 000006B8 csrss.exe [620.1772] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 csrss.exe [620.1772] ZwSetValueKey [0xB2969413]

SSDT 000006B8 csrss.exe [620.1772] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F csrss.exe [620.1772] ZwTerminateProcess

SSDT 000006B8 csrss.exe [620.1772] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 csrss.exe [620.1772] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread winlogon.exe [644:1728] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E winlogon.exe [644.1728] ZwCreateKey

SSDT F20E0B34 winlogon.exe [644.1728] ZwCreateThread

SSDT F20E0B43 winlogon.exe [644.1728] ZwDeleteKey

SSDT 000006B8 winlogon.exe [644.1728] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 winlogon.exe [644.1728] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 winlogon.exe [644.1728] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 winlogon.exe [644.1728] ZwLoadKey

SSDT 000006B8 winlogon.exe [644.1728] ZwOpenKey [0xB296910F]

SSDT 000006B8 winlogon.exe [644.1728] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 winlogon.exe [644.1728] ZwOpenThread [0xB2968F01]

SSDT 000006B8 winlogon.exe [644.1728] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 winlogon.exe [644.1728] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 winlogon.exe [644.1728] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 winlogon.exe [644.1728] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C winlogon.exe [644.1728] ZwReplaceKey

SSDT F20E0B57 winlogon.exe [644.1728] ZwRestoreKey

SSDT 000006B8 winlogon.exe [644.1728] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 winlogon.exe [644.1728] ZwSetValueKey [0xB2969413]

SSDT 000006B8 winlogon.exe [644.1728] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F winlogon.exe [644.1728] ZwTerminateProcess

SSDT 000006B8 winlogon.exe [644.1728] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 winlogon.exe [644.1728] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread winlogon.exe [644:2344] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E winlogon.exe [644.2344] ZwCreateKey

SSDT F20E0B34 winlogon.exe [644.2344] ZwCreateThread

SSDT F20E0B43 winlogon.exe [644.2344] ZwDeleteKey

SSDT 000006B8 winlogon.exe [644.2344] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 winlogon.exe [644.2344] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 winlogon.exe [644.2344] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 winlogon.exe [644.2344] ZwLoadKey

SSDT 000006B8 winlogon.exe [644.2344] ZwOpenKey [0xB296910F]

SSDT 000006B8 winlogon.exe [644.2344] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 winlogon.exe [644.2344] ZwOpenThread [0xB2968F01]

SSDT 000006B8 winlogon.exe [644.2344] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 winlogon.exe [644.2344] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 winlogon.exe [644.2344] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 winlogon.exe [644.2344] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C winlogon.exe [644.2344] ZwReplaceKey

SSDT F20E0B57 winlogon.exe [644.2344] ZwRestoreKey

SSDT 000006B8 winlogon.exe [644.2344] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 winlogon.exe [644.2344] ZwSetValueKey [0xB2969413]

SSDT 000006B8 winlogon.exe [644.2344] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F winlogon.exe [644.2344] ZwTerminateProcess

SSDT 000006B8 winlogon.exe [644.2344] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 winlogon.exe [644.2344] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread winlogon.exe [644:2352] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E winlogon.exe [644.2352] ZwCreateKey

SSDT F20E0B34 winlogon.exe [644.2352] ZwCreateThread

SSDT F20E0B43 winlogon.exe [644.2352] ZwDeleteKey

SSDT 000006B8 winlogon.exe [644.2352] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 winlogon.exe [644.2352] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 winlogon.exe [644.2352] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 winlogon.exe [644.2352] ZwLoadKey

SSDT 000006B8 winlogon.exe [644.2352] ZwOpenKey [0xB296910F]

SSDT 000006B8 winlogon.exe [644.2352] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 winlogon.exe [644.2352] ZwOpenThread [0xB2968F01]

SSDT 000006B8 winlogon.exe [644.2352] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 winlogon.exe [644.2352] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 winlogon.exe [644.2352] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 winlogon.exe [644.2352] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C winlogon.exe [644.2352] ZwReplaceKey

SSDT F20E0B57 winlogon.exe [644.2352] ZwRestoreKey

SSDT 000006B8 winlogon.exe [644.2352] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 winlogon.exe [644.2352] ZwSetValueKey [0xB2969413]

SSDT 000006B8 winlogon.exe [644.2352] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F winlogon.exe [644.2352] ZwTerminateProcess

SSDT 000006B8 winlogon.exe [644.2352] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 winlogon.exe [644.2352] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread winlogon.exe [644:2476] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E winlogon.exe [644.2476] ZwCreateKey

SSDT F20E0B34 winlogon.exe [644.2476] ZwCreateThread

SSDT F20E0B43 winlogon.exe [644.2476] ZwDeleteKey

SSDT 000006B8 winlogon.exe [644.2476] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 winlogon.exe [644.2476] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 winlogon.exe [644.2476] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 winlogon.exe [644.2476] ZwLoadKey

SSDT 000006B8 winlogon.exe [644.2476] ZwOpenKey [0xB296910F]

SSDT 000006B8 winlogon.exe [644.2476] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 winlogon.exe [644.2476] ZwOpenThread [0xB2968F01]

SSDT 000006B8 winlogon.exe [644.2476] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 winlogon.exe [644.2476] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 winlogon.exe [644.2476] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 winlogon.exe [644.2476] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C winlogon.exe [644.2476] ZwReplaceKey

SSDT F20E0B57 winlogon.exe [644.2476] ZwRestoreKey

SSDT 000006B8 winlogon.exe [644.2476] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 winlogon.exe [644.2476] ZwSetValueKey [0xB2969413]

SSDT 000006B8 winlogon.exe [644.2476] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F winlogon.exe [644.2476] ZwTerminateProcess

SSDT 000006B8 winlogon.exe [644.2476] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 winlogon.exe [644.2476] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread winlogon.exe [644:2700] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E winlogon.exe [644.2700] ZwCreateKey

SSDT F20E0B34 winlogon.exe [644.2700] ZwCreateThread

SSDT F20E0B43 winlogon.exe [644.2700] ZwDeleteKey

SSDT 000006B8 winlogon.exe [644.2700] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 winlogon.exe [644.2700] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 winlogon.exe [644.2700] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 winlogon.exe [644.2700] ZwLoadKey

SSDT 000006B8 winlogon.exe [644.2700] ZwOpenKey [0xB296910F]

SSDT 000006B8 winlogon.exe [644.2700] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 winlogon.exe [644.2700] ZwOpenThread [0xB2968F01]

SSDT 000006B8 winlogon.exe [644.2700] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 winlogon.exe [644.2700] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 winlogon.exe [644.2700] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 winlogon.exe [644.2700] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C winlogon.exe [644.2700] ZwReplaceKey

SSDT F20E0B57 winlogon.exe [644.2700] ZwRestoreKey

SSDT 000006B8 winlogon.exe [644.2700] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 winlogon.exe [644.2700] ZwSetValueKey [0xB2969413]

SSDT 000006B8 winlogon.exe [644.2700] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F winlogon.exe [644.2700] ZwTerminateProcess

SSDT 000006B8 winlogon.exe [644.2700] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 winlogon.exe [644.2700] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread services.exe [688:1104] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E services.exe [688.1104] ZwCreateKey

SSDT F20E0B34 services.exe [688.1104] ZwCreateThread

SSDT F20E0B43 services.exe [688.1104] ZwDeleteKey

SSDT 000006B8 services.exe [688.1104] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 services.exe [688.1104] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 services.exe [688.1104] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 services.exe [688.1104] ZwLoadKey

SSDT 000006B8 services.exe [688.1104] ZwOpenKey [0xB296910F]

SSDT 000006B8 services.exe [688.1104] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 services.exe [688.1104] ZwOpenThread [0xB2968F01]

SSDT 000006B8 services.exe [688.1104] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 services.exe [688.1104] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 services.exe [688.1104] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 services.exe [688.1104] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C services.exe [688.1104] ZwReplaceKey

SSDT F20E0B57 services.exe [688.1104] ZwRestoreKey

SSDT 000006B8 services.exe [688.1104] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 services.exe [688.1104] ZwSetValueKey [0xB2969413]

SSDT 000006B8 services.exe [688.1104] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F services.exe [688.1104] ZwTerminateProcess

SSDT 000006B8 services.exe [688.1104] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 services.exe [688.1104] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread services.exe [688:468] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E services.exe [688.468] ZwCreateKey

SSDT F20E0B34 services.exe [688.468] ZwCreateThread

SSDT F20E0B43 services.exe [688.468] ZwDeleteKey

SSDT 000006B8 services.exe [688.468] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 services.exe [688.468] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 services.exe [688.468] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 services.exe [688.468] ZwLoadKey

SSDT 000006B8 services.exe [688.468] ZwOpenKey [0xB296910F]

SSDT 000006B8 services.exe [688.468] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 services.exe [688.468] ZwOpenThread [0xB2968F01]

SSDT 000006B8 services.exe [688.468] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 services.exe [688.468] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 services.exe [688.468] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 services.exe [688.468] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C services.exe [688.468] ZwReplaceKey

SSDT F20E0B57 services.exe [688.468] ZwRestoreKey

SSDT 000006B8 services.exe [688.468] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 services.exe [688.468] ZwSetValueKey [0xB2969413]

SSDT 000006B8 services.exe [688.468] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F services.exe [688.468] ZwTerminateProcess

SSDT 000006B8 services.exe [688.468] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 services.exe [688.468] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread services.exe [688:436] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E services.exe [688.436] ZwCreateKey

SSDT F20E0B34 services.exe [688.436] ZwCreateThread

SSDT F20E0B43 services.exe [688.436] ZwDeleteKey

SSDT 000006B8 services.exe [688.436] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 services.exe [688.436] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 services.exe [688.436] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 services.exe [688.436] ZwLoadKey

SSDT 000006B8 services.exe [688.436] ZwOpenKey [0xB296910F]

SSDT 000006B8 services.exe [688.436] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 services.exe [688.436] ZwOpenThread [0xB2968F01]

SSDT 000006B8 services.exe [688.436] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 services.exe [688.436] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 services.exe [688.436] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 services.exe [688.436] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C services.exe [688.436] ZwReplaceKey

SSDT F20E0B57 services.exe [688.436] ZwRestoreKey

SSDT 000006B8 services.exe [688.436] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 services.exe [688.436] ZwSetValueKey [0xB2969413]

SSDT 000006B8 services.exe [688.436] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F services.exe [688.436] ZwTerminateProcess

SSDT 000006B8 services.exe [688.436] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 services.exe [688.436] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread services.exe [688:2712] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E services.exe [688.2712] ZwCreateKey

SSDT F20E0B34 services.exe [688.2712] ZwCreateThread

SSDT F20E0B43 services.exe [688.2712] ZwDeleteKey

SSDT 000006B8 services.exe [688.2712] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 services.exe [688.2712] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 services.exe [688.2712] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 services.exe [688.2712] ZwLoadKey

SSDT 000006B8 services.exe [688.2712] ZwOpenKey [0xB296910F]

SSDT 000006B8 services.exe [688.2712] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 services.exe [688.2712] ZwOpenThread [0xB2968F01]

SSDT 000006B8 services.exe [688.2712] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 services.exe [688.2712] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 services.exe [688.2712] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 services.exe [688.2712] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C services.exe [688.2712] ZwReplaceKey

SSDT F20E0B57 services.exe [688.2712] ZwRestoreKey

SSDT 000006B8 services.exe [688.2712] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 services.exe [688.2712] ZwSetValueKey [0xB2969413]

SSDT 000006B8 services.exe [688.2712] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F services.exe [688.2712] ZwTerminateProcess

SSDT 000006B8 services.exe [688.2712] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 services.exe [688.2712] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread services.exe [688:3304] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E services.exe [688.3304] ZwCreateKey

SSDT F20E0B34 services.exe [688.3304] ZwCreateThread

SSDT F20E0B43 services.exe [688.3304] ZwDeleteKey

SSDT 000006B8 services.exe [688.3304] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 services.exe [688.3304] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 services.exe [688.3304] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 services.exe [688.3304] ZwLoadKey

SSDT 000006B8 services.exe [688.3304] ZwOpenKey [0xB296910F]

SSDT 000006B8 services.exe [688.3304] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 services.exe [688.3304] ZwOpenThread [0xB2968F01]

SSDT 000006B8 services.exe [688.3304] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 services.exe [688.3304] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 services.exe [688.3304] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 services.exe [688.3304] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C services.exe [688.3304] ZwReplaceKey

SSDT F20E0B57 services.exe [688.3304] ZwRestoreKey

SSDT 000006B8 services.exe [688.3304] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 services.exe [688.3304] ZwSetValueKey [0xB2969413]

SSDT 000006B8 services.exe [688.3304] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F services.exe [688.3304] ZwTerminateProcess

SSDT 000006B8 services.exe [688.3304] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 services.exe [688.3304] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread services.exe [688:3652] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E services.exe [688.3652] ZwCreateKey

SSDT F20E0B34 services.exe [688.3652] ZwCreateThread

SSDT F20E0B43 services.exe [688.3652] ZwDeleteKey

SSDT 000006B8 services.exe [688.3652] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 services.exe [688.3652] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 services.exe [688.3652] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 services.exe [688.3652] ZwLoadKey

SSDT 000006B8 services.exe [688.3652] ZwOpenKey [0xB296910F]

SSDT 000006B8 services.exe [688.3652] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 services.exe [688.3652] ZwOpenThread [0xB2968F01]

SSDT 000006B8 services.exe [688.3652] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 services.exe [688.3652] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 services.exe [688.3652] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 services.exe [688.3652] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C services.exe [688.3652] ZwReplaceKey

SSDT F20E0B57 services.exe [688.3652] ZwRestoreKey

SSDT 000006B8 services.exe [688.3652] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 services.exe [688.3652] ZwSetValueKey [0xB2969413]

SSDT 000006B8 services.exe [688.3652] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F services.exe [688.3652] ZwTerminateProcess

SSDT 000006B8 services.exe [688.3652] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 services.exe [688.3652] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread lsass.exe [732:612] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E lsass.exe [732.612] ZwCreateKey

SSDT F20E0B34 lsass.exe [732.612] ZwCreateThread

SSDT F20E0B43 lsass.exe [732.612] ZwDeleteKey

SSDT 000006B8 lsass.exe [732.612] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 lsass.exe [732.612] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 lsass.exe [732.612] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 lsass.exe [732.612] ZwLoadKey

SSDT 000006B8 lsass.exe [732.612] ZwOpenKey [0xB296910F]

SSDT 000006B8 lsass.exe [732.612] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 lsass.exe [732.612] ZwOpenThread [0xB2968F01]

SSDT 000006B8 lsass.exe [732.612] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 lsass.exe [732.612] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 lsass.exe [732.612] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 lsass.exe [732.612] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C lsass.exe [732.612] ZwReplaceKey

SSDT F20E0B57 lsass.exe [732.612] ZwRestoreKey

SSDT 000006B8 lsass.exe [732.612] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 lsass.exe [732.612] ZwSetValueKey [0xB2969413]

SSDT 000006B8 lsass.exe [732.612] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F lsass.exe [732.612] ZwTerminateProcess

SSDT 000006B8 lsass.exe [732.612] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 lsass.exe [732.612] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread lsass.exe [732:1096] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E lsass.exe [732.1096] ZwCreateKey

SSDT F20E0B34 lsass.exe [732.1096] ZwCreateThread

SSDT F20E0B43 lsass.exe [732.1096] ZwDeleteKey

SSDT 000006B8 lsass.exe [732.1096] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 lsass.exe [732.1096] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 lsass.exe [732.1096] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 lsass.exe [732.1096] ZwLoadKey

SSDT 000006B8 lsass.exe [732.1096] ZwOpenKey [0xB296910F]

SSDT 000006B8 lsass.exe [732.1096] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 lsass.exe [732.1096] ZwOpenThread [0xB2968F01]

SSDT 000006B8 lsass.exe [732.1096] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 lsass.exe [732.1096] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 lsass.exe [732.1096] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 lsass.exe [732.1096] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C lsass.exe [732.1096] ZwReplaceKey

SSDT F20E0B57 lsass.exe [732.1096] ZwRestoreKey

SSDT 000006B8 lsass.exe [732.1096] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 lsass.exe [732.1096] ZwSetValueKey [0xB2969413]

SSDT 000006B8 lsass.exe [732.1096] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F lsass.exe [732.1096] ZwTerminateProcess

SSDT 000006B8 lsass.exe [732.1096] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 lsass.exe [732.1096] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread lsass.exe [732:1108] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E lsass.exe [732.1108] ZwCreateKey

SSDT F20E0B34 lsass.exe [732.1108] ZwCreateThread

SSDT F20E0B43 lsass.exe [732.1108] ZwDeleteKey

SSDT 000006B8 lsass.exe [732.1108] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 lsass.exe [732.1108] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 lsass.exe [732.1108] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 lsass.exe [732.1108] ZwLoadKey

SSDT 000006B8 lsass.exe [732.1108] ZwOpenKey [0xB296910F]

SSDT 000006B8 lsass.exe [732.1108] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 lsass.exe [732.1108] ZwOpenThread [0xB2968F01]

SSDT 000006B8 lsass.exe [732.1108] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 lsass.exe [732.1108] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 lsass.exe [732.1108] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 lsass.exe [732.1108] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C lsass.exe [732.1108] ZwReplaceKey

SSDT F20E0B57 lsass.exe [732.1108] ZwRestoreKey

SSDT 000006B8 lsass.exe [732.1108] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 lsass.exe [732.1108] ZwSetValueKey [0xB2969413]

SSDT 000006B8 lsass.exe [732.1108] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F lsass.exe [732.1108] ZwTerminateProcess

SSDT 000006B8 lsass.exe [732.1108] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 lsass.exe [732.1108] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread lsass.exe [732:1112] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E lsass.exe [732.1112] ZwCreateKey

SSDT F20E0B34 lsass.exe [732.1112] ZwCreateThread

SSDT F20E0B43 lsass.exe [732.1112] ZwDeleteKey

SSDT 000006B8 lsass.exe [732.1112] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 lsass.exe [732.1112] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 lsass.exe [732.1112] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 lsass.exe [732.1112] ZwLoadKey

SSDT 000006B8 lsass.exe [732.1112] ZwOpenKey [0xB296910F]

SSDT 000006B8 lsass.exe [732.1112] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 lsass.exe [732.1112] ZwOpenThread [0xB2968F01]

SSDT 000006B8 lsass.exe [732.1112] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 lsass.exe [732.1112] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 lsass.exe [732.1112] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 lsass.exe [732.1112] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C lsass.exe [732.1112] ZwReplaceKey

SSDT F20E0B57 lsass.exe [732.1112] ZwRestoreKey

SSDT 000006B8 lsass.exe [732.1112] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 lsass.exe [732.1112] ZwSetValueKey [0xB2969413]

SSDT 000006B8 lsass.exe [732.1112] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F lsass.exe [732.1112] ZwTerminateProcess

SSDT 000006B8 lsass.exe [732.1112] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 lsass.exe [732.1112] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread lsass.exe [732:2448] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E lsass.exe [732.2448] ZwCreateKey

SSDT F20E0B34 lsass.exe [732.2448] ZwCreateThread

SSDT F20E0B43 lsass.exe [732.2448] ZwDeleteKey

SSDT 000006B8 lsass.exe [732.2448] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 lsass.exe [732.2448] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 lsass.exe [732.2448] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 lsass.exe [732.2448] ZwLoadKey

SSDT 000006B8 lsass.exe [732.2448] ZwOpenKey [0xB296910F]

SSDT 000006B8 lsass.exe [732.2448] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 lsass.exe [732.2448] ZwOpenThread [0xB2968F01]

SSDT 000006B8 lsass.exe [732.2448] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 lsass.exe [732.2448] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 lsass.exe [732.2448] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 lsass.exe [732.2448] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C lsass.exe [732.2448] ZwReplaceKey

SSDT F20E0B57 lsass.exe [732.2448] ZwRestoreKey

SSDT 000006B8 lsass.exe [732.2448] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 lsass.exe [732.2448] ZwSetValueKey [0xB2969413]

SSDT 000006B8 lsass.exe [732.2448] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F lsass.exe [732.2448] ZwTerminateProcess

SSDT 000006B8 lsass.exe [732.2448] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 lsass.exe [732.2448] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread lsass.exe [732:2612] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E lsass.exe [732.2612] ZwCreateKey

SSDT F20E0B34 lsass.exe [732.2612] ZwCreateThread

SSDT F20E0B43 lsass.exe [732.2612] ZwDeleteKey

SSDT 000006B8 lsass.exe [732.2612] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 lsass.exe [732.2612] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 lsass.exe [732.2612] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 lsass.exe [732.2612] ZwLoadKey

SSDT 000006B8 lsass.exe [732.2612] ZwOpenKey [0xB296910F]

SSDT 000006B8 lsass.exe [732.2612] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 lsass.exe [732.2612] ZwOpenThread [0xB2968F01]

SSDT 000006B8 lsass.exe [732.2612] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 lsass.exe [732.2612] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 lsass.exe [732.2612] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 lsass.exe [732.2612] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C lsass.exe [732.2612] ZwReplaceKey

SSDT F20E0B57 lsass.exe [732.2612] ZwRestoreKey

SSDT 000006B8 lsass.exe [732.2612] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 lsass.exe [732.2612] ZwSetValueKey [0xB2969413]

SSDT 000006B8 lsass.exe [732.2612] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F lsass.exe [732.2612] ZwTerminateProcess

SSDT 000006B8 lsass.exe [732.2612] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 lsass.exe [732.2612] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:624] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.624] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.624] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.624] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.624] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.624] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.624] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.624] ZwLoadKey

SSDT 000006B8 svchost.exe [884.624] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.624] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.624] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.624] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.624] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.624] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.624] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.624] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.624] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.624] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.624] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.624] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.624] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.624] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.624] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:1672] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.1672] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.1672] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.1672] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.1672] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.1672] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.1672] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.1672] ZwLoadKey

SSDT 000006B8 svchost.exe [884.1672] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.1672] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.1672] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.1672] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.1672] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.1672] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.1672] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.1672] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.1672] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.1672] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.1672] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.1672] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.1672] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.1672] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.1672] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:1716] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.1716] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.1716] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.1716] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.1716] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.1716] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.1716] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.1716] ZwLoadKey

SSDT 000006B8 svchost.exe [884.1716] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.1716] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.1716] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.1716] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.1716] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.1716] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.1716] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.1716] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.1716] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.1716] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.1716] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.1716] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.1716] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.1716] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.1716] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:1720] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.1720] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.1720] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.1720] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.1720] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.1720] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.1720] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.1720] ZwLoadKey

SSDT 000006B8 svchost.exe [884.1720] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.1720] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.1720] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.1720] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.1720] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.1720] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.1720] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.1720] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.1720] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.1720] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.1720] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.1720] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.1720] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.1720] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.1720] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:1740] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.1740] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.1740] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.1740] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.1740] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.1740] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.1740] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.1740] ZwLoadKey

SSDT 000006B8 svchost.exe [884.1740] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.1740] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.1740] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.1740] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.1740] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.1740] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.1740] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.1740] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.1740] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.1740] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.1740] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.1740] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.1740] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.1740] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.1740] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:1660] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.1660] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.1660] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.1660] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.1660] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.1660] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.1660] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.1660] ZwLoadKey

SSDT 000006B8 svchost.exe [884.1660] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.1660] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.1660] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.1660] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.1660] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.1660] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.1660] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.1660] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.1660] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.1660] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.1660] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.1660] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.1660] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.1660] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.1660] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:1748] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.1748] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.1748] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.1748] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.1748] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.1748] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.1748] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.1748] ZwLoadKey

SSDT 000006B8 svchost.exe [884.1748] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.1748] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.1748] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.1748] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.1748] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.1748] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.1748] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.1748] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.1748] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.1748] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.1748] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.1748] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.1748] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.1748] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.1748] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:1756] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.1756] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.1756] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.1756] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.1756] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.1756] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.1756] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.1756] ZwLoadKey

SSDT 000006B8 svchost.exe [884.1756] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.1756] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.1756] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.1756] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.1756] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.1756] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.1756] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.1756] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.1756] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.1756] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.1756] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.1756] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.1756] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.1756] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.1756] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:2204] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.2204] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.2204] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.2204] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.2204] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.2204] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.2204] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.2204] ZwLoadKey

SSDT 000006B8 svchost.exe [884.2204] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.2204] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.2204] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.2204] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.2204] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.2204] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.2204] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.2204] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.2204] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.2204] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.2204] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.2204] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.2204] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.2204] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.2204] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:2348] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.2348] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.2348] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.2348] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.2348] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.2348] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.2348] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.2348] ZwLoadKey

SSDT 000006B8 svchost.exe [884.2348] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.2348] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.2348] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.2348] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.2348] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.2348] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.2348] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.2348] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.2348] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.2348] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.2348] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.2348] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.2348] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.2348] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.2348] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:2376] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.2376] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.2376] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.2376] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.2376] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.2376] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.2376] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.2376] ZwLoadKey

SSDT 000006B8 svchost.exe [884.2376] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.2376] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.2376] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.2376] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.2376] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.2376] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.2376] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.2376] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.2376] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.2376] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.2376] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.2376] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.2376] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.2376] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.2376] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [884:3420] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [884.3420] ZwCreateKey

SSDT F20E0B34 svchost.exe [884.3420] ZwCreateThread

SSDT F20E0B43 svchost.exe [884.3420] ZwDeleteKey

SSDT 000006B8 svchost.exe [884.3420] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [884.3420] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [884.3420] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [884.3420] ZwLoadKey

SSDT 000006B8 svchost.exe [884.3420] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [884.3420] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [884.3420] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [884.3420] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [884.3420] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [884.3420] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [884.3420] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [884.3420] ZwReplaceKey

SSDT F20E0B57 svchost.exe [884.3420] ZwRestoreKey

SSDT 000006B8 svchost.exe [884.3420] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [884.3420] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [884.3420] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [884.3420] ZwTerminateProcess

SSDT 000006B8 svchost.exe [884.3420] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [884.3420] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [948:1236] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [948.1236] ZwCreateKey

SSDT F20E0B34 svchost.exe [948.1236] ZwCreateThread

SSDT F20E0B43 svchost.exe [948.1236] ZwDeleteKey

SSDT 000006B8 svchost.exe [948.1236] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [948.1236] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [948.1236] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [948.1236] ZwLoadKey

SSDT 000006B8 svchost.exe [948.1236] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [948.1236] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [948.1236] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [948.1236] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [948.1236] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [948.1236] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [948.1236] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [948.1236] ZwReplaceKey

SSDT F20E0B57 svchost.exe [948.1236] ZwRestoreKey

SSDT 000006B8 svchost.exe [948.1236] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [948.1236] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [948.1236] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [948.1236] ZwTerminateProcess

SSDT 000006B8 svchost.exe [948.1236] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [948.1236] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [948:2616] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [948.2616] ZwCreateKey

SSDT F20E0B34 svchost.exe [948.2616] ZwCreateThread

SSDT F20E0B43 svchost.exe [948.2616] ZwDeleteKey

SSDT 000006B8 svchost.exe [948.2616] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [948.2616] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [948.2616] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [948.2616] ZwLoadKey

SSDT 000006B8 svchost.exe [948.2616] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [948.2616] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [948.2616] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [948.2616] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [948.2616] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [948.2616] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [948.2616] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [948.2616] ZwReplaceKey

SSDT F20E0B57 svchost.exe [948.2616] ZwRestoreKey

SSDT 000006B8 svchost.exe [948.2616] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [948.2616] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [948.2616] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [948.2616] ZwTerminateProcess

SSDT 000006B8 svchost.exe [948.2616] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [948.2616] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1652] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1652] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1652] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1652] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1652] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1652] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1652] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1652] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1652] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1652] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1652] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1652] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1652] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1652] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1652] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1652] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1652] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1652] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1652] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1652] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1652] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1652] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1652] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1904] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1904] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1904] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1904] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1904] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1904] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1904] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1904] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1904] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1904] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1904] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1904] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1904] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1904] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1904] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1904] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1904] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1904] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1904] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1904] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1904] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1904] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1904] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:616] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.616] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.616] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.616] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.616] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.616] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.616] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.616] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.616] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.616] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.616] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.616] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.616] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.616] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.616] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.616] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.616] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.616] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.616] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.616] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.616] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.616] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.616] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:916] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.916] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.916] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.916] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.916] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.916] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.916] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.916] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.916] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.916] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.916] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.916] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.916] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.916] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.916] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.916] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.916] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.916] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.916] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.916] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.916] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.916] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.916] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:892] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.892] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.892] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.892] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.892] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.892] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.892] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.892] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.892] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.892] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.892] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.892] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.892] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.892] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.892] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.892] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.892] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.892] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.892] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.892] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.892] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.892] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.892] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1068] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1068] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1068] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1068] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1068] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1068] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1068] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1068] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1068] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1068] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1068] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1068] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1068] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1068] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1068] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1068] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1068] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1068] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1068] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1068] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1068] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1068] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1068] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1136] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1136] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1136] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1136] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1136] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1136] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1136] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1136] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1136] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1136] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1136] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1136] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1136] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1136] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1136] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1136] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1136] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1136] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1136] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1136] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1136] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1136] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1136] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1144] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1144] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1144] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1144] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1144] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1144] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1144] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1144] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1144] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1144] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1144] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1144] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1144] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1144] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1144] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1144] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1144] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1144] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1144] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1144] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1144] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1144] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1144] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1156] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1156] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1156] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1156] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1156] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1156] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1156] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1156] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1156] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1156] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1156] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1156] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1156] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1156] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1156] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1156] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1156] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1156] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1156] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1156] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1156] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1156] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1156] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1316] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1316] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1316] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1316] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1316] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1316] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1316] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1316] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1316] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1316] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1316] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1316] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1316] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1316] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1316] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1316] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1316] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1316] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1316] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1316] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1316] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1316] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1316] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1440] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1440] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1440] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1440] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1440] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1440] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1440] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1440] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1440] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1440] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1440] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1440] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1440] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1440] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1440] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1440] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1440] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1440] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1440] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1440] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1440] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1440] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1440] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1520] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1520] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1520] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1520] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1520] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1520] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1520] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1520] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1520] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1520] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1520] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1520] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1520] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1520] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1520] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1520] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1520] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1520] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1520] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1520] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1520] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1520] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1520] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:760] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.760] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.760] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.760] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.760] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.760] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.760] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.760] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.760] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.760] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.760] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.760] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.760] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.760] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.760] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.760] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.760] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.760] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.760] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.760] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.760] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.760] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.760] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1724] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1724] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1724] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1724] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1724] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1724] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1724] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1724] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1724] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1724] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1724] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1724] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1724] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1724] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1724] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1724] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1724] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1724] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1724] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1724] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1724] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1724] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1724] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1708] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1708] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1708] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1708] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1708] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1708] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1708] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1708] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1708] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1708] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1708] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1708] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1708] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1708] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1708] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1708] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1708] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1708] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1708] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1708] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1708] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1708] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1708] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1080] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1080] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1080] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1080] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1080] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1080] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1080] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1080] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1080] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1080] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1080] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1080] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1080] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1080] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1080] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1080] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1080] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1080] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1080] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1080] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1080] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1080] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1080] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1816] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1816] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1816] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1816] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1816] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1816] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1816] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1816] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1816] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1816] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1816] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1816] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1816] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1816] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1816] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1816] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1816] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1816] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1816] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1816] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1816] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1816] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1816] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:380] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.380] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.380] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.380] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.380] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.380] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.380] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.380] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.380] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.380] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.380] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.380] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.380] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.380] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.380] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.380] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.380] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.380] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.380] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.380] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.380] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.380] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.380] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:448] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.448] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.448] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.448] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.448] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.448] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.448] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.448] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.448] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.448] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.448] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.448] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.448] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.448] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.448] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.448] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.448] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.448] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.448] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.448] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.448] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.448] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.448] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:452] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.452] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.452] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.452] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.452] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.452] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.452] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.452] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.452] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.452] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.452] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.452] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.452] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.452] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.452] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.452] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.452] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.452] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.452] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.452] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.452] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.452] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.452] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:432] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.432] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.432] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.432] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.432] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.432] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.432] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.432] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.432] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.432] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.432] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.432] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.432] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.432] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.432] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.432] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.432] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.432] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.432] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.432] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.432] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.432] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.432] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:460] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.460] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.460] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.460] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.460] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.460] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.460] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.460] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.460] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.460] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.460] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.460] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.460] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.460] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.460] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.460] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.460] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.460] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.460] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.460] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.460] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.460] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.460] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:420] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.420] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.420] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.420] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.420] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.420] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.420] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.420] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.420] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.420] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.420] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.420] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.420] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.420] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.420] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.420] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.420] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.420] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.420] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.420] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.420] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.420] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.420] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1612] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1612] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1612] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1612] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1612] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1612] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1612] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1612] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1612] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1612] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1612] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1612] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1612] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1612] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1612] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1612] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1612] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1612] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1612] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1612] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1612] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1612] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1612] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:412] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.412] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.412] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.412] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.412] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.412] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.412] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.412] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.412] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.412] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.412] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.412] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.412] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.412] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.412] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.412] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.412] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.412] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.412] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.412] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.412] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.412] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.412] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:704] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.704] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.704] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.704] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.704] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.704] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.704] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.704] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.704] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.704] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.704] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.704] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.704] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.704] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.704] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.704] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.704] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.704] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.704] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.704] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.704] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.704] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.704] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:840] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.840] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.840] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.840] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.840] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.840] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.840] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.840] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.840] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.840] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.840] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.840] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.840] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.840] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.840] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.840] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.840] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.840] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.840] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.840] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.840] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.840] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.840] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:836] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.836] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.836] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.836] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.836] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.836] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.836] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.836] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.836] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.836] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.836] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.836] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.836] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.836] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.836] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.836] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.836] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.836] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.836] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.836] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.836] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.836] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.836] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:936] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.936] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.936] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.936] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.936] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.936] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.936] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.936] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.936] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.936] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.936] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.936] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.936] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.936] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.936] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.936] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.936] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.936] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.936] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.936] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.936] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.936] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.936] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:984] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.984] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.984] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.984] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.984] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.984] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.984] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.984] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.984] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.984] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.984] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.984] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.984] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.984] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.984] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.984] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.984] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.984] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.984] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.984] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.984] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.984] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.984] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1364] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1364] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1364] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1364] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1364] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1364] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1364] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1364] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1364] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1364] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1364] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1364] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1364] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1364] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1364] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1364] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1364] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1364] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1364] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1364] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1364] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1364] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1364] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:664] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.664] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.664] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.664] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.664] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.664] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.664] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.664] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.664] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.664] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.664] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.664] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.664] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.664] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.664] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.664] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.664] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.664] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.664] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.664] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.664] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.664] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.664] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1676] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1676] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1676] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1676] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1676] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1676] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1676] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1676] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1676] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1676] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1676] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1676] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1676] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1676] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1676] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1676] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1676] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1676] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1676] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1676] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1676] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1676] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1676] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1444] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1444] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1444] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1444] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1444] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1444] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1444] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1444] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1444] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1444] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1444] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1444] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1444] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1444] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1444] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1444] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1444] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1444] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1444] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1444] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1444] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1444] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1444] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1940] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1940] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1940] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1940] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1940] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1940] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1940] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1940] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1940] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1940] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1940] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1940] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1940] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1940] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1940] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1940] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1940] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1940] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1940] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1940] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1940] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1940] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1940] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:1972] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.1972] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.1972] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.1972] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.1972] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.1972] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.1972] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.1972] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.1972] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.1972] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.1972] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.1972] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.1972] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.1972] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.1972] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.1972] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.1972] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.1972] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.1972] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.1972] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.1972] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.1972] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.1972] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:2168] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.2168] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.2168] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.2168] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.2168] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.2168] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.2168] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.2168] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.2168] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.2168] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.2168] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.2168] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.2168] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.2168] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.2168] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.2168] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.2168] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.2168] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.2168] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.2168] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.2168] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.2168] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.2168] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:2172] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.2172] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.2172] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.2172] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.2172] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.2172] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.2172] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.2172] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.2172] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.2172] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.2172] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.2172] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.2172] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.2172] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.2172] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.2172] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.2172] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.2172] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.2172] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.2172] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.2172] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.2172] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.2172] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:2176] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.2176] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.2176] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.2176] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.2176] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.2176] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.2176] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.2176] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.2176] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.2176] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.2176] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.2176] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.2176] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.2176] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.2176] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.2176] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.2176] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.2176] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.2176] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.2176] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.2176] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.2176] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.2176] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:2180] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.2180] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.2180] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.2180] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.2180] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.2180] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.2180] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.2180] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.2180] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.2180] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.2180] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.2180] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.2180] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.2180] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.2180] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.2180] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.2180] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.2180] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.2180] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.2180] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.2180] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.2180] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.2180] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:2288] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.2288] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.2288] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.2288] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.2288] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.2288] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.2288] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.2288] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.2288] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.2288] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.2288] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.2288] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.2288] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.2288] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.2288] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.2288] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.2288] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.2288] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.2288] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.2288] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.2288] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.2288] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.2288] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:2892] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.2892] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.2892] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.2892] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.2892] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.2892] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.2892] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.2892] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.2892] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.2892] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.2892] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.2892] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.2892] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.2892] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.2892] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.2892] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.2892] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.2892] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.2892] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.2892] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.2892] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.2892] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.2892] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1044:2940] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1044.2940] ZwCreateKey

SSDT F20E0B34 svchost.exe [1044.2940] ZwCreateThread

SSDT F20E0B43 svchost.exe [1044.2940] ZwDeleteKey

SSDT 000006B8 svchost.exe [1044.2940] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1044.2940] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1044.2940] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1044.2940] ZwLoadKey

SSDT 000006B8 svchost.exe [1044.2940] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1044.2940] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1044.2940] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1044.2940] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1044.2940] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1044.2940] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1044.2940] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1044.2940] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1044.2940] ZwRestoreKey

SSDT 000006B8 svchost.exe [1044.2940] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1044.2940] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1044.2940] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1044.2940] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1044.2940] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1044.2940] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1128:2896] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1128.2896] ZwCreateKey

SSDT F20E0B34 svchost.exe [1128.2896] ZwCreateThread

SSDT F20E0B43 svchost.exe [1128.2896] ZwDeleteKey

SSDT 000006B8 svchost.exe [1128.2896] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1128.2896] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1128.2896] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1128.2896] ZwLoadKey

SSDT 000006B8 svchost.exe [1128.2896] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1128.2896] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1128.2896] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1128.2896] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1128.2896] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1128.2896] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1128.2896] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1128.2896] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1128.2896] ZwRestoreKey

SSDT 000006B8 svchost.exe [1128.2896] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1128.2896] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1128.2896] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1128.2896] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1128.2896] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1128.2896] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1128:2900] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1128.2900] ZwCreateKey

SSDT F20E0B34 svchost.exe [1128.2900] ZwCreateThread

SSDT F20E0B43 svchost.exe [1128.2900] ZwDeleteKey

SSDT 000006B8 svchost.exe [1128.2900] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1128.2900] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1128.2900] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1128.2900] ZwLoadKey

SSDT 000006B8 svchost.exe [1128.2900] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1128.2900] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1128.2900] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1128.2900] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1128.2900] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1128.2900] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1128.2900] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1128.2900] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1128.2900] ZwRestoreKey

SSDT 000006B8 svchost.exe [1128.2900] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1128.2900] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1128.2900] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1128.2900] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1128.2900] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1128.2900] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1240:1844] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1240.1844] ZwCreateKey

SSDT F20E0B34 svchost.exe [1240.1844] ZwCreateThread

SSDT F20E0B43 svchost.exe [1240.1844] ZwDeleteKey

SSDT 000006B8 svchost.exe [1240.1844] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1240.1844] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1240.1844] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1240.1844] ZwLoadKey

SSDT 000006B8 svchost.exe [1240.1844] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1240.1844] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1240.1844] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1240.1844] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1240.1844] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1240.1844] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1240.1844] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1240.1844] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1240.1844] ZwRestoreKey

SSDT 000006B8 svchost.exe [1240.1844] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1240.1844] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1240.1844] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1240.1844] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1240.1844] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1240.1844] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1240:1884] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1240.1884] ZwCreateKey

SSDT F20E0B34 svchost.exe [1240.1884] ZwCreateThread

SSDT F20E0B43 svchost.exe [1240.1884] ZwDeleteKey

SSDT 000006B8 svchost.exe [1240.1884] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1240.1884] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1240.1884] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1240.1884] ZwLoadKey

SSDT 000006B8 svchost.exe [1240.1884] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1240.1884] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1240.1884] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1240.1884] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1240.1884] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1240.1884] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1240.1884] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1240.1884] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1240.1884] ZwRestoreKey

SSDT 000006B8 svchost.exe [1240.1884] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1240.1884] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1240.1884] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1240.1884] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1240.1884] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1240.1884] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1240:1876] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1240.1876] ZwCreateKey

SSDT F20E0B34 svchost.exe [1240.1876] ZwCreateThread

SSDT F20E0B43 svchost.exe [1240.1876] ZwDeleteKey

SSDT 000006B8 svchost.exe [1240.1876] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1240.1876] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1240.1876] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1240.1876] ZwLoadKey

SSDT 000006B8 svchost.exe [1240.1876] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1240.1876] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1240.1876] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1240.1876] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1240.1876] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1240.1876] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1240.1876] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1240.1876] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1240.1876] ZwRestoreKey

SSDT 000006B8 svchost.exe [1240.1876] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1240.1876] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1240.1876] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1240.1876] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1240.1876] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1240.1876] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1240:1912] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1240.1912] ZwCreateKey

SSDT F20E0B34 svchost.exe [1240.1912] ZwCreateThread

SSDT F20E0B43 svchost.exe [1240.1912] ZwDeleteKey

SSDT 000006B8 svchost.exe [1240.1912] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1240.1912] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1240.1912] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1240.1912] ZwLoadKey

SSDT 000006B8 svchost.exe [1240.1912] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1240.1912] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1240.1912] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1240.1912] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1240.1912] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1240.1912] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1240.1912] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1240.1912] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1240.1912] ZwRestoreKey

SSDT 000006B8 svchost.exe [1240.1912] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1240.1912] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1240.1912] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1240.1912] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1240.1912] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1240.1912] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1240:300] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1240.300] ZwCreateKey

SSDT F20E0B34 svchost.exe [1240.300] ZwCreateThread

SSDT F20E0B43 svchost.exe [1240.300] ZwDeleteKey

SSDT 000006B8 svchost.exe [1240.300] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1240.300] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1240.300] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1240.300] ZwLoadKey

SSDT 000006B8 svchost.exe [1240.300] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1240.300] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1240.300] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1240.300] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1240.300] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1240.300] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1240.300] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1240.300] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1240.300] ZwRestoreKey

SSDT 000006B8 svchost.exe [1240.300] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1240.300] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1240.300] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1240.300] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1240.300] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1240.300] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1240:1548] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1240.1548] ZwCreateKey

SSDT F20E0B34 svchost.exe [1240.1548] ZwCreateThread

SSDT F20E0B43 svchost.exe [1240.1548] ZwDeleteKey

SSDT 000006B8 svchost.exe [1240.1548] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1240.1548] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1240.1548] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1240.1548] ZwLoadKey

SSDT 000006B8 svchost.exe [1240.1548] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1240.1548] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1240.1548] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1240.1548] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1240.1548] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1240.1548] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1240.1548] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1240.1548] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1240.1548] ZwRestoreKey

SSDT 000006B8 svchost.exe [1240.1548] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1240.1548] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1240.1548] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1240.1548] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1240.1548] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1240.1548] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread svchost.exe [1240:2368] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E svchost.exe [1240.2368] ZwCreateKey

SSDT F20E0B34 svchost.exe [1240.2368] ZwCreateThread

SSDT F20E0B43 svchost.exe [1240.2368] ZwDeleteKey

SSDT 000006B8 svchost.exe [1240.2368] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 svchost.exe [1240.2368] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 svchost.exe [1240.2368] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 svchost.exe [1240.2368] ZwLoadKey

SSDT 000006B8 svchost.exe [1240.2368] ZwOpenKey [0xB296910F]

SSDT 000006B8 svchost.exe [1240.2368] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 svchost.exe [1240.2368] ZwOpenThread [0xB2968F01]

SSDT 000006B8 svchost.exe [1240.2368] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 svchost.exe [1240.2368] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 svchost.exe [1240.2368] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 svchost.exe [1240.2368] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C svchost.exe [1240.2368] ZwReplaceKey

SSDT F20E0B57 svchost.exe [1240.2368] ZwRestoreKey

SSDT 000006B8 svchost.exe [1240.2368] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 svchost.exe [1240.2368] ZwSetValueKey [0xB2969413]

SSDT 000006B8 svchost.exe [1240.2368] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F svchost.exe [1240.2368] ZwTerminateProcess

SSDT 000006B8 svchost.exe [1240.2368] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 svchost.exe [1240.2368] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread spoolsv.exe [1484:2236] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E spoolsv.exe [1484.2236] ZwCreateKey

SSDT F20E0B34 spoolsv.exe [1484.2236] ZwCreateThread

SSDT F20E0B43 spoolsv.exe [1484.2236] ZwDeleteKey

SSDT 000006B8 spoolsv.exe [1484.2236] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 spoolsv.exe [1484.2236] ZwLoadKey

SSDT 000006B8 spoolsv.exe [1484.2236] ZwOpenKey [0xB296910F]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwOpenThread [0xB2968F01]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C spoolsv.exe [1484.2236] ZwReplaceKey

SSDT F20E0B57 spoolsv.exe [1484.2236] ZwRestoreKey

SSDT 000006B8 spoolsv.exe [1484.2236] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwSetValueKey [0xB2969413]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F spoolsv.exe [1484.2236] ZwTerminateProcess

SSDT 000006B8 spoolsv.exe [1484.2236] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 spoolsv.exe [1484.2236] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread spoolsv.exe [1484:2248] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E spoolsv.exe [1484.2248] ZwCreateKey

SSDT F20E0B34 spoolsv.exe [1484.2248] ZwCreateThread

SSDT F20E0B43 spoolsv.exe [1484.2248] ZwDeleteKey

SSDT 000006B8 spoolsv.exe [1484.2248] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 spoolsv.exe [1484.2248] ZwLoadKey

SSDT 000006B8 spoolsv.exe [1484.2248] ZwOpenKey [0xB296910F]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwOpenThread [0xB2968F01]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C spoolsv.exe [1484.2248] ZwReplaceKey

SSDT F20E0B57 spoolsv.exe [1484.2248] ZwRestoreKey

SSDT 000006B8 spoolsv.exe [1484.2248] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwSetValueKey [0xB2969413]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F spoolsv.exe [1484.2248] ZwTerminateProcess

SSDT 000006B8 spoolsv.exe [1484.2248] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 spoolsv.exe [1484.2248] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread spoolsv.exe [1484:2252] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E spoolsv.exe [1484.2252] ZwCreateKey

SSDT F20E0B34 spoolsv.exe [1484.2252] ZwCreateThread

SSDT F20E0B43 spoolsv.exe [1484.2252] ZwDeleteKey

SSDT 000006B8 spoolsv.exe [1484.2252] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 spoolsv.exe [1484.2252] ZwLoadKey

SSDT 000006B8 spoolsv.exe [1484.2252] ZwOpenKey [0xB296910F]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwOpenThread [0xB2968F01]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C spoolsv.exe [1484.2252] ZwReplaceKey

SSDT F20E0B57 spoolsv.exe [1484.2252] ZwRestoreKey

SSDT 000006B8 spoolsv.exe [1484.2252] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwSetValueKey [0xB2969413]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F spoolsv.exe [1484.2252] ZwTerminateProcess

SSDT 000006B8 spoolsv.exe [1484.2252] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 spoolsv.exe [1484.2252] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread spoolsv.exe [1484:2256] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E spoolsv.exe [1484.2256] ZwCreateKey

SSDT F20E0B34 spoolsv.exe [1484.2256] ZwCreateThread

SSDT F20E0B43 spoolsv.exe [1484.2256] ZwDeleteKey

SSDT 000006B8 spoolsv.exe [1484.2256] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 spoolsv.exe [1484.2256] ZwLoadKey

SSDT 000006B8 spoolsv.exe [1484.2256] ZwOpenKey [0xB296910F]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwOpenThread [0xB2968F01]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C spoolsv.exe [1484.2256] ZwReplaceKey

SSDT F20E0B57 spoolsv.exe [1484.2256] ZwRestoreKey

SSDT 000006B8 spoolsv.exe [1484.2256] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwSetValueKey [0xB2969413]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F spoolsv.exe [1484.2256] ZwTerminateProcess

SSDT 000006B8 spoolsv.exe [1484.2256] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 spoolsv.exe [1484.2256] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread spoolsv.exe [1484:2268] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E spoolsv.exe [1484.2268] ZwCreateKey

SSDT F20E0B34 spoolsv.exe [1484.2268] ZwCreateThread

SSDT F20E0B43 spoolsv.exe [1484.2268] ZwDeleteKey

SSDT 000006B8 spoolsv.exe [1484.2268] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 spoolsv.exe [1484.2268] ZwLoadKey

SSDT 000006B8 spoolsv.exe [1484.2268] ZwOpenKey [0xB296910F]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwOpenThread [0xB2968F01]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C spoolsv.exe [1484.2268] ZwReplaceKey

SSDT F20E0B57 spoolsv.exe [1484.2268] ZwRestoreKey

SSDT 000006B8 spoolsv.exe [1484.2268] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwSetValueKey [0xB2969413]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F spoolsv.exe [1484.2268] ZwTerminateProcess

SSDT 000006B8 spoolsv.exe [1484.2268] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 spoolsv.exe [1484.2268] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread sched.exe [1528:2588] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E sched.exe [1528.2588] ZwCreateKey

SSDT F20E0B34 sched.exe [1528.2588] ZwCreateThread

SSDT F20E0B43 sched.exe [1528.2588] ZwDeleteKey

SSDT 000006B8 sched.exe [1528.2588] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 sched.exe [1528.2588] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 sched.exe [1528.2588] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 sched.exe [1528.2588] ZwLoadKey

SSDT 000006B8 sched.exe [1528.2588] ZwOpenKey [0xB296910F]

SSDT 000006B8 sched.exe [1528.2588] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 sched.exe [1528.2588] ZwOpenThread [0xB2968F01]

SSDT 000006B8 sched.exe [1528.2588] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 sched.exe [1528.2588] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 sched.exe [1528.2588] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 sched.exe [1528.2588] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C sched.exe [1528.2588] ZwReplaceKey

SSDT F20E0B57 sched.exe [1528.2588] ZwRestoreKey

SSDT 000006B8 sched.exe [1528.2588] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 sched.exe [1528.2588] ZwSetValueKey [0xB2969413]

SSDT 000006B8 sched.exe [1528.2588] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F sched.exe [1528.2588] ZwTerminateProcess

SSDT 000006B8 sched.exe [1528.2588] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 sched.exe [1528.2588] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread explorer.exe [1796:1832] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E explorer.exe [1796.1832] ZwCreateKey

SSDT F20E0B34 explorer.exe [1796.1832] ZwCreateThread

SSDT F20E0B43 explorer.exe [1796.1832] ZwDeleteKey

SSDT 000006B8 explorer.exe [1796.1832] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 explorer.exe [1796.1832] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 explorer.exe [1796.1832] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 explorer.exe [1796.1832] ZwLoadKey

SSDT 000006B8 explorer.exe [1796.1832] ZwOpenKey [0xB296910F]

SSDT 000006B8 explorer.exe [1796.1832] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 explorer.exe [1796.1832] ZwOpenThread [0xB2968F01]

SSDT 000006B8 explorer.exe [1796.1832] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 explorer.exe [1796.1832] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 explorer.exe [1796.1832] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 explorer.exe [1796.1832] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C explorer.exe [1796.1832] ZwReplaceKey

SSDT F20E0B57 explorer.exe [1796.1832] ZwRestoreKey

SSDT 000006B8 explorer.exe [1796.1832] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 explorer.exe [1796.1832] ZwSetValueKey [0xB2969413]

SSDT 000006B8 explorer.exe [1796.1832] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F explorer.exe [1796.1832] ZwTerminateProcess

SSDT 000006B8 explorer.exe [1796.1832] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 explorer.exe [1796.1832] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread explorer.exe [1796:3272] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E explorer.exe [1796.3272] ZwCreateKey

SSDT F20E0B34 explorer.exe [1796.3272] ZwCreateThread

SSDT F20E0B43 explorer.exe [1796.3272] ZwDeleteKey

SSDT 000006B8 explorer.exe [1796.3272] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 explorer.exe [1796.3272] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 explorer.exe [1796.3272] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 explorer.exe [1796.3272] ZwLoadKey

SSDT 000006B8 explorer.exe [1796.3272] ZwOpenKey [0xB296910F]

SSDT 000006B8 explorer.exe [1796.3272] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 explorer.exe [1796.3272] ZwOpenThread [0xB2968F01]

SSDT 000006B8 explorer.exe [1796.3272] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 explorer.exe [1796.3272] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 explorer.exe [1796.3272] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 explorer.exe [1796.3272] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C explorer.exe [1796.3272] ZwReplaceKey

SSDT F20E0B57 explorer.exe [1796.3272] ZwRestoreKey

SSDT 000006B8 explorer.exe [1796.3272] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 explorer.exe [1796.3272] ZwSetValueKey [0xB2969413]

SSDT 000006B8 explorer.exe [1796.3272] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F explorer.exe [1796.3272] ZwTerminateProcess

SSDT 000006B8 explorer.exe [1796.3272] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 explorer.exe [1796.3272] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread explorer.exe [1796:3352] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E explorer.exe [1796.3352] ZwCreateKey

SSDT F20E0B34 explorer.exe [1796.3352] ZwCreateThread

SSDT F20E0B43 explorer.exe [1796.3352] ZwDeleteKey

SSDT 000006B8 explorer.exe [1796.3352] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 explorer.exe [1796.3352] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 explorer.exe [1796.3352] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 explorer.exe [1796.3352] ZwLoadKey

SSDT 000006B8 explorer.exe [1796.3352] ZwOpenKey [0xB296910F]

SSDT 000006B8 explorer.exe [1796.3352] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 explorer.exe [1796.3352] ZwOpenThread [0xB2968F01]

SSDT 000006B8 explorer.exe [1796.3352] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 explorer.exe [1796.3352] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 explorer.exe [1796.3352] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 explorer.exe [1796.3352] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C explorer.exe [1796.3352] ZwReplaceKey

SSDT F20E0B57 explorer.exe [1796.3352] ZwRestoreKey

SSDT 000006B8 explorer.exe [1796.3352] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 explorer.exe [1796.3352] ZwSetValueKey [0xB2969413]

SSDT 000006B8 explorer.exe [1796.3352] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F explorer.exe [1796.3352] ZwTerminateProcess

SSDT 000006B8 explorer.exe [1796.3352] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 explorer.exe [1796.3352] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread explorer.exe [1796:3540] SSDT 0xFEA2EB90 != 0x804E26A8

 

SSDT F20E0B3E explorer.exe [1796.3540] ZwCreateKey

SSDT F20E0B34 explorer.exe [1796.3540] ZwCreateThread

SSDT F20E0B43 explorer.exe [1796.3540] ZwDeleteKey

SSDT 000006B8 explorer.exe [1796.3540] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 explorer.exe [1796.3540] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 explorer.exe [1796.3540] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 explorer.exe [1796.3540] ZwLoadKey

SSDT 000006B8 explorer.exe [1796.3540] ZwOpenKey [0xB296910F]

SSDT 000006B8 explorer.exe [1796.3540] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 explorer.exe [1796.3540] ZwOpenThread [0xB2968F01]

SSDT 000006B8 explorer.exe [1796.3540] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 explorer.exe [1796.3540] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 explorer.exe [1796.3540] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 explorer.exe [1796.3540] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C explorer.exe [1796.3540] ZwReplaceKey

SSDT F20E0B57 explorer.exe [1796.3540] ZwRestoreKey

SSDT 000006B8 explorer.exe [1796.3540] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 explorer.exe [1796.3540] ZwSetValueKey [0xB2969413]

SSDT 000006B8 explorer.exe [1796.3540] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F explorer.exe [1796.3540] ZwTerminateProcess

SSDT 000006B8 explorer.exe [1796.3540] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 explorer.exe [1796.3540] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread notepad.exe [3656:3660] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E notepad.exe [3656.3660] ZwCreateKey

SSDT F20E0B34 notepad.exe [3656.3660] ZwCreateThread

SSDT F20E0B43 notepad.exe [3656.3660] ZwDeleteKey

SSDT 000006B8 notepad.exe [3656.3660] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 notepad.exe [3656.3660] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 notepad.exe [3656.3660] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 notepad.exe [3656.3660] ZwLoadKey

SSDT 000006B8 notepad.exe [3656.3660] ZwOpenKey [0xB296910F]

SSDT 000006B8 notepad.exe [3656.3660] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 notepad.exe [3656.3660] ZwOpenThread [0xB2968F01]

SSDT 000006B8 notepad.exe [3656.3660] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 notepad.exe [3656.3660] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 notepad.exe [3656.3660] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 notepad.exe [3656.3660] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C notepad.exe [3656.3660] ZwReplaceKey

SSDT F20E0B57 notepad.exe [3656.3660] ZwRestoreKey

SSDT 000006B8 notepad.exe [3656.3660] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 notepad.exe [3656.3660] ZwSetValueKey [0xB2969413]

SSDT 000006B8 notepad.exe [3656.3660] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F notepad.exe [3656.3660] ZwTerminateProcess

SSDT 000006B8 notepad.exe [3656.3660] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 notepad.exe [3656.3660] ZwWriteVirtualMemory [0xB2969675]

 

---- Threads - GMER 1.0.15 ----

 

Thread zsq8ym6e.exe [3680:3684] SSDT 0xFEA2FB90 != 0x804E26A8

 

SSDT F20E0B3E zsq8ym6e.exe [3680.3684] ZwCreateKey

SSDT F20E0B34 zsq8ym6e.exe [3680.3684] ZwCreateThread

SSDT F20E0B43 zsq8ym6e.exe [3680.3684] ZwDeleteKey

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwDeleteValueKey [0xB2969517]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwEnumerateKey [0xB29691C7]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwEnumerateValueKey [0xB29692D3]

SSDT F20E0B52 zsq8ym6e.exe [3680.3684] ZwLoadKey

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwOpenKey [0xB296910F]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwOpenProcess [0xB2968E79]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwOpenThread [0xB2968F01]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwProtectVirtualMemory [0xB29696DB]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwQueryDirectoryFile [0xB2968CA0]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwQuerySystemInformation [0xB2968D73]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwReadVirtualMemory [0xB296960F]

SSDT F20E0B5C zsq8ym6e.exe [3680.3684] ZwReplaceKey

SSDT F20E0B57 zsq8ym6e.exe [3680.3684] ZwRestoreKey

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwSetContextThread [0xB29690AC]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwSetValueKey [0xB2969413]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwSuspendThread [0xB2969049]

SSDT F20E0B2F zsq8ym6e.exe [3680.3684] ZwTerminateProcess

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwTerminateThread [0xB2968FE6]

SSDT 000006B8 zsq8ym6e.exe [3680.3684] ZwWriteVirtualMemory [0xB2969675]

 

---- Services - GMER 1.0.15 ----

 

Service C:\WINDOWS\system32\drivers\ezlwy.sys (*** hidden *** ) [AUTO] owsqckcsbnkr <-- ROOTKIT !!!

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@ImagePath \??\C:\WINDOWS\system32\drivers\ezlwy.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@DisplayName owsqckcsbnkr

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@RulesData 0x03 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@krnl_sleepfreq 0x58 0x02 0x00 0x00

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr@krnl_servers_list 0x68 0x74 0x74 0x70 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\owsqckcsbnkr\Security@Security 0x01 0x00 0x14 0x80 ...

 

---- Files - GMER 1.0.15 ----

 

File C:\WINDOWS\system32\drivers\str.sys 237600 bytes

File C:\WINDOWS\system32\drivers\ezlwy.sys 77440 bytes executable <-- ROOTKIT !!!

 

---- EOF - GMER 1.0.15 ----

 

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...